Ebay Suggests Identity API – Can They Do it Alone?

Paypal X Innovate 2009Ebay’s CTO, Mark Carges, today announced at Paypal X Innovate plans by Ebay, Inc. to begin incorporating the Paypal login process as an identity platform for consumers to eventually open up to developers.  The platform, Carges said, aims to use the existing Paypal login ID which includes address and phone number verification, bank account attachment, and more to identify individuals as real people.  He stated Paypal already goes through great lengths to protect these users’ identity, suggesting this was a natural move towards identity in the cloud.

The move makes sense, but searching Twitter during the Keynote revealed a different story.  Audience members are skeptical, stating things like “scary morning talk by the Paypal CTO. all your ID belonging to us. a closed OpenID?” and “wonder if this is what @timOreilly is afraid of – platforms becoming the OS?”.  In many ways these audience members have a point – is it possible for Paypal to go alone in this identity space when they could either be leading or joining existing identity efforts such as OpenID?  I may be wrong but I do not recall any mention of the word “open” in his proposal.  And when he mentions things like “they are working with Government” it gets a little scary that a single company may control all this along with government.

At the same time, maybe this is the solution.  Will the solution to identity be a closed platform that has devoted ways of verifying identity like Paypal and Ebay can provide?  Does the web need a “more secure” closed platform to finally solve the identity problem?

I’m very interested to see how Paypal progresses on this.  My hope is that they either lead or join existing open standards in this effort, and rather than taking this alone they approach others.  A platform is always a good thing, but a platform is not “open” until it is based on open technologies and the technologies themselves are built by the community.  This is especially applicable in the identity space.

Paypal’s CEO yesterday reiterated that through the years payment itself was controlled by a few big entities.  Paypal’s vision is “Into the hands of many” , intending to pass that control to the developers.  He even compared it to Linux and how the future is in the community and no one company having control.  My hope is that Paypal maintains this standard in the identity arena.  Based on their vision so far it looks hopeful – let’s hope they don’t feel the need to take the Identity platform alone.

When it’s uploaded you can listen to the whole Keynote in my Cinch folder.

Advertisements

11 thoughts on “Ebay Suggests Identity API – Can They Do it Alone?

  1. Hi Jessy – hope you had a chance to attend the session “Maximizing PayPal's New Identity Services to Create Seamless and Safe User experiences” lead by Andrew Nash (http://www.identitymusings.net/wordpress/) and Eve Maler (@xmlgrrl – http://www.xmlgrrl.com/blog/). Hopefully the slides would be up on x.com soon. As you can see on https://www.paypal-ids.com/ – this is all going to be based on standards. Please hang on for more details to be published on x.com soon.

    Like

  2. Praveen, awesome! Let me know as soon as you have the slides and more
    details and I'll definitely promote the heck out of it. I love standards!
    That was the biggest concern I was seeing from the audience.

    Like

  3. Oh good grief – conspiracy theories already abound

    PayPal has been on the board for the OpenID foundation for some time.

    None of the deployment options under development are proprietary or private, unlike facebook

    However, OpenID has some fundamental security issues that many people have not wanted to acknowledge or address. These issues may not matter when dealing with a zero value transaction, but they become imporant quickly if you want to address anything with with even moderate levels of value or privacy.

    As a result, just like the US Fed Govt, PayPal is profiling the use of OpenID features to reduce exposure, and will be white listing particpants until the security issues have been addressed (and yes, we have been actively working to address the security issues, as anyone at the OpenID Summit or IIW can attest)

    There is nothing private or proprietary happening here – but anyone who does not understand the need for profiling, does not understand the need for more highly trusted identity deployments.

    The federal Govt is engaging with a number of identity providers including Google – so the nonsense about one compnay being in control here should stop immediately. PayPal is being a good citizen in the identity community and working hard to make this stuff useable rather than just a toy.

    Like

  4. Andrew, great to know. The talk at Paypal X Innovate didn't mention
    anything about utilizing your involvement in OpenID, etc. It was very much
    a talk about how Paypal was going to take an approach to identity – I don't
    recall any mention of involvement with the community or standards
    foundations in that effort, but I may have missed it. I was simply going
    off of the talk itself and audience reaction I was seeing on Twitter, and
    wanted to be sure it wasn't the case that Paypal was trying to do it alone.
    This wasn't intended as conspiracy theory, nor critique in any form. I was
    simply stating an observation and hope that the perception of the audience
    wasn't true. Glad to hear that perception was wrong.

    Like

  5. Oh good grief – conspiracy theories already abound

    PayPal has been on the board for the OpenID foundation for some time.

    None of the deployment options under development are proprietary or private, unlike facebook

    However, OpenID has some fundamental security issues that many people have not wanted to acknowledge or address. These issues may not matter when dealing with a zero value transaction, but they become imporant quickly if you want to address anything with with even moderate levels of value or privacy.

    As a result, just like the US Fed Govt, PayPal is profiling the use of OpenID features to reduce exposure, and will be white listing particpants until the security issues have been addressed (and yes, we have been actively working to address the security issues, as anyone at the OpenID Summit or IIW can attest)

    There is nothing private or proprietary happening here – but anyone who does not understand the need for profiling, does not understand the need for more highly trusted identity deployments.

    The federal Govt is engaging with a number of identity providers including Google – so the nonsense about one compnay being in control here should stop immediately. PayPal is being a good citizen in the identity community and working hard to make this stuff useable rather than just a toy.

    Like

  6. Andrew, great to know. The talk at Paypal X Innovate didn't mention
    anything about utilizing your involvement in OpenID, etc. It was very much
    a talk about how Paypal was going to take an approach to identity – I don't
    recall any mention of involvement with the community or standards
    foundations in that effort, but I may have missed it. I was simply going
    off of the talk itself and audience reaction I was seeing on Twitter, and
    wanted to be sure it wasn't the case that Paypal was trying to do it alone.
    This wasn't intended as conspiracy theory, nor critique in any form. I was
    simply stating an observation and hope that the perception of the audience
    wasn't true. Glad to hear that perception was wrong.

    Like

  7. Oh good grief – conspiracy theories already abound

    PayPal has been on the board for the OpenID foundation for some time.

    None of the deployment options under development are proprietary or private, unlike facebook

    However, OpenID has some fundamental security issues that many people have not wanted to acknowledge or address. These issues may not matter when dealing with a zero value transaction, but they become imporant quickly if you want to address anything with with even moderate levels of value or privacy.

    As a result, just like the US Fed Govt, PayPal is profiling the use of OpenID features to reduce exposure, and will be white listing particpants until the security issues have been addressed (and yes, we have been actively working to address the security issues, as anyone at the OpenID Summit or IIW can attest)

    There is nothing private or proprietary happening here – but anyone who does not understand the need for profiling, does not understand the need for more highly trusted identity deployments.

    The federal Govt is engaging with a number of identity providers including Google – so the nonsense about one compnay being in control here should stop immediately. PayPal is being a good citizen in the identity community and working hard to make this stuff useable rather than just a toy.

    Like

  8. Andrew, great to know. The talk at Paypal X Innovate didn't mention
    anything about utilizing your involvement in OpenID, etc. It was very much
    a talk about how Paypal was going to take an approach to identity – I don't
    recall any mention of involvement with the community or standards
    foundations in that effort, but I may have missed it. I was simply going
    off of the talk itself and audience reaction I was seeing on Twitter, and
    wanted to be sure it wasn't the case that Paypal was trying to do it alone.
    This wasn't intended as conspiracy theory, nor critique in any form. I was
    simply stating an observation and hope that the perception of the audience
    wasn't true. Glad to hear that perception was wrong.

    Like

  9. Praveen, awesome! Let me know as soon as you have the slides and more
    details and I'll definitely promote the heck out of it. I love standards!
    That was the biggest concern I was seeing from the audience.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s