The Hitchens Consortium Many Thoughts. One Brain. Zero Sense.

When I launched the site, I turned on Drupal's support for OpenID, which means that you can use your OpenID to log in to HitCon. That's fun, since I truly think that distributed identity providers are the way of the future.

Here's a little background. You know how whenever you go to a new website or forum, you usually have to create an account for yourself? Each time you do that you're effectively creating and identity for yourself on that site. Your password is stored on yet another system, and you're not sure what their security is like. You may choose to use some throw-away password, or you may have some elaborate scheme to come up with a unique one. Either way, you may forget it or, worse yet, someone may compromise it, maybe even due to the incompetence or negligence of the site you registered on. Wouldn't it be nice if you could take the responsibility to manage your own identity, and have all the sites you visit use the same one? If you answered "Yes," or "Shut up and dance," then OpenID may be right for you. Talk to your doctor.

Drupal's support for OpenID is part of the core, which means all I had to do was activate an optional module. That's pretty damn convenient, and certainly the kind of simplicity I've come to expect from Drupal.

As it turns out, I already have several OpenID identities. To name a few, Yahoo!, AOL, and LiveJournal all publish your user as an OpenID. That's an important piece of the puzzle when it comes to speeding along adoption. If you already trust one of these providers with your login to their site, then maybe you're willing to trust them with your login identity when it comes to other sites as well.

There is, however, a distinct lack of sites that support OpenID authentication in place of a normal username and password scheme. This is the other really big piece of the puzzle, and it seems like adoption of OpenID as a primary authentication scheme is taking longer to catch on. After all, becoming an identity provider is easy. Changing the way your site works to accomodate users coming in with an alternate authentication scheme? That's a little trickier.

Now before I'd mentioned that some of my OpenID identities already exist and are provided by several locations. That's great, but I'm a pretty tech savvy guy, and I think I should be able to provide my own OpenID identity. That's fine in this scheme, and it's actually recommended. Owning your own identity makes OpenID even better suited to provide liberation from trusting a company or organization with your password. Since I own the domain hitchens.net, I made an identity for myself tonight: matt.hitchens.net. I can take that URL and go to any OpenID enabled site, enter it, and my OpenID provider (which I manage) takes care of the rest. The provider I use is a PHP program called phpMyID. It was pretty easy to install, and I had it up and going in about 20 minutes. I can now log into my own site with my own identity provider (even though I really do trust my own website, I figured eating my own dog food was probably a good idea).

OpenID is one of those technologies that I simply recognize as necessary. With time, it will become more clear why something like this is needed, but for now I don't really expect it to be widespread.