The Devil Wears OpenID
January 22, 2008
Heard of OpenID? Chances are you’ll hear of it before long. Basically, we all have a million logins – one for each site we use. It’s a giant pain to login to check your Yahoo! Mail, login to leave a comment on someone’s blog, login to your MySpace, and login to check your bank statement. The smart cookies over at Mozilla gave us the “Saved password” function with Firefox, and all of us Mac users have Keychain.
OpenID is hoping to take the concept one step further. They envision a day where all of our personal digital content is unified and centralized AND accessible through a single user-name/password. It was born out of the open-source community – basically that means it’s free and always will be. And big-names such AOL, LiveJournal, and Technorati are getting in on it.
According to Brad Fitzpatrick, father of the technology:
“Nobody should own this. Nobody’s planning on making any money from this. The goal is to release every part of this under the most liberal licenses possible, so there’s no money or licensing or registering required to play. It benefits the community as a whole if something like this exists, and we’re all a part of the community.”
(http://openid.net/what, 1/17/8)
Did any other religiously-oriented ears perk up? I highly doubt that Brad Fitzpatrick is the anti-Christ, but OpenID’s great-grandchild might go on wrists and foreheads. I may be over-estimating, but it sure did make me think.
2 Comments Add your own
Leave a Comment
Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Trackback this post | Subscribe to the comments via RSS Feed
1.
fanau | February 6, 2008 at 1:45 am
the flaw in your logic is “all of our personal digital content is unified and centralized”.
There are two parts to OpenID.
1) the identity provider (what you assume will be centralised and unified)
2) the relying party (the sites that use the OpenID – not relevant to this discussion).
The flaw is that ANYONE can and probably will be an OpenID provider. AOL, Yahoo, WordPress, Microsoft etc etc will all either provide OpenID or support them.
You can choose who you want to be your OpenID provider, or you can even easily set one up yourself under your own website domain.
OpenID is VERY unlikely to be centralised.
Also, people will probably consolidate their passwords into a couple of OpenID accounts (work, personal, sites i dont trust, etc).
What we (christians?) should be careful of is non-open source authentication methods like Google Authentication or Microsoft Live. These both are centrally controlled, but also violate one of the laws of Identity Management which is “the user controls their identity, who has access to it, and what details they get of it”.
blog on!
2.
eve7698 | February 6, 2008 at 9:03 am
Excellent observation. Somehow I did not take into account what Fitzpatrick himself said: “No one should own this.” I suppose that decentralized technologies shouldn’t be much of a scare, although I don’t put it past Google or Microsoft to swallow up smaller guys and feed their own identity system.
Thanks!