Dave posted today on the OpenID.net blog articulating the accomplishments of the past year.
I think it is important to acknowledge the significant progress OpenID as an Open Standard for persistent digital identity across the web has made. It is amazing to think how far it has come in 2.5 years since IIW1.
Recently I was talking with a person knowledgeable about the identity community and OpenID in particular - they mentioned that some of the conversations amongst those running for the board didn't help the community look "good". I said to them you know a lot of communities have elections and there is 6 board seats open and 6 people running for them - so there really isn't a dialogue, public conversation that has texture (a different word for conflicting points of view). I celebrate a community that can dive in and engage with a range of points of view and really have a meaty dialogue. This is to be celebrated - the pains of growing up.
Wired just did a detailed article on OpenID's and Blog commenting. It closed with this... NB: Before you race to point out the irony that this particular blog doesn't support OpenID logins for comments, I can assure you -- we're working on it.
It also said this:
It's easier for blogs, which don't need a lot of demographic information about a user, to let people jump in and start participating socially without filling out a registration form. Major media properties and newspaper websites, on the other hand, want age and income data they can use to sell more targeted ads. OpenID and its companion technologies have mechanisms for sites to collect that data from their users, but those mechanisms are largely left out of the blog commenting systems.
It makes me sad to see this. I was just signing up for a topica list - it asked me for my gender the year I was born and my zip code. It is trying to figure out who I am. What I don't think is well understood is how information sharing happens over time. Asking people to give away PII (personally identifying information) to look at a newspaper is bad practice and encourages lying.
Unconference.net
I just hope that this sort of geeky reputation, coupled with problems in user experience, will not drive the demand away from OpenId, and towards proprietary solutions. Identity management is way too important to be carelessly delegated to a specific social network platform and on the basis of other, unrelated, factors...
Is it generally agreed among supporters of OpenID that OpenID is just good for low assurance stuff like leaving blog postings? Higher assurance stuff, such as age verification or other identity verification, needs some sort of trust framework, so the RP trusts the assertion from the OP. That doesn't exist in OpenID, right? I don't think PAPE provides this; the RP still need to trust the OP. Is the OpenID community trying to build a trust framework for OpenID? Or is it conceded that high assurance stuff will use some other solution (PKI? InfoCards? Other?)
BTW, why do you need my email address for a blog comment? Aren't you sort of trying to figure out who I really am?
But you do want the user to specify a username right? Because openid-addresses can look rather nasty, just look at yahoo's openids. Here I mean social sites with your own profile and stuff like that, not a simple form to comment on a blog. So what I'm trying to say is that in some cases you can't get away from the registration form.