If you are not familiar with the notion of a digital identity, I would recommend you take a few minutes to listen to the podcast I did with Drummond Reed over on PodLeaders a couple of months back.
Drummond is the founder and CTO of Seattle-based Cordance and in the podcast, Drummond explained very clearly the thinking behind and the importance of digital identities.
The lack of a digital identity infrastruture is something which has always annoyed me. Why do I have to kep track of a different username and password for every site I create an account on? Why can’t I have a single sign-on which I control, which allows me access to every site?
Well, today VeriSign made the first significant step towards that goal with the launch of their Personal Identity Provider (PIP).
With a (free) PIP from VeriSign, you get a personal uri for your identity (mine is TomRaftery.pip.verisignlabs.com). You submit this address to logon to websites in place of the usual username and password and the sites get only the identity information you chose to share with them from that address. Sweet.
Now all we need is for websites to adopt this standard and I can forget all the usernames and passwords I have to remember currently!
I can see a time in the very near future when I will use the availability of this as the deciding factor in whether or not I use an online application.
As an aside, I wonder how long it will be before there is a WordPress plugin available which will allow bloggers deploy this for commenters on their blogs? Or if WordPress have any plans to build it into the core of the next WordPress release? Matt?
This isn’t new. Microsoft did it (in a different way, but not that different) with Passport, Sun tried it with Liberty Alliance, and when was the last time you saw them used outside their own networks (or at all, in Sun’s case)? Centralised signups for stuff like this simply don’t work, because of trust (or lack of it), privacy, and security issues. Typekey is about as far as anyone will ever get with something like this.
On a related note, Verisign just bought GeoTrust, bringing the Certificate Authority business one step closer to a monopoly (they bought Thawte from “space tourist number two” and Ubuntu god Mark Shuttleworth a few years ago). They also own Network Solutions, one of the worst companies in the world, and they “negotiated” (i.e. bought) a perpetual licence to run .com from ICANN. This isn’t a company I like or trust.