Scott Kveton

The on-line identity space has always been fascinating to me. We all have on-line identities but today they are siloed in places like Yahoo!, Amazon and eBay. My identity (and subsequent reputation) is locked in these sites (sometimes referred to Identity v1.0). Every site you go to wants information from you to “confirm” who you are or at least attach your contributions/efforts to some single identity. How many forums, websites and on-line merchants do you have login information for? I believe the number you’re looking for is a gazillion. That’s a lot of zeros.

IMHO, the keys to successful Internet identity are being light weight and decentralized. We’ve seen efforts in the past like Passport and others that have failed because they were either a) too ambitious, b) didn’t have the users’ best interest in mind or c) were centralized. De-centralization speaks to the nature of the Internet. Being light weight helps get deployments out quickly giving insights into how people use the technology. This helps shape the next generations of the tools as well as things that get layered on top of it. Dictating the entire stack doesn’t work in today’s marketplace.

Looking across the identity landscape, I see two contenders that match the keys to success from above. One is OpenID and the other is the Higgins Project. OpenID was proposed by the folks at Danga (aka LiveJournal) and the Higgins Project was announced today but has been in the works for quite some time.

From what I have read about the two technologies, they look quite similar. A thin layer of identity, coupled with a way to describe the services tied to that identity. No assumptions are made about what you’ll layer on top of the identity. Again, I think this speaks well of the Internet. Imagine going back to 1985 and trying to define not only what the Internet is, but how you’d use it and the framework around making it successful, scalable, etc. You couldn’t do it. I think the same is true with identity. Define a thin layer that acts as a platform that people can use effectively. How they use it and the services/tools you (and more importantly they) layer on top of that are the opportunities for commercialization.

One of my favorite complaints of OpenID was that it lacked a trust mechanism. Of course it does. Its just an identity component. Trust can be layered on later if the identity piece is a platform. The problem with identity in the past has been everyone has tried to engineer the Itanium. What we really need though is the Opteron. The fact is, trying to design the entire stack in one go is a major pain. OpenID addresses this by being a thin layer of identity on top of which people can place anything they want. From the looks of it, Higgins will do the same thing.

Okay, great. Higgins and OpenID are possible options. The next thing I hear in all of my conversations with people is, “Amazon|Yahoo!|eBay will never adopt this. It will never take off.” Really? LiveJournal already has 9 million OpenID users. That’s a pretty good start. So how do we get the “big” sites to adopt something like this and break the identity 1.0 barrier? I’m wondering if there is a way that we can get the tail to wag the dog here.

Of course this is all pie-in-the-sky stuff. You’d need an army of developers and years to implement libraries for something like OpenID for all of these different applications. Hmm, actually that’s not true. Most of it is already done. Holy crap. Libraries for PHP, Perl, Ruby, Python and .NET as well as patches for tools like Mailman and MediaWiki?! Painting the full picture, we see that we have millions of enabled users (LiveJournal) and plenty of tools to make it happen.

How many open source tools do you know of that require a login? The list is endless; phpBB, Wordpress, Drupal, Moodle, every-single-other-CMS, every-single-other-blog-tool, etc. What if you could get OpenID or Higgins enabled by default in them? I know I’d love to be able to serve up my own identity with this Wordpress instance. Not only that, each of these tools wants to have things like social networking (I know this user and that one but I hate that guy, etc). In each instance, they are tied to one tool or a specific site. Again, siloed identity 1.0. Its almost like these sites are making their software do acrobatics above and beyond their “main thing”. Imagine if these sites were OpenID or Higgins-enabled? Not only could you login to them seamlessly, you could tie all sorts of other services in.

What else could you layer on this? What about reputation or social networking? I love Orkut and LinkedIn but again, they are coupled to only those sites. If I had my OpenID and could build a network of other OpenID users that would be pretty powerful. Enable it through open web services (a la Google Maps) and now you can do more effective messaging and others. What if you could take the reputation or trust or social networking and apply it to your Digg login? Some might say that would hurt Digg’s traffic; I disagree. I actually think it would augment it. If users can easily traverse many different web sites and engage in conversations across them, that frees up those sites to actually focus on making tangible content (or aggregating it as the case may be). Add in a Firefox extension or Internet Explorer plugin to ease the process and maybe a little Grease Monkey action and things get very, very interesting. The possibilities are endless and I guarantee the best ones won’t be thought of until this thing is going at a thousand miles an hour.

So where do we go from here? What if we start a grassroots campaign to get OpenID enabled in the top-tier open source applications? Enable OpenID or Higgins across these projects and I guarantee you’ll see ideas behind identity 2.0 realized very quickly.