I stumbledÂ uponÂ a blogpost that just should be mentioned. Source: http://www.shadydentist.com/wordpress/archives/2007/03/26/changing-openids-metaphor-to-p2pid/Â
OpenID support announcements are everywhere. The Wikipedia is in, Microsoft is in, AOL is in, Digg is in, WordPress is in. OpenID is the best idea in ages but it has a problem. Nobody wants to trust somebody like Microsoft, AOL, Digg or even beloved WordPress to provide their identity. I think thatâ€™s why the only people you see promoting their OpenID much are hosting identity providers.
I think it boils down to metaphor. When I first wrote about OpenID I was thinking about identities hosted by a few trusted providers. OpenID grew from a desire to cut down on the number of accounts we each have to remember and that would seem to solve the problem. I mentioned some kind of ICANN like agency to maintain the whole thing and then trailed off. When you think in these terms, thatâ€™s the problem with OpenID, who to trust to control it? I havenâ€™t found an acceptable answer.
Now I think the answer is this: Control should be distributed. Identity should be a swarm. Trust should not be a hierarchy. OpenID needs a way to link many identities together in a secure flexible way. The metaphor needs to change to peer to peer. Philosophers figured this out ages ago but lacked the tools to make it happen, however maybe things have changed.
|Hierarchy Metaphor (not so good)Â Â |
|Peer to Peer Metaphor (good)Â Â |
In the hierarchy model, â€˜Aâ€™ has all the power/control and there is no way to change the situation. This power is embedded into the system and once established cannot be changed without rebuilding the system. There just isnâ€™t any mechanism to link â€˜Bâ€™ and â€˜Câ€™ without â€˜Aâ€™.
In the peer to peer model, â€˜Aâ€™ might have more power/credibility (for example, if itâ€™s a major university) but the situation is flexible. The power comes from trust not the system itself. If â€˜Aâ€™ is seen to wither while â€˜Bâ€™ and â€˜Câ€™ grow strong, the system can be adjusted by users to recognize this.
If I want some anonymity I can always create a new identity someplace and link it to nothing. The question then is who will trust such an identity?
These identities could be at a university, or an employer, news organization, political party; coffee shop, night club, etc. The metaphor creates so many identities I donâ€™t even bother to know about most of them. That is after all how the humanity works anyway. I have countless identities for famous people that the people themselves know nothing of. The same with dead people.
The folks at XFN seem to have had this idea for awhile now. Their system works by embedding simple meta data about relationships into HTML to enable links between friends and identity consolation. They have better diagrams than me too.
XFN seems to be struggling for an implementation in the same way OpenID is struggling to get out from under hierarchy. OpenID is being implemented by big kids who smell power but XFN gets rid of that stench. I think itâ€™s time for the two to dance.