OpenID is an evolving platform. Its quickly maturing and although it may not be ready for banking information just yet (remember when people said that about the Internet as a whole?), I believe it will be in the very near future.

The biggest topics in the OpenID world are attribute exchange and phishing at the moment. This will change over time as we hopefully figure those out.

The host provides a home for both your domain name (content, e-mail, etc.) and your domain-based OpenId. That way when you transfer hosts, you would naturally transfer IdPs.

Of course, there are plenty of sketchy hosts and over time there may be plenty of sketchy IdPs. I read somewhere that OpenId should only be used for non-sensitive accounts (i.e. not providing opportunity for identity theft or access to financial information.) Or at least not yet.

Are there any other major topics of development in the OpenId arena besides security and portablity?

I (personally) prefer OpenID’s that are URL-based but that is just my bias. I also understand the reasoning and the work done by the i-names community. In fact, we are an accredited i-broker.

Yes, the URL-based identities are not portable. However, if you use your own domain with delegation, you have the ability to move from OpenID Identity Provider to a new one and not have the pain that you mention above. Not ideal, but it does help with your problem.

In a general sense, we need to find a more complete solution to this that allows users to “transfer” their identity from provider to provider.

Since i-name (and XRI are more locked into the centralized registery), do you favor OpenId (and thus provide the MyOpenId service) because of the portability of OpenId?

Can you explain what happens in the future when I have an OpenId and I decide to move to a different IdP? What if I have provided my OpenId to a large number of websites for account login (say 50+)? Will I have to change my OpenId with each website?

The process being something like this:
1. Create new OpenId with new IdP
2. Login to each account on the web and switch to new URL.
3. Deactivate (if this is possible) with my old IdP.

If this is the case, then the 50+ accounts I have to login to is going to be really tedious, like moving to a new house and having to contact all service providers to update a postal address.

It should be noted that my blog doesn’t yet support OpenID v2.0 but as soon as its out and the libraries are there, I’ll be upgrading.

As for which is more superior, I think that’s up to the market. I like being able to use kveton.com/blog as my OpenID URL. With i-names, I have to leverage the i-names global registry and hope that it will be around forever and ever. Also, there is a central registry for i-names that although is very well managed, it is in fact centralized.

We partnered with the i-names community to bring them on board with OpenID because we were thinking along the same lines; give users control of their identities. The technologies are different but our hearts are all in the right place.

As I understand it right now:

OpenId uses a URL
i-name uses XRI

Correct me if I am wrong please.

If this is so, isn’t XRI superior because of its permanence? Or is the i-name / XRI model locked up in a proprietary system of some kind?

My concern is that I want to form an essentially permanent relationship with my online identity (this is the whole point right?) but OpenId sounds like it is still disposable?

Thanks for the information. Looks like I’m going to have to keep the ugly redirect page, at least for the time being. It looks like the wpopenid plugin doesn’t support the header-only method.

Also, I made a minor modification to my theme to indicate comments that are authenticated by OpenID. It can be seen using some of the test comments I made on the post where I announced that I had OpenID support.

One thing I’d like to hear you blog about is phishing. What’s to stop a site pretending to redirect me off to my OpenID provider, but actually sending me to a spoofed site to steal my login?