OpenID4Kids

Was thinking about how OpenID could be useful for kids accessing social websites and came up with a couple ideas.

 

A parent would start by going to a trustworthy OpenID provider and signing in with an existing OpenID or signing up for a new account. Off of this account, they would create a limited OpenID that their kids could use. Ideally this provider would support directed identity, so a dashboard could be used as the family start page that takes them to their OpenID provider to sign in, and from that point on, they'd automatically be allowed into white-listed domains.

 

While I agree that monitoring children's behavior online by parents can be considered an invasion of privacy, I'm not really interested in debating how parents should raise their children. That is, if parents want to be able to shape their children's online experience and what they're exposed to, especially when younger, I think that providing them with adequate tools is a good idea. Furthermore, the design of this solution should be to encourage conversation and discussion about staying safe online and about good "data hygiene" when using public websites.

 

So, a couple ideas:

 

• Whitelisting friends: parents could add a series of URL identifiers of their child's friends to a whitelist that could serve two purposes: to control who can interact with their child, and then allow for those friends to pass between websites (portable friends list).
• Password alternative: Vidoop uses a grid of images to replace traditional password entry. It seems that this would both be more secure and more user friendly for children.
• Parental controls: parents could whitelist sites or networks that their children could visit, and also control their ability to sign in to certain network sites through partnerships that their OpenID provider would make with remote sites (reverse whitelist). 
• Parental auditing: parents could get detailed analytics of the different pages and sites that their children visit as well as get a list of all "people" who their children encountered over the course of their activity.
• Time limiting: there could be time limits placed on access to certain sites to certain times of the day or for certain amounts of time. For example, an OpenID provider could automatically log off the account after 30 minutes of continuous activity.

 

Now, on the flip-side of this, I think I'd want to design a way for kids to spy back on their parents eavesdropping... so that kids can get a sense for when and how their parents are checking up on them -- and can possibly force conversations about trust and about giving space. Parents are typically over-protective and kids typically seem to want less supervision. These are not irreconcilable desires, they just require open communications to minimize any ensuing distress!

 

Bonus: Fluid4Kids

 

I'm a big fan of Fluid and think there's a good future in site specific browser. Yankee Group recently suggested that they can be really useful for banks and other contexts where security is necessary... but this could also be true for serving children with a kiosk-like experience. 

 

If you remove the basic browser chrome and use an OpenID provider signin page as the homepage, especially if it's using the Vidoop image shield, the entire experience becomes safe, secure and fairly enjoyable, while reducing threats and browser functionality that shouldn't be necessary for basic site interaction (popups, etc). 

* whitelisting