Most of you have probably never heard of OpenID, but I’m here to enlighten you. OpenID is a protocol used to authenticate a user (you) on multiple websites without requiring you to register. It also works as a nice place to store your public encryption key so that others can send you encrypted e-mail (a nice side benefit). There are several places where you can register to get an OpenID, I personally chose to go with GetOpenID.com. I chose them due primarily to how easy it was to register and create my information, as well as the fact that they support SSL versions of OpenID authentication providing just a little more capability and protection. You can view my OpenID information at: https://www.getopenid.com/stevenhaddox. On my OpenID page you are able to find my actual e-mail, my personal website, and my public key. Nifty eh? And then I can take this same link and login using my password onto any site or portal that supports the OpenID protocol (entirely to easy – I know).
So if such resources already exist, why are they not being used?
Well they are being used by a lot of tools and sites (or very soon to be used). Keep your eyes peeled and you’ll seen see OpenID supported on this blog for user authentication for commenting. You can also see that my favorite CMS (Plone) has implemented OpenID support into their 3.0 release. But the real question becomes, why isn’t OpenID supported on identity-oriented websites? OpenID is one way to help validate that someone is truly who they claim to be. It isn’t perfect, but if you know your friend has an OpenID, you won’t be fooled by someone using a fake one as it is easily identified. I personally think that OpenID helps to solve problems like Chris Pirillo points out in his blog entry here. The main point he makes is a very valid one. This is a social-community issue that spans multiple websites. I feel that OpenID works as a perfect solution for this problem and that if Pownce, Twitter, YouTube, MySpace, WikiYou, etc. would go about implementing support for the OpenID protocol it would serve as a great way to validate that you are who you claim to be. This would help to limit the amount of “imitators” that are so easily created in today’s digital world.
I personally have had my identity stolen in the past. I know that my wife’s identity has been stolen within the past month. We know who did it, we know how they did it. We don’t know exactly where they did it, but even if we did it’s not like we could get the site it was being done on to rip it down. Everything that was used to pretend to be her has been publicly available at some point. However, if sites started to support OpenID it would be a simple e-mail to say, “Hey, that’s not me on that profile – take it down” and they would have some easily viable way to confirm that this OpenID user actually is who they say they are and that they are being misrepresented. What are the current alternatives to this? Retaliation? Angry blog postings? Late night phone calls to the person who did it? I don’t know about you, but I personally would much rather just send an e-mail to the site letting the damage occur and have the information removed. Then again, I’ve never really been one for confrontation.