Network World’s Identity Management Newsletter, 01/17/07
OpenID predictions; plus other bumps in the identity road
By Dave Kearns
Last issue I predicted a bit of a slowdown, some bumps in the road perhaps even some fracturing of the OpenID community in the coming year. Scott Kveton disagrees. Well, he would as he’s CEO of JanRain, which describes itself thus: “JanRain is delivering Internet-scale user-centric identity solutions employing the OpenID protocol.”
Scott put forward six predictions for the new, user-centric, authentication model:
“1. OpenID 2.0: First and foremost, OpenID 2.0 will get out the door. Not only will the spec be completed, but we’ll get the libraries out the door as well. I know I’ve been saying this for six months but I feel pretty confidant of it now.
2. 100 million users with OpenIDs: By the end of 2007 there will be 100 million OpenID enabled users out there. We’re at 16 million right now. Only 84 million more to go!
3. 7500 OpenID Enabled Sites: By the end of 2007 there will be 7,500 OpenID enabled sites. As of today, we’ve seen over 750 OpenID relying parties. We’re seeing 10-15 new relying parties a day. I think we’ll hit 7,500 by years end.
4. Big player adopts OpenID: One of the big players will adopt OpenID. That could be Google, Yahoo, Apple, AOL, Digg (yes, they are big like it or not), etc. I don’t have one single data point on this; its more of a gut feeling. When one goes, I think more will follow there after.
5. OpenID Community formalizes: The OpenID community will formalize itself in some sort of trade organization or nonprofit foundation. This will be a place for things like IP [intellectual property] (domain names, etc) and trademarks to land.
6. OpenID Services: We’ll see some very exciting services emerge that take advantage of OpenIDs. It’s more than just that one username and password. It’s being able to take advantage of the fact that you are the same person from site to site. This has some amazing possibilities in the realms of reputation and communication that are the most obvious. The best part about this one is that the really, really killer service hasn’t even been thought of.”
Well, you can’t say he’s not enthusiastic! I can say, though, that I think he’s overly optimistic. Just recently, for example, concerns about the security of OpenID have arisen. Even Microsoft’s Kim Cameron, the “godfather” of user-centric identity, has raised this issue. In a blog posting last week (“As simple as possible – but no simpler”) Kim worries about the possibilities of OpenID users being subjected to phishing attacks through the use of man-in-the-middle
exploits. Kim’s premise is that you need client-side services to protect against these attacks and one of the tenets of OpenID is that there should be nothing installed as client-side. It is a major sticking point to wider acceptance of OpenID to do more than simply enable comments on blogs and it’s an issue that won’t go away soon.