Sunday, January 6, 2008

The Future of OpenID

This is my final post in a series on OpenId. Previous posts you can find here, here, here and here.

This last post is about where OpenID is going to or might be going to, and related technologies/things that come to mind. Of course I can't see in the future, but the points described below seem quite viable to me...
Finally I'll list some more links related to OpenID I couldn't place in any other post before.

Of course you've seen the release of the OpenID 2.0 specifications. See here for what has changed from OpenID 1.0 and 1.1. One thing it supports now natively is XRI.

An intesting new specification is Open Authenthication. It provides an open standard for API access delegation. OpenID does not support this, thus this protocol seems to be a good complement for it when using APIs. OAuth has not been made an extension to OpenID because "OAuth attempts to provide a standard way for developers to offer their services via an API without forcing their users to expose their passwords (and other credentials). If OAuth depended on OpenID, only OpenID services would be able to use it, and while OpenID is great, there are many applications where it is not suitable or desired. Which doesn’t mean to say you cannot use the two together. OAuth talks about getting users to grant access while OpenID talks about making sure the users are really who they say they are. They should work great together."

Related to identity is being able to pass human relationships using hyperlinks. For that XFN (XHTML Friends Network) was introduced, a simple HTML microformat. Can OpenID identities in some way be integrated with this? Six Apart is trying with this demo of the so-called Social Graph.

A very relevant question is whether OpenID can converge with SAML, which both have for example different levels on user experience and (not) being a trust system. In the article some interesting viewpoints/potential next steps are discussed.

Of course the outstanding issues I wrote about in this post still apply; can they all get resolved and will this increase general acceptation of OpenID?

An interesting approach is the one Vidoop takes via MyVidoop. It is an OpenID provider, but it works with images instead of passwords. See more details here and definitely check the comments, especially this one and the ones below it. Also this one from Sam Sethi is worth reading.

And finally, here's a bunch of miscelleneaous links related to OpenID I couldn't place in any of my other posts, but are still interesting:

Well, that concludes my series on OpenID. I hope you found it useful in some way or another!

1 comment:

Marilyn said...

Keep up the good work. Cheers:-)