It seems abundantly clear to me that officlal Bar Associations can better serve their membership and the public by adopting a new technology which allows attorneys to prove to third parties that they are bar members and in good standing (along with other information). That technology is OpenID (and OpenID Attribute Exchange), and the cost of implementing these technologies are relatively minimal. The benefits to the bar members, the web, and the general public far outweigh these costs and I would therefore propose that the time is now to implement this new technology.
What is OpenID and How Could Attorneys Use It?
OpenID is an emerging standard that allows a user to prove that they own an identity (technically speaking, an identifier) online. It allows a user to prove to a relying party (such as a social network) that they are associated with an identity at another site or application (the OpenID Provider).
The applicaiton of OpenID to state bar associations should be obvious. An attorney visiting a 3rd party website can prove to that website that a) they are an attorney that is a member of the bar, b) that they are in good standing, and c) that they have special certifications, etc.
This is not a theoretical excercise. Web 2.0 technologies are as much about two-way conversation and contribution. Attorneys will be left behind if they cannot carry their trustable credentials with them. In addition, sites and applications serving the legal community can become much more scalable and interesting when proof of bar membership is automated, rather than a manual process. A recent twitter thread demonstrates this issue.
The technical solution is now simple, and based on open standards which are implemented widely in open source software. Implementation of OpenID both on the Provider (bar association) and Relying Party (3rd party service) is relatively easy and well understood. Furthermore, with the proposal I make here, the user experience is relatively straightforward for attorneys (simpler than generic OpenID authentication).
The User Experience Proposal
An attorney wishing to prove, to a 3rd party site, their membership and status in a bar association has a very simple experience. Instead of prompting the attorney for their typical OpenID identifier, the relying party should only prompt the attorney for the state bar association and membership ID they are claiming. Because there are a relatively few number of bar associations, the relying party could map those two pieces of information to a URL which would be the identifier used in the normal OpenID authentication flow (e.g. http://openid.calbar.ca.gov/<membershipid>). (Alternatively, in the longer term, the construction of the URL might be provided by a third party site/service)
After the attorney enters their bar information, the 3rd party site redirects that user to their bar association, which performs whatever online authentication the bar site normally provides (e.g. username/password). At the end of that authentication, the bar site redirects the user back to the 3rd party site (with some back and forth in the background, invisible to the user). The net result is that user has logged into the bar association site, but proven to the 3rd party site that they are a member of the bar. There's really almost nothing simpler. And this is based almost entirely on technology already written and deployed.
Implementation by the Bar Association
The Bar Association has to do the following:
- Implement the basic OpenID Provider functionality. This means hooking up several new URLs to a library that processes incoming OpenID authentication requests, and minimal changes to the user experience flow for authenticating users during the OpenID flow.
- Implement OpenID attribute exchange for a handful of "attributes": membership_id, membership_status
- Produce documentation to give members an idea of what is going on. Because of the user-experience enhancement I propose below, end users really don't have to even know they are using OpenID (the use of an identifier other than bar membership ID is not needed)
Assuming the bar association already has a personalized/authenticated site for their attorneys, this functionality is relatively easy to deploy in a variety of server environments.
Implementation by the 3rd Party
The 3rd party has to do the following:
- When asking the user to prove they are an attorney, present them with a prompt that allows them to select which bar association (if more than one) and their bar membership ID (the format of which is probably specific to each bar association). This need not mention OpenID specifically - they are only being prompted for bar association information, not an OpenID URL
- Construct of the OpenID URL from the bar association information given by the user. How that information is built into a OpenID URL is likely to be specific to each bar association. It would be nice (as a followon effort, perhaps?) to have some pattern of construction that makes this process easier to implement for multiple bar associations. But initially, the construction rules need to be hardcoded (something like http://openid.calbar.ca.gov/<membership id>)
- Perform normal OpenID relying party functionality with the URL constructed above.
- Perform attribute exchange with the bar association to get membership and status information. The exact attributes (and identifiers for those attributes) is something that needs to be specified by the bar association - hopefully a standard set of identifiers would emerge (or could be proposed!)
- Display prominently the bar association verification associated with the bar member attorney. By creating an understanding among users that the verification is available, lack of verification associated with a user on the 3rd party site will both enhance the reputation and value of contributions by verified attorney users while also raising awareness about the risks around receiving legal advice and opinions from people who are not bar-accredited.
The Benefits for All of Us
There's a famous cartoon whose caption is "On the Internet, nobody knows you are a dog" This is the challenge for professionals online, whose opinion laypeople have to ability to judge. We certainly don't want to be getting legal opinions (even if not specifically in the context of a attorney-client relationship) from dogs, do we? I believe that when attorneys can carry proof of their professional status with them, their contributions will be more valued and they will be given more incentives (reputation, monetary) to contribute to the intellectual commons of the Internet, and provide a better service to the public at large.
We can do this now, without much effort, and the benefits are manifest. What do you think?
Non-technical readers may want to skip over this diagram.