A Single Identity?

By Jesse Wilkins posted 05-10-2010 11:59


In a comment to a prior post ( ), James Lappin noted that Facebook and Twitter are pushing to become the identity platforms for the internet and compared this to Microsoft's Active Directory inside the firewall. He asked, "Could you envisage a situation where people log onto a business application using their Facebook ID?" I think so, but first, a brief digression.

Facebook and Twitter both became the "go-to" tool in their respective niches for any number of reasons, but it is clear that today they are as close as we have to Web-wide platforms. It's also true that most normal users are not big fans of having to either use the same username and password across many applications, or of having to remember a username and password for each application. This is one of the problems that Active Directory addresses.

At the same time, one of the real issues associated with identity management in the Web 2.0 world today is the limited naming spaces available. In other words, there are more Jesse Wilkins in the world than just me - yet I'm the only one that gets to use that username on Twitter because I got there first. And I *don't* get to use that username on some other services because I didn't. Can you imagine what the phone book would look like if it only accepted one instance of John Smith? Even initials only go so far.

The way Facebook addresses this is to use an email address to associate with a name. That way there can be multiple John Smiths as long as they use different email addresses. This could be problematic at some point if your email provider goes out of business or you change your email address, but this is otherwise outside the scope of this discussion. There's really no reason Twitter couldn't do this as well.

So you have in Facebook the largest website at least in North America, if not the planet, with around 400 million users. It has figured out a way to address namespace issues. It offers its own identity management capabilities in the form of Facebook Connect ( and many, many websites and web applications already use Facebook Connect, allowing Facebook to manage security in a similar fashion as LDAP-enabled applications allow LDAP to manage security.

What would be required for Facebook to knock off Active Directory? First, software developers will have to embrace Facebook Connect or something like OAuth ( as a login mechanism as they have with LDAP. It is likely that the first enterprise applications that will do this will be those that are already Web-based - does this already. Next, it's not inconceivable that one of the larger enterprise applications could move in a similar direction as they look to web-enable their systems - think of an SAP perhaps, or even an ECM vendor. The most likely entrant here is an open-source provider like Alfresco or Nuxeo, but as other vendors move to create SaaS options they may look to tie into a Facebook Connect or OAuth.

Many organizations also seek to move from proprietary to open solutions - not just for cost reasons but also to ensure continued access to information and resources in the event a vendor goes out of business. This is especially the case where government is involved. Facebook might run into privacy concerns, but I could see a large government agency issuing an RFP that included a requirement to support OAuth.

To answer James' question, then, I don't think we'll see users logging into apps using Facebook this year - at least not their traditional desktop-based or client/server-based applications. But I don't think it's so far-fetched as to be dismissed out of hand; rather, I wouldn't be at all surprised if someone demos that very capability at an upcoming AIIM conference. I just wonder who will be the first to do it?

#Alfresco #ElectronicRecordsManagement #identitymanagement #activedirectory #facebook #twitter #Nuxeo