Trunk 'n Branches

Last Wednesday I attended the OpenID 2.0 Vancouver Mash Pit at Sxip Identity. After attending I have a better idea about what OpenID is and how it will work.

If you're at all like me, then you may be tired of creating identities, entering and remembering passwords for each web site you log in to, and painstakingly controlling how much information you release to various parties. Also, when you move, it's next to impossible to update your address at places you want to, your identity may just be spread over too many sites to manage.

OpenID is emerging as the first new identity layer that is functional and practical and solves these issues. There has been a lot of activity in the identity space in the last couple of years, and its exciting to see a standard emerge as a clear competitor. There's others, such as Microsoft's Cardspace system, but they may end up both surviving and providing general benefits for a good long time.

For all that OpenID is good, it doesn't quite solve the phishing problem on its own; there's more work to do. It will be very interesting to watch as OpenID gains acceptance (as it should) and the new market of "Identity Providers" (IdP) emerges. Indeed, with the use of OpenID, you may be able to buy a "phishing proof" identity from a high-quality IdP that uses strong authentication. On the other hand, you may be even more susceptible to phishing if OpenID is used with no client-side support and only weak authentication technology from your (cheap/free) IdP.