The future of MyData

When I arrived at ICPSR back in late 2002, we didn't have any sort of system to issue identities or authenticate visitors to the web site. At that time we asked users to type in an email address, performed some basic sanity-checking (like does it contain an '@'?), and then showed them our terms of use if no one had ever entered that email address before. Simple. But not terribly useful.

We launched our identity and authentication service, MyData, in 2004, and it has been busy collecting identities since then. I just ran a query, and at this moment, we have 168,524 identities. We ask new account holders to give us just a little personal information, such as how they fit into the world of social science (student, faculty, policy-maker, ...? economics, political science, sociology, ...? favorite stat package?). It's great.

But I always knew that having our own local identities with our own proprietary software was not going to be the best solution in the long run. For a very long time I've been waiting for Internet2's Shibboleth project to really hit the tipping point. And while it does seem to be gaining acceptance in higher ed, it still feels like it is moving pretty slow, and it isn't at all clear that it will hit the tipping point this year. Or next year. It's hard to tell.

Then, a year or two I came across OpenID. Unlike Shib where the institution is the identity provider, OpenID is an open, decentralized way for individuals to create and manage identities, and to use that identity across multiple web sites (i.e., Single Sign-On). I created an OpenID back then, but it didn't seem like many sites were supporting OpenID for authentication.

Now it's 2009. Google, Yahoo, AOL, Facebook, etc., etc. are all supporting OpenID authentication. Lots of ICPSR's newest users are graduate students and recent graduates, and I'll bet many of them already have a Facebook account. Or Google account. Or Yahoo account. And I'll bet many of them would be just as happy to use that account to identity themselves to the ICPSR web site rather than creating yet another identity on our site.

We're refreshing the web site in August, and a change in authentication and identity services isn't on the short list. And so for better or worse everyone will be able to use a MyData account to login to ICPSR in September 2009. But I'll be really surprised if people will be using a MyData account to login when we roll our our next web site refresh in 2011.