I have more than a hundred different accounts. Some for websites, some for software, my phone company, webhosting accounts, database, email, ect.. For the most part I was dilligent and used a unique password for each one. I store them all in a wonderful little password storage program called PINs. PINs tells me I have more than 180 usernames and passwords. Even with PINs, all those passwords are a pain to keep track of. I want a Universial Login System. Let me create one username and password that works across hundreds of sites. Microsoft tried this with Passport and it failed. The problem with any such system is that the user usually has little to no control over who has access to their data. The key to making a universal login system work is giving the user complete control over what sites have access to what data. Bruce Schneier’s article mentions that many ecommerce sites have no way of cancelling accounts, you are forever liable for the accounts and the information about you that they contain.
So the Universal Login System (ULS) should allow you to give or remove a website’s right to see your email address, credit card number, home address, or any individual bit of information about you. It is important that the ULS gives you the ablity not only to allow a website to see your information, but also to revoke it.
A ULS user should be able to login to the ULS site and:
- See what information is being made available to what websites.
- Grant and remove a websites rights to specific information.
- Approve and reject requests from websites for additional rights.
- Change password, edit personal information, ect.
A user should be able to login to a ULS enabled website using their ULS account transparently. Essentialy if you have a ULS account you already have an account on any ULS enabled website. The key is that unless you specifically authorize otherwise, that account is empty and contains no information about you.
ULS offers the website operator two main advantages.
- A lower barrier to entry for users. I don’t have to go through the effort of creating yet another username and password, I’ve already got one.
- The ULS handles fixing lost passwords, expired email addresses, old and outdated personal data.