Monday, December 17, 2007

Google's identity problems

This will not be pretty.

I read an interesting blog post about Google "Profiles" this weekend. Here's the nut of the problem:

In the early days of Google Apps the only way to sign up was by linking to an existing Google Account, in the format of myname@gmail.com. If you have one of those accounts, there is no way to tell Google that you are now myname@mydomain.com. This means that Google Apps think of your original @gmail and new, @domain identities and two different ones. You can directly access (via URL) your own Calendar, Docs, Groups ..etc. all under your own domain, however, programs that need to access those apps only find the other version, attached to your @gmail.com account. A simple example is trying to save an event from Upcoming.org, Zvents, or any other services: there’s no way to use them with your own domain.

Even the Google Groups is messed up: when I am logged in as myname@mydomain.com, Groups that I am a member of won’t recognize me. I actually have to have duplicate identities created in Google Groups: one to be able to send email (my own domain) and one to be able to access Group’s other features via the browser (@gmail format).

I'm not positive about this but I wonder if a federation-based solution using something like Microsoft's CardSpace on the front-end would help. That said, the bigger issue is the Google "namespace" on the back-end. I wonder if their directory supports aliasing? I think the ability for an end-user to have multiple aliases might solve the problem - user provisioned, of course. I'm sure Google isn't using Active Directory as their back-end server. Good thing because it doesn't support the concept of aliases. If Google wants to enable federation for their customers they have to solve this problem.

Of course, there is another alternative: Don't solve the problem. Hopefully, this option is not on the table.

Technorati Tags:
, , , ,

2 comments:

Dave Kearns said...

Sounds like a self-created problem. The GoogleFolk will gladly (they've done it for me) merge multiple accounts into one so that there's no need for moving back and forth.

Unknown said...

Does that truly "solve" the problem? I like the idea of having two or more faces - my Google business face, my personal face, etc. And, being able to move between them and authorize one to see parts/all of the other.

What happens when my association with Quest ends? I have to spin out a gmail account and start over again?

I like the fact that I have both an @Quest.com instant messaging account and an @Hotmail.com one and both are signed into from the IM application.