I’m at the Carson Future of Web Apps conference in London, where Kevin Rose is talking about Digg. My favourite comment:
You have to take it for what it is, it’s not a perfect system
Rose threw out a few comments about how he sees Digg evolving. One which interested me: it will support OpenID, which describes itself as:
an open, decentralized, free framework for user-centric digital identity.
I’m not sure that OpenID is going to solve many problems in itself – it is not necessarily a stronger form of authentication – but here as least is some progress in improving identity management.
AOL is also supporting OpenID, making all its accounts automatically OpenID accounts. I observed out to Edwin Aoki, an AOL Chief Architect who is also here, that using a single identity for multiple sites could make the problem worse, since when it gets compromised multiple sites are then at risk. He said that happens anyway, because users already use the same email address and password on multiple sites. A fair point.
I’m actually hoping to see Microsoft’s CardSpace getting wide adoption in tandem with OpenID, as it appears to be more resistant to phishing attacks.
Still, the story here is that OpenID is gaining momentum.
openid is a security disaster just waiting to happen.