This morning at RSA Bill Gates and Craig Mundie announced MSFT support of OpenID2.0. (Johannes has a good summary of the points they made too) I wouldnâ€™t go so far to say that they got Married. But what exactly was announced? I spoke with David Recordon and Mike Jones after the announcement. (this picture is before the announcement).
The OpenID Relying parties will be able to request that the authentication be done in a Phising resistant way. Then the OpenID Provider will have it a way to assert that the authentication of the OpenID (a URL or XRI/I-name) has been done in a Phishing resistant way. CardSpace will be available as a primary way of providing this kind of authentication (for users on Windows machines).
This is a very exciting development as it expands the options available to users. Their are issues with Phishing in OpenID (as outlined here by Kim) and addressing this hole is key to making it a viable protocol that is good for users.
Kim talks about is request to the OpenID community in the blogosphere and in the meeting they had last week at JanRain (Scott blogged about that here).My big ask was to add a way to request credentials based on phishing-resistant authenticationâ€¦..[so that] the system is built to handle the dangers that would come with its own success.
The one question I have about this collaboration announcement why Cordance, NetMesh and other companies who have made major contributions and have critical stakes in the OpenID community were not listed in the announcement. I know it was pulled together very quickly but I think the contributions of those two companies have been extensive and deserved mention (and yes! they do have â€˜codeâ€™).
This is a good question. As I pointed out yesterday, NetMesh was one of the orginators of OpenID. Drummon Reed and Cordance have been big proponents too, and brought their i-names and XRI technology to the party. Brad proposed the initial concept. There are lots of creative people and companies who are playing their part in all of this, and I consider most of them to friends.
So since, as Gabe says, everything about this announcement – and identity work in general – should be perfectly transparent, let me share what I was thinking while working on this.
I've been involved in big announcements a number of times, and they take months to pull off. Every PR department from every company has to get involved. Each has a constituency and message that it wants to be clear. Every time a change is made it has to go everyone else for approval, often provoking a further change, and so it just takes time. You plan well ahead for these things, and commit near full-time resources.
We didn't have that luxury. Nor was this meant to be PR as such. It was a matter of the industry shaping itself through collaboration, and doing it in the blogosphere – the only place where these magical things can happen. The fact that Bill and Craig thought all of this was important and exciting gave us all a sudden opportunity for time travel.
If I wanted this to happen in a short time, I needed to work with representatives, not the whole community, and even then, have a great deal of luck. But to do this without offending everyone involved, I felt we needed an objective criterion for deciding who to approach to represent the OpenID community.
It seemed to me that the best representatives were the editors of the OpenID 2.0 specification. After all, they are at the center of landing this baby. And the editors are David Recordon at VeriSign, Johnny Bufu at SXIP, and Josh Hoyt at JanRain. Thus the choice of companies. I felt they would understand the technical issues and possibilities, and that the support of their companies for collaboration would be the beginning – not the end – of a wider process.
So to be perfectly clear, we would love to see more people and companies getting involved in this collaboration and building the momentum going forward. This isn't the end of the identity journey – just a time-warp in which we all got thrown forward. So let's work on some of the big announcements I referred to above, and most of all, on really great technology.