OpenID + VoIP == Good?

Through the magic of RSS, I’m able to stalk … err … discover some interesting conversations regarding OpenID.

I happened upon a discussion about using OpenID for authenticating VoIP clients to one another that was sparked by this post posted by Martin Geddes. That was followed up by Aswath with a post describing how you could use OpenID to help assert your identity with VoIP calls. This was followed up by Phoneboy (not his real name, I *think* - heh) leading to a discussion about OpenID and its lack of trust.

Great posts and great discussion guys. You pose some questions that aren’t obvious to the OpenID newcomer.

First off, I think OpenID would be great for this application. Its inevitable that as people begin to migrate to one identifier for the things they do on the Internet, it would also become a great point of contact for that user. Whether its as simple as a contact form at their OpenID public identity page all the way up to being able to initiate phone calls through/via the same page. As I’m making contributions all over the Internet people will be led back to my public identity page and want to contact me. Voice is just one of the possible ways to communicate with me.

Secondly, OpenID is not about trust. Its not about reputation. Its not about social networking. OpenID gives users the ability to claim that yes, I am this identifier. We had to start simple. In the past, people have tried to make too many assumptions going up the stack. For every assumption you make, the scope of possible adoption is limited. If we can agree on just one simple little thing; this identity/authentication layer, the other pieces will start to form on top of it.

Finally, OpenID is completely decentralized. That means anybody can bring up an OpenID identity provider and start creating OpenID’s that might do “bad things”. However, its this decentralized nature that makes it compelling for users, sites, developers and vendors to adopt it; there is no lock-in to one vendor. No mothership to phone home to. If its centralized, we’re back in the days of Passport. Decentralization of course makes trust much more difficult. However, one problem at a time. Trust will grow out of this platform over time because the community plumbing exists to extend the platform.

Aswath makes some interesting points:

In this scheme, my SIP Invite message could contain my OpenID and you can authenticate it using the documented mechanism. The scheme also allows for providing additional information that I have authorized the IdP to share it with you. Given this scheme is distributed and open, there is no need for a handful of dominating and intermediating IdPs.

This is exactly right. OpenID is maturing rapidly. The next piece of the puzzle is coming together with attribute exchange. Attribute exchange will allow users to do the above. Exchange arbitrary bits of data associated with my claimed identifier. I am this identifier and I have specific attributes associated with it.

Phoneboy makes the analogy that OpenID is like PGP but without the web of trust that falls out of it. In the very near future, I think we’ll see an open solution to the “group” problem. Now that I have this one identifier that I use for different things, wouldn’t it make sense to start making lists or groups of my friends, co-workers, family, etc as well? Since OpenID’s are unique to the Internet, couldn’t I then use those lists/groups all over the place? You can quickly start to see where this is leading. One identifier. One set of social networks. Lots and lots and lots of possibilities become clear in that world.

Update: Discussions continue all over the place on this.