OpenID works to eradicate hotel booking mix-ups and other database snafus

Identity Management This newsletter is sponsored by SolarWinds The Shortcut Guide to Network Management for the Mid-Market This guide outlines real-world technologies and processes to implement centralized management of your network infrastructure. Using the OSI FCAPS model as a framework, this eBook explains the critical components of fault, performance, configuration and security management, as well as network troubleshooting and diagnostics. Network World's Identity Management Newsletter, 06/13/07 OpenID works to eradicate hotel booking mix-ups and other database snafus By Dave Kearns Back in 1996 I wrote a column for Network World talking about some travel woes I’d had. A recent discussion about OpenID reminded me of that column, and I think that it’s still relevant today. Back then, Comdex was the biggest thing going in technology trade shows; participants pretty much bought out all of the hotel space in Las Vegas for the duration of the show – you needed to reserve a year in advance to get any hope of landing a good room. I made a last minute decision to go that year, and was faced with finding a room with only two weeks to go. It seemed like an ideal time to try out the then new Expedia travel service. I booked a room through Expedia, but on arrival in Vegas the hotel denied any knowledge of me. Even the confirmation number I had was different from the style used by the hotel. The kicker, though, was that the rate I’d been quoted was actually higher than the hotel charged. After some three-way conversations with the hotel and Expedia, the hotel did put me up. I later discovered that the reservation service Expedia used had booked me into a hotel in Moscow, not Las Vegas! You can read the whole story here. Expedia, like most travel agents, didn’t book directly with the hotel but with a reservation service. The reservation service keeps a database of all its hotels, identified by a property number so that there’s no confusion about which hotel is being booked. Did you know, for example, that Florence, Italy has at least three hotels called “The Grand Hotel”? When Expedia made a reservation, it was done by property number, not by hotel name or location. The Las Vegas hotel had dropped out of the reservation service some months before this booking, but Expedia’s database hadn’t been updated. The reservation service, though, re-issued the property number to a Russian hotel. Thus the mix-up. The IDC Enterprise Panel: Join IDCs panel of IT influencers and decision-makers. Your contributions will be compiled and distributed to technology and telecommunications vendors all over the world. As a thank you for joining, you will receive select free IDC research, and discounted IDC conference passes. Click here to learn more The reservation service’s property number is meant to be a unique identifier for the property. And, under one definition of unique, it was. The number did only exist once in its database. But because the data from that database was distributed to many other places (such as Expedia), and because there weren’t good synchronization procedures in place (if any at all), it really wasn’t unique – the same identifier was attached to two different entities! The OpenID community is going through a discussion of this very thing right now – should an OpenID provider be able to re-issue an identifier to a new user? The simple answer is, of course, no – else the problem that I encountered could be replicated, and disastrously. Suppose, for example, someone else was issued your OpenID identifier and accessed some or all of the Web sites that you’d been using that identifier for. Talk about identity theft! An identifier needs to be unique in the namespace within which it serves to identify something. But it must also be unique over time unless the managers of that namespace can guarantee that all replications of their data are synchronized to the authoritative repository for their namespace identifiers. In a decentralized system like OpenID that’s simply not possible. Identifiers cannot be reused because any reuse will mean that the entire system will lose the trust of those who must rely on it. Enforcing a policy of “no reuse,” though, seems technologically impossible today. That’s the conundrum that OpenID faces, and how that community solves that problem may well determine if it becomes mainstream technology or simply a footnote to the history of the Internet.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Wireless networks: The burning questions 2. Top 15 USB geek gadgets 3. Juniper feels growing pains 4. Bill Gates' Harvard commencement speech 5. Marriott's converged network 'horror story' 6. Vista not playing well with IPv6 7. 10 free virtualization tools worth noting 8. Slideshow: Juniper unveils the T1600 9. Juniper unveils giant router 10. Microsoft vs. Google MOST-READ REVIEW: Clear Choice Test: Blades vs. Racks

Contact the author: Dave Kearns is a writer and consultant in Silicon Valley. He's written a number of books including the (sadly) now out of print "Peter Norton's Complete Guide to Networks." His musings can be found at Virtual Quill. Kearns is the author of two Network World Newsletters: Windows Networking Strategies, and Identity Management. Comments about these newsletters should be sent to him at these respective addresses: windows@vquill.com, identity@vquill.com . Kearns provides content services to network vendors: books, manuals, white papers, lectures and seminars, marketing, technical marketing and support documents. Virtual Quill provides "words to sell by..." Find out more by e-mail. This newsletter is sponsored by SolarWinds The Shortcut Guide to Network Management for the Mid-Market This guide outlines real-world technologies and processes to implement centralized management of your network infrastructure. Using the OSI FCAPS model as a framework, this eBook explains the critical components of fault, performance, configuration and security management, as well as network troubleshooting and diagnostics. ARCHIVE Archive of the Identity Management Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007