A Donkey on the Edge

(This is a Textile rendition of my OmniOutliner file)

• Not a niche
• Web authentication sucks
  • Use same password
  • Which account did i use?
  • Email addresses better
    • But which one?
    • What about out of date addresses
  • Too many usernames
  • Too many passwords
  • Too many forms
• Single sign-on will save us
  • MSN Passport
    • But would you trust these men with your identity?
  • TypeKey
    • Ben and Mena - I trust them now, but what if they turn evil?
• OpenID
  • Decentralised single sign-on
  • Identity is a URI
    • Shows zoomr.com
      • types in url --> redirects to livejournal --> log in to live journal --> grant ID validation --> back to zoomr and login with one string!
    • But...
      • openID attributes (not tokens but still breakable?)
• Is this decentralised?
  • How do we own our own identity?
    • I run my own id server (shows link tag)
      • jyte.com
    • Who provides openID?
      • bunch of folk (6A, etc)
    • Other ways to authenticate
      • dyndns
      • jabber
      • rsa keyfobs
      • secure certificates
• One obvious reason to support openID
  • Build some OpenID shit now!
  • Hey, hundreds of early adopters need to create loads of accounts. Give them OpenID
• OpenID is an example, of dumb networks
  • the intelligence is on the edges
  • OpenID conforms to the same model
• What can we build?
  • Shared profile information
  • Use OpenID to extend the lifetime of cookies
  • blog / wiki antispam because it saves readers from creating yet another account
  • Pre-approved accounts
  • Corp SSO
    • OID server behind the firewall
  • OpenID and microformats
    • hCard
    • XFN
      • You can import a user's contact by introspecting their OpenID
  • OpenID site specific hacks
    • Login with 'X' id to grab the services you need
  • Social whitelisting
    • Share the whitelist with your friends
    • Publish the list of OIDs that you trust to comment
  • Jyte
    • Lightweight trust networks
      • Comment on 'id claims'
      • Jyte group export (sort of like social whitelist)
      • Manage an invite only group using Jyte then hook that into another site's authentication mechanism
  • Decentralised social network
• What sucks about OpenID
  • Phishing
    • Example of "more kittens" website with man in middle attack
      • redirect to evil kitten
    • Possible solutions
      • Card space
    • We can defeat phishing with competition
    • Problem can be solved at the edges
  • What happens in the OID server crashes?
    • One for the applications
      • Cascade through multiple OpenIDs with their account
  • Privacy
    • I don't want my boss to know that I'm a furry
      • Use multiple OpenIDs
        • Pro ID
        • Furry ID
        • Gaming etc ID
  • OpenID is hard to explain
    • Ready for early adopters
    • Need to develop this to be able to explain it
• (Mentions Tom Coates twice!)