DISQUS

While it is very true that security of your OpenID is really important, most people have this same problem already today with their email account. If your email account was hacked, it would be easy to go to many different sites, submit their forgotten password forms and then gain access to your various accounts by reseting your password via your email address. Most email providers only let you login using a password while OpenID Providers can implement whatever form of authentication they desire.

Twitter needs to let third-party applications authenticate you without asking for your password. OAuth solves this problem and it would be great to see Twitter add support for OAuth to their API!

I can see why at a high-level you might think Facebook Connect could be an alternative to OpenID, but fundamentally from a technology perspective Connect is centralized and controlled by Facebook. Just as no one would let Microsoft control the identity protocols on the internet with Passport, Facebook won't be able to do it with Connect.

Whether OpenID in the form that you see it today becomes the same thing that people see a few years from now in terms of online identity or not, is a bit beyond the point. As Avdi said, there is true value to him as a user of not having to create yet another account or being able to now have a sense of reputation that you can carry with you. If it doesn't happen to be OpenID, but just the notion of identity that people own, control, and can take with them on a global scale develops because of OpenID then isn't that success too?

While I certainly respect Stefan Brands, I don't agree with many of the points he made as I later blogged. http://daveman692.livejournal.com/310578.html

I guess it would be somewhat ironic if your blogging about not being mentioned on the blogging page caused mentioning your involvement in blogging.

Gregory, as I said over on TechCrunch I’m a bit confused by the tie to RealID…is it just the name?

OpenID, like email, can be run by anyone though, also like email, it probably will be provided to most people by large companies and service providers. Isn’t the anonymity problem equivalent to using the same email address (or IP address) on different services?

Stan, thanks for covering this and there is now a post on OpenID.net about it. http://openid.net/2008/02/07/evolving-the-openi...

One thing I wanted to point out is that you don't need to become a member of the OpenID Foundation to continue participating as a part of the community. We explicitly designed the Foundation and its membership to work in such a way that people can continue developing specifications, code, etc without having there be a monetary hurdle.