bradweikel.com

I'm enjoying the session on OpenID (which, I just realized, was yet another concept to come from the mind of Brad Fitzpatrick, the "Brad" who caused me to be known as "the other Brad" as an undergraduate).

I get really excited thinking about OpenID, because it has such profound potential to shift the privacy model on the internet. At the same time, I temper my excitement because many of the people most vulnerable to basic privacy problems are the least likely to choose to get an OpenID. That is, the barriers to entry (technical and intellectual knowledge) are a huge obstacle to its adoption.

That being said, as OpenID standards mature, I think it's really exciting to look towards a future where this scenario is possible: I buy a book from Amazon using my OpenID. Amazon asks UPS how much to charge me for shipping, and I login to UPS with the same OpenID. Amazon doesn't learn my address, and neither my OpenID provider nor UPS know what I ordered. Nobody has all of the details of my transaction... they only have EXACTLY the information they need to deliver my book, and nothing more, and I have control of exactly which company gets which piece of information.

This sort of behavior isn't realistic in the immediate term but, again, as OpenID matures, the possibilities are really exciting.

I don't have much to say about OpenID in Drupal, which was the topic of the second half of the session, except to say that I'm really glad its available in D6 and being back-ported to D5. Yay! And the multiple-OpenIDs per user account is cool.