OpenID changing gears

January 14, 2008 at 10:11 pm 5 comments

One of the more notable things that happened while I was enjoying the unusually good Wellington summer was release of the OpenID 2.0 specs. Importantly, from my perspective at least, this includes specs for OpenID Attribute Exchange 1.0.

However, as Dick Hardt said in his blog a couple of days back, “OpenID 2.0 seems ready for prime time. But is it?” In that post, he points to some weaknesses of OpenID 2.0 but concludes that OpenID is continuing to evolve at a fast pace as a globally unique identifier.

I think one of the immediate challenges before the OpenID community is to get a couple of big, mainstream sites accepting and actively promoting OpenID. Entering a username and password specific to a website (at the website itself) have become so deeply ingrained that changing mental models for the average user is a non-trivial exercise.

It was therefore good to hear that giants such as Yahoo and Google plan to support OpenID. Hopefully, with all their years of developing and promoting new online services for the mass market, they will be able to make using OpenID as intuitive as the standard username and password. I wouldn’t be surprised if that involves not using the term OpenID but simply providing it as added functionality.

The OpenID community also faces challenges in getting the digerati (outside those particularly knowledgeable about online identity issues) to understand and develop plain-English mental models.

An example of the challenge is a post by Bruce Simpson, aka Aardvark, a couple of days back called Son of Passport. With a title like that, I was expecting to read his views about CardSpace and the Identity Metasystem. Nope, it was about OpenID.

He says “The OpenID system simply acts as a URL/password based ID authentication system that shares no information between the sites that use it.” He goes on to wonder if anyone would actually want to use it as browsers can remember and auto-fill passwords.

Confusing descriptions and a lack of appreciation of what OpenID is really about is obviously fairly widespread.

I will leave Bruce’s final comments “Could OpenID be the authentication system that even our government is looking for as part of its eGovernment strategy?” for examination another day.


Entry filed under: authentication, identity, NZ, OpenID, security.

BC & NZ: Info Cards & Liberty Specs Biometrics in the Sky

5 Comments Add your own

  • 1. Temporary Test Blog » Blog Archive » OpenID changing gears  |  January 14, 2008 at 10:28 pm

    […] Original post by Vikram […]

  • 2. OpenID changing gears | Online Services  |  January 14, 2008 at 11:28 pm

    […] post by Identity and Privacy Blog Share and Enjoy: These icons link to social bookmarking sites where readers can share and […]

  • 3. Aswath  |  January 15, 2008 at 1:26 am

    There are some applications that is feasible only with distributed authentication tool like OpenID. Distributed social network is an example. As such applications become popular OpenID will catch on. You can read more about my views at

  • 4. Marek Kuziel  |  January 15, 2008 at 11:55 am


    You’re right about confusing descriptions and a lack of appreciation of what OpenID is really about. I can see and read examples on the Internet almost every day. It is quite sad I must say.

    Anyway, OpenID as a decentralized authentication system is quite hard concept to get IMO. One of the reasons I identified is that people actually do not know what word “decentralized” means.

    Also, it is not as simple as “let’s have OpenID on our site today because it is trendy”. You need to get both consumer and provider implementations right to have properly working OpenID based authentication system.

    I have seen nicely implemented consumers for example at or upcoming Drupal 6 ( release.

    There is also plenty of nice OpenID provider implementations to choose from that one can run on own server and have full control of the OpenID authentication process for a single identity.

    In regards to OpenID as the authentication system for eGoverment. I think OpenID could be used as one of the authentication systems, but definitely not as THE authentication system for eGovernment.

    OpenID consumers could be used for example for eParticipation and anywhere else where creation of username and password simply does not make any sense.

    Whether eGovernment should also provide an OpenID provider service or not is a different question. It would be nice and also it would make a lot of sense in some special cases where it could be used for example for verification of nationality of given OpenID identity.

    If NZ government would give OpenID identity to every citizen and permanent residents as a consequence of that it would be possible to tell that given OpenID identity *is* from NZ *without* passing any sensitive data, because the identity URL issued by NZ government would already mean that identity could be issued only to citizen/permanent resident.


  • 5. Openid » OpenID changing gears  |  January 28, 2008 at 1:45 pm

    […] Vikram wrote an interesting post today on OpenID changing gearsHere’s a quick excerptOne of the more notable things that happened while I was enjoying the unusually good Wellington summer was release of the OpenID 2.0 specs. Importantly, from my perspective at least, this includes specs for OpenID Attribute Exchange 1.0 … […]


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

This blog is no longer updated. See the About page for more info. I'm currently active on Twitter.

Follow me on twitter

Error: Twitter did not respond. Please wait a few minutes and refresh this page.


%d bloggers like this: