DISQUS

Jake · 6 months ago

If Twitter and Facebook become providers, they take a step closer to being the single profile source. New web apps will follow the easy path to integrate with existing data stores, rather than force users to start from scratch.

The payload of an OpenID request can include all the interesting data (network, profile attributes) that you want to share, which would give data portability a couple flat tires.

Essentially, all your data (and you) are belong to them, which isn't ideal.

I'm in favor of a trusted, centralized OpenID provider, not run by the government, but run by some non-profit entity or foundation. The death of providers leaves lingering questions, e.g. Vidoop's MyVidoop service.

I don't have many answers, and I'm very interested to see how it plays out over the next few years. Watch Mozilla. The browser as authentication provider has legs, and I'm much more likely to trust a hybrid local/cloud mechanism to manage my identity than a pure cloud-based one.

Good stuff, thanks for posting.

topperge · 6 months ago

I don't know that I trust either of them to hold my identity. Personally I like the wordpress add-ons that allow me to make my personal blog my own provider. It's a domain that I control and own. I just don't think I have the capital to enable all the strong authentication mechanisms I would want in such a service ;-)

I always find it interesting that people in the US have a different perspective on the government that people in Europe. We're very untrusting of what they do with us and our data. I'm not sure where that comes from but based on my work they have our best interest in mind and are the only "company" with the capital to do it safely.

I believe that the US government should provide an OpenID identity provider for their employees. Who needs a "twitter verified" account for the government users, if they can log in with a government provided OpenID service and it shows a symbol that they are government verified I tend to believe them. I think this is critical in the government 2.0 mission to reach out to citizens and gain trust.

Maybe after a few years of a public OpenID provider to employees they can extend it to citizens. Personally I don't care if a government OpenID provider knows what site I log into. I'd prefer it when buying products online or dealing with the IRS / other government sites. The centralized strong authentication would give me a much better piece of mind. It wouldn't prevent me from adding my additional providers and using them for my primary authentication mechanism, but would give me a backup in the cases like Vidoop going belly up and leaving me high and dry from logging into my sites.

I agree with the browser authentication proposition, however, I need it to be synchronized across all my browsers / devices like a XMarks / DropBox. Maybe something could be put together with Gears. I haven't looked into the persistent storage of HTML5 to see if there is any encryption as part of the spec. Obviously something could be implemented in javascript.

Oh, did anyone else notice the new "Hardware Encryption" in the iPhone 3G[S]? I'm still trying to find out what exactly that means, could be something interesting for a portable strong authentication device.

fuadar · 6 months ago

Its kind of interesting that facebook and twitter would become OpenID provider but that would cause a lot of corporations to cringe. Currently a lot of of comapnies block access to facebook and twitter whereas google and yahoo as OpenId providers are permitted . While the concept of OpenID has been long overdue , it will still take time for people to get a hang of it so to speak.

Jake · 6 months ago

That does make for an interesting problem for people who want to use Facebook and Twitter for ID management.

The uptake of Facebook Connect shows that Facebook *could* be successful as an OpenID provider. Chris Messina has an interesting post about the future of digital identity here:
http://factoryjoe.com/blog/2009/06/09/facebook-...

I think trust (right or wrong) in Facebook will help them find success where other OpenID providers have struggled. Ideally, this will drive the Googles, Yahoos and Microsofts of the world to support OpenID fully as relying parties.