First, full disclosure: I don’t know a lot about OpenID. But I do know that there are some serious issues related to online identity. Here are two of the questions I find most pressing:
- How do I create a persistent identity, across all the different web services I use? This is a question of convenience. Registering for a website that I’m going to use once is kind of ridiculous. Even if I wanted to use it again, chances are I will have forgotten my password, or even that I ever registered there in the first place. I could always register again, but that isn’t useful for me, or the service provider.
- How do I take ownership of my personal information? This is a privacy and security question. I’m online a lot. There’s a lot of digital information about me that could be gathered up to paint an interesting picture of who I am. Ideally, I should be the person who owns that picture and controls who has access to it.
Now, I’m not saying that OpenID has solved these problems – far from it – but it has created the opportunity for people to test things out and discuss what works and what doesn’t. As far as I can tell, the first issue is being addressed more directly than the second. Still, I don’t think we’re going to have a meaningful approach to the privacy question until we get some more experience with persistent identities.
Tim Berners-Lee’s recent post on the Giant Global Graph is bound to spark more interest in and discussion of OpenID and other identity solutions. As social networking explodes, the portability of personal data becomes an issue that could define the success or failure of new players. The marriage of social networking and the semantic web seems like a natural one – if I can capture all that data about me and my relationships, independent of any given social networking site, then I can go to the sites that provide me the functionality I want, without having to recreate everything or worry whether my connections will follow me there. Having a unique, neutral ID for myself becomes a pretty important factor – my own personal URI, if we want to be technical about it.
This brings me to what I don’t like about OpenID: you sign up to get your OpenID through a service provider, someone like LiveJournal, WordPress, AOL or Vox. I say “sign up” but really, if you use one of these services (or a host of others), you already have an OpenID, you just have to start using it. The problem is that my relationship to these services could be transitory, so why would I want one of them to own my ID? I had a Vox blog once. Strictly speaking, it still exists. But I don’t want my persistent, ubiquitous online identity to be tied to it. Seems to me that it sort of defeats the purpose if you use one OpenID for a while, then switch to another for other uses, or when you tire of your old one.
As I followed this thread through the blogosphere today, I came across an interesting offering – Own-ID.com. It’s like domain forwarding for your OpenID. You create a URI, at a domain that you control, and point it to the OpenID of your choice. Authentication still takes place at the level of the OpenID provider, but I can change that provider later if I want to. I decided to give it a try with my AOL OpenID.
I should point out that I had used my AOL OpenID before and I had mixed feelings about it. On the one hand, I used to work for a company that merged with AOL, and I wasn’t thrilled about their strong arm tactics and determination to take over the world. On the other hand, I’m familiar with their authentication system, and I feel pretty comfortable with it. Still, I did not really want to announce to the world, “My online identity is inextricably tied to AOL!” Well, except to the people reading this blog, I guess.
Anyway, seemed like a good reason to give Own-ID a try. I added an alias to my domain, pointed it to Own-ID, authenticated it using my AOL Open ID and that was it. I tried using my new OpenID to sign in to some sites. Most of them worked, a couple of them didn’t. But the ones that didn’t work with my Own-ID also didn’t work when I tried to sign in directly with my AOL OpenID, so I’m guessing there was a deeper issue going on with those sites.
It’s a pretty interesting sandbox to playing in, and I’ll be watching the developments closely.
Further reading and resources: