Sam Ruby comments on OpenID:

  1. "If you have a webserver, can add something like the following to your template, and either can run a CGI script or know somebody who can run one for you, then you are in."
  2. "This design is also explicitly not trying to compete with the "big boys". In particular, it has no notion of trust."

I fail to see how those are good things, since:

  1. Not everyone has a webserver (for the most part only geeks are associated with URLs).
  2. An identity system without a trust model strikes me as close to useless.

The two points are not unconnected. If we're limiting the system to geeks and not trying to take on the big boys by appealing to Aunt Tillie, then we already have something of an implicit trust model, just as the Internet did before it was opened to commercial use -- it was rather difficult to get on the 'net in those days, so we could assume that most people using it were clueful and to be trusted (at least somewhat). Personally I think there are better approaches to identity on the Internet, but they haven't been released yet. ;-)

Peter Saint-Andre > Journal