To access an online account you need to sign in. Traditionally, this requires you to enter a username and password. Typically, these are different for each service you have access to. In a business context, it makes sense to centralise the management of both user accounts and the services they are authorised to access. This has given rise to a form of federated identity management, where users sign in to one single central identity provider. This identity provider usually also manages the user authorisation and seamlessly logs the user in to the desired service. The advantages are obvious: the user only needs to remember a single username and password, and the business manages service authorisations in a single place.
Unfortunately, this federated model of identity management is used more in more in a consumer setting as well. Examples are services like Facebook Connect which: “makes it easier for you to take your online identity with you all over the Web, share what you do online with your friends and stay updated on what they’re doing. You won’t have to create separate accounts for every website, just use your Facebook login wherever Connect is available”. This is an incredibly bad idea.
Read the rest of this entry »