TechCrunch just did a post about OpenID asked if it was being exploited by the large internet players that are participating in the community and adopting it.
I recall the first Internet Identity Workshop when the small crowd of ‘light weight’ ‘open’ ‘distributed’ SSO efforts came together and started their conversation about how they shared goals and very similar technology ideas – it was just the little guys.
Some context for those of you who don’t know this event was and continues to be co-convened and produced by myself, Doc Searls and Phil Windley – we are having our 6th stand alone workshop May 12-14 we also have also done 4 co-produced Identity Open Space events with Digital Identity World and Liberty Alliance near events that have had. This series of events that have no pre-set agenda in the past 2.5 years have been instrumental in moving the whole range of technologies forward because it creates “opportunities for both innovators and competitors, for the big guy and the small fry to come together in a safe and balanced space.” The Data Sharing Workshop and 2nd Summit – being done in collaboration with the more recently emergent DataPortability.org are building on both
* the track record of the IIW in bringing together high level people in a range of companies trying to tackle the difficult problems that need to be solved to make the vision a reality and
* the technology (standards and code) that are being brought forward via the Identity Commons community.
They agreed to Yadis a common service discovery method that would help their slightly different approaches work behind the scenes and then decided that Yadis as not such a good brand name and that is should be folded in and called OpenID.
These little guys had big hopes that OpenID would get adoption by large companies. It has been truly amazing to watch over the past two years as this collaboration that was cultivated by a community conversation has continued over the course of the Internet Identity Workshops – we are having our 6th one this May.
This space has been a neutral haven for all to express their views opinions and interest in different technological approaches. The Data Sharing Workshop and Summit build on this successful tradition and stack of technologies – it is the space where those inspired by the vision of data portability can get down into the details and make it real. Back to the TechCruch post:
The problem, though, is that the Big Four Internet companies that I mentioned above have made big press announcements about their support for OpenID, but haven’t done enough to actually implement it.
I agree with this statement AND there is some deeper issues that have yet to be addressed by the protocol itself to enable large sites to ‘trust’ (in the technical sense that the protocol flow will do what is says and can not be attacked) it. OpenID can be attacked from all sides (blackHat paper PDF outlining them). Bob Blakley from the Burton Group articulates the issues well here. David Recordon responded to a long critique of Stefan’s about the protocol. I think there is the potential to solve these issues but just ‘targeting’ the big players without addressing the real technical and social issues that are inhibiting large scale adoption is not fair.
Chris Mesina puts forward an in depth post articulating a shitlist, hitlist and wishlist around OpenID along with an update.
Great list highlighting things but it does not get to the heart of what in-the-end are the issues both technological and social that could limit adoption as ‘the’ solution to all that is needed for a people empowering identity layer of the web.
I look at all the progress happening in the Identity Commons community (here is our previous quarter’s reports) and have hope that solutions will emerge to address these challenges an “identity meta system” to work
* making it safe for users by making phishing really easy to prevent (this is where the card selector tools come in – CardSpace (MSFT) and the Higgins Open Source Card Selector (IBM, Parity, Novell-Bandit Project) Pamela Project relying party code)
* supporting selective and progressive disclosure (is done in a user friendly/repeatable way with cards)
* finding equitable legal frameworks and agreements for personal information sharing (Identity Rights Agreements Group is working on this and a gathering is being organized for this summer to address their development – many hundreds of thousands of legal work is needed to make this real)
* supporting automatic syncing and updating of information (this is where XRI/XDI and the Higgins Framework comes in)
* having third parties that mediate between end-users, their information and the market. (Yet to emerge businesses with new trust and business models – Project VRM is working on some of this).
OpenID is one part of a cluster of solutions – it will not solve these problems by itself (no matter how strong ‘they community’ or ‘the grassroots pressure’ because it is not sophisticated enough a protocol to do so. Those serious about really having these challenges address are invited to participate in the community and those who want to report on progress around an identity layer of the web need to look beyond ‘just OpenID’ and explore other proposed and emerging solutions that will together create an identity layer for web.
One great place to do this is at the upcoming OSIS (Open Source Identity Systems) Interop Event happening at RSA.
If you are reading this – you are interested but it is all making your head spin we have a Newbies 4 Newbies group that you can join and get peer-to-peer support from others engaging with this material (all or parts of it) for the first time.