Scott Kveton

I’ve been on the OpenID Foundation (OIDF) board of directors since the organization was founded. I was also lucky enough to serve as the Chair over that time and I would love to continue to serve the community in some fashion on the board of directors again.

There have been several questions asked to the OpenID general mailing list and so I thought I would take the time to answer some (all?) of them here. I’m sure I’ve missed some so I’m sorry for that. If you have follow-up questions, feel free to post them here for me.

What would you have done differently if given the chance?

I’d love the benefit of hindsight but the reality is, I wouldn’t change a thing.

When I first got involved with OpenID it was because I had seen the benefits of how open source had affected traditional software and I saw some of those same themes being applied “up the stack” to OpenID. I was excited to see a simple, open effort to start tackling the issues of on-line identity. Back in 2006, there were still a lot of competing technologies in this space; XRI, Lid, Sxip, etc. It was quickly apparent that we needed to get to convergent on light-weight identity lest we miss a chance to build something great for the Internet. It took a few months but by the end of 2006 we had convergence and a small, focused community that had come together to develop and promote OpenID.

By this time we had a lot of the bigger companies out there looking at this technology as well. Their biggest concerns (privately at the time) were the IP ramifications around the technology. The big guys didn’t want to jump into the fray and then have somebody sue them because they had deep pockets. This was one of the primary drivers of the OIDF in the beginning and it was probably the most unsexy work ever. But it had to be done and it continues to this day.

We knew that we wanted to build an organization that could support both the community and the large players that would use the technology. We looked at a lot of different models and even flirted with moving OpenID into the Apache Software Foundation for a time. In the end, we developed a hybrid approach with community and corporate board members for the OIDF. It hasn’t been easy; it was a difficult process to develop on our own but its one that has built in sustainability into the organization while still allowing autonomy for the technology and the community as a whole. Only time will tell if we made the right decisions.

What’s your vision for OpenID and what role does the OIDF play in making it a reality?

I’d like to see OpenID evolve into a solution that makes social networking a feature on the Internet (and not just a site you go to). Today, OpenID is a technology that solves a specific thing and does it with a few shortcomings like security and usability. To get beyond this and take it to the next level, its going to require working closely with the communities developing technologies like OAuth, XRD, Portable Contacts and the like. Fortunately, most of the people developing these technologies are a part of the OpenID community already.

The best thing the OIDF can do to help make this a reality is to stay out of the way. By that I mean, the technology continues to evolve and its the details like IPR, trademarks, etc that need to be sorted out (by the OIDF) but that can hinder adoption if not taken into consideration. I’m all for workgroups to help with usability and security but I think a lot of these things are already happening in the community.

Facebook Connect is a great example of what this could look like. The benefit that Facebook has is that they can enforce the look-and-feel; if you don’t do it the way they say, they can pull the plug on you. This isn’t the case for the solutions we’re building so we have to get to consensus and then worry about distribution. This is a slower model but I do think its a better one. Facebook Connect (and derivatives like Google Friend Connect, MySpaceID, etc) will continue to gain market share and momentum while we figure out the details of how all of this is supposed to work. Slow-and-steady-and-open “wins” the race.

What is the role of privacy as it relates to OpenID and how does the OIDF help/hinder that?

I don’t believe in privacy; not because I’m against it but more because I believe its impossible to achieve. Don’t vote for me if you’re hoping I’ll help drive this technology to be more “privacy” friendly. I won’t. My goal is to help develop OpenID into a solution that can help you share and participate across the Internet as you (not some ‘anonymous coward’). I put myself in the Esther Dyson camp on privacy these days:

I was a much bigger fan of anonymity then than I am now. I thought it was cool. And it is, but it turns out anonymity really encourages bad behavior. I’m not in favor of the government tracking everybody and so forth, [but] at least persistent pseudonyms and communities and stuff like that makes everything a nicer place.

It’s like a lot of things. I’m pro choice, but I think abortion is an unfortunate thing. I think the same thing about anonymity: Everybody should have the right to it, but it’s not something one wants to encourage. And that’s not weasel words, that’s the reality of it.

– Esther Dyson, Veteran tech investor looking back on the evolution of the Net

What are your thoughts on organizational transparency?

Easy: everything should be done in the open that can be. The only times for private conversations are for legal or other sensitive matters (like the hiring of an ED who hasn’t given notice to his current employer). Other than that, financials, technology, board and any other discussions that are happening should be done so in a completely transparent nature.

If elected, what would be your first order(s) of business?

The OIDF has some hard questions to answer about itself. In the first 90 days, the board needs to tackle the following:

1. Determine the role of the foundation wrt the technology; is OpenID a building block technology or a full-blown solution?
2. Define the mission/vision for the organization based on (1).
3. Define clear goals and milestones for “success” based on the mission/vision from (2).
4. At this critical time with OpenID, I believe the OIDF should hire an executive director to help drive initiatives that speak to the mission/vision and goals outlined in (3).
5. Engage developer communities building technology and start to get real-world demos of this “open stack” playing together. We can’t learn anything by talking about it; we need to lead with code. I would see this manifest itself as some sort of developer gathering a la the UX Summit at Yahoo! earlier this year and would be focused on usability and security.
6. Take action on the results from the CRC committee work; what does the industry need/expect from the OIDF? Let’s get a plan of attack together and execute on it.

After the first 90 days the board should come back and evaluate how they have done, determine what needs to be changed and then iterate again.

In Closing

I’d love to continue to serve on the OIDF board of directors and hope you’ll vote for me. Thank you.