In response to a Kim Cameron item about Blogger’s support for OpenID — and, when the OpenID provider is myopenid.com, for identity selectors — Vittorio Bertocci pointed out something I had not realized:
MyOpenID does exactly what I was asking for: it allows me to create a new openid without having to establish any password. Let me repeat/rephrase it: I can create an account that can be accessed exclusively by using a personal card.
That got my attention. Coincidentally I had just been reading the rough cut of Vittorio’s forthcoming book, Understanding CardSpace, and was at the same time reviewing how OpenID providers like MyOpenID work with OpenID relying parties like ClaimID.com. The ability to create a passwordless, card-only account on MyOpenID is a great step forward, for the reasons Vittorio explains on his blog.
I went over to MyOpenID, created a new, passwordless account, associated that OpenID URL with my ClaimID account, and away I went. Nice!
Now I’m trying to imagine how I would explain all this to a civilian. Honestly, I don’t think I could, yet. It’s a stretch even for me to hold in my head all the moving parts. Which identity selector works with which browser on which platform? What does the card represent? What does the OpenID URL represent?
But we are tantalizingly close to real use cases that will begin to walk people through these scenarios. It’s difficult to describe the abstractions, but as people begin to actually have the experiences, it’ll all start to come clear. Similarly, as people start to have the managed-card experiences that Dick Hardt discusses in our ITConversations podcast, those will start to come clear as well.
To all those attending the Internet Identity Workshop today: Thanks, and keep up the great work!