Liquid Media's Apps

OpenID gaining momentum

Since I last wrote, OpenID has picked up even more. Tim Bray wrote about it, David Heinemeier Hansson of Ruby on Rails fame wrote about it here and here. About the same time as OpenID hit my radar, it hit everyone else's.

A lot of the complaints I levelled about it early on are being repeated around the web. Brian Slesinsky responded to Tim Bray's post by writing a long blog entry about it. In it he describes the similarities and differences between email "signatures" and OpenID "signatures", not in the "digital signature" sense but rather in the "recognize your friend's signature" sense. Given his conclusions, OpenID provides little value beyond traditional sign-on, save that the user only has to remember one password. The whole aspect of identity is treated the same -- instead of my friends recognizing me by my e-mail address, they can now recognize me by my OpenID, http://pauldoerwald.ca.

From a business perspective, Slesinsky makes an interesting suggestion:

We hope our friends choose good email providers and their email accounts don't get hacked, but it's really up to them to practice good security. Similarly, it will be up to our friends to pick good OpenID providers. (At this point the security experts are probably thinking, "Lord help us," but maybe it's not so bad. Since the only purpose of an OpenID provider is to verify id's, and it's in people's best interests to keep their id's from being hacked, maybe there's some hope that trustworthy companies will win.

This sounds like an interesting approach to a business. If OpenID continues to gain momentum, then it there may be a business in providing a reliable, trustworthy OpenID service for people to use.

One thing that still haunts me, and I find it interesting that very few people are talking about it, is the spam problem that I've mentioned in the past. Web sites require e-mail addresses for verification in the hopes of decreasing spam problems. The use of OpenID, and the ease of creating new OpenID accounts actually lowers the barrier-to-entry for spammers! With sites that allow OpenID accounts, a spammer can now create millions of throwaway accounts with which to create comment spam. The only way we can fight back is by maintaining large black/white lists. For this problem, we may be better off staying with e-mail logins.

Tagged authentication, identity, openid, and trust.
blog comments powered by Disqus