It's the opening day here at Web2.0Expo and the event is off to a great start. Today I sat in on a session that dealt with identity, data portability and privacy for web-based applications. The session focused largely around OpenID and OAuth, two efforts underway to bring standardizaton and greater simplicity to these challenging issues. The big takaway for me was that if we think dealing with these issues is tricky in the consumer web, it's nothing compared with the challenges businesses will face in this area.OpenID is "a free and easy way to use a single digital identity across the Internet." It's attempting to provide some sanity to the madness of maintaining separate logins for every application we use on the web. As one of the panelists put it, "if you go to a conference do you have to re-introduce yourself to people you already know?" Of course not. We all have existing relationships that we trust and should be able to carry from one application to the next. Getting the industry rallied around OpenID has been no easy task but seems to finally be reaching a tipping point towards broader adoption.The other topic was OAuth, "an open protocol to allow secure API authentication in a simple and standard method from desktop and web applications." With OAuth, people can identify portions of their private applications data to share with other applications without giving away the login. With web applications becoming increasingly interconnected this is a very important issue.But the main theme of the session was to examine what this all means in business. The above example of re-introducing yourself to people at a conference makes a lot of sense in the consumer world, but what about when those established trust relationships cross organizational boundaries? In the consumer world, you are (hopefully) in control of your data, your identity and your network. You decide what's best. In the business world, this is less clear. As the session description states:

There's no clear cut answer to this question. For a long time IT has attempted to block any applications that could potentially leak information into the open. IM is one good example here. The problem with simply blocking an application is that its usefulness is also eliminated. Is IM a good "behind the firewall" tool? Yes, but it's a better tool when it can be used to connect you with people outside of our organizational boundaries. This is a big, big challenge as we find more and more "useful" tools outside of the firewall. We need better tools to facilitate better productivity and communication while also managing and securing the interests of the business. The challenges in this area seem more to do with policy than technology, and I'm afraid today's session provided more questions than answers on these important issues.