Open ID

I have been following openID for a while now since I first heard about it on livejournal from brad.

OpenID let you use any authentication provider to prove you are who you say you are. For example if you have a livejournal account you can can leave comments on my blog using your livejournal credentials instead of having to create an account on my blog. You don’t ever give me your username and password, instead my web site would redirect you to livejournal, you enter your username and password then livejournal tells my website if it was successful or not.

Given that anyone can set up a openid server and start using it for spamming comments on blogs I think blog owners will start ranking openID servers on their trust worthiness. This could be very easy to do in the same way Real Time Block Lists (RBLs) work for spam. The end result is that blog owners can look up to see how trustworthy a site is before accepting the credentials. If an openid server is known to be used by spammers then it would get a negative number, otherwise it would have a value between 100 and 0 depending on complaints and compliments.

This opens and interesting idea. What happens if banks started offering an openID services. I know that I would be more likely to trust someone who authenticated using Bank of America compared to openid.somerandomhost.com. To get an openid account on a banking system would would require that the user would have had to open an account with them and jumped through whatever regularity hoops were required to do so.

This sounds very similar to an idea that was floating a few years back where banks would issue each user with a certificate which ther could use to prove their identity.