Peter Campbell not only asks, "What does OpenID mean to Non-Profits?", as he says, but really "Is OpenID a net-positive or net-negative for my business?" His thoughts are equally applicable to for-profits and deserve to be treated seriously:

Well, unless I’m missing something, [OpenID is] possibly a threat, and it will probably put orgs in a bit of a catch 22. Like most companies, you want to capture contact data from your web visitors. It’s key to your CRM strategies. Supporting OpenID removes the most compelling reason for them to give you that info - access to your interactive web services that require authentication. You’re going to have to beef up the begs and rewards for sharing more data if you support it. But, if you don’t support it, and it becomes a widely-spread standard, you’re going to look unethical.

In nutshell, he says that by allowing site visitors to bring their OpenID, instead of having to sign up for a new account, the site gets less data about them; and many sites’ success depends on having that data. If that was indeed the case, then I would agree, OpenID would represent a disadvantage to those sites (possibly, but not necessarily always balanced by the increased user convenience, improved security through fewer passwords etc.).

But that’s not necessarily the case:

• A site might collect a lot of information from its users when requiring them to fill out a bunch of forms before they can get an account. But very often, the information that visitors provide is intentionally wrong. (I’m sure we all have done that between 0 and 100% of the time). So collecting that information may not be all that it is cracked up to be, unless the business can validate it as a matter of course, which most sites can’t. There is clearly a trade off between quantity and correctness of provided information.
• Because users can provide their OpenID that they also have provided to other sites, the site can actually learn more about the user — which other websites they frequent, for example. (Of course whether or not that correlation is possible is up to the user by deciding which OpenID to give to a site). Personally, if I have a choice between knowing a URL pointing to your blog, and having the information you typed into a web form that I put up, I take the blog any time. (That might even be true if the form’s data was all correct!) That is not data that your typical CRM system knows how to manage, but as we all know in the blogosphere, extremely valuable to gain some view on the user’s social network and reputation and interests.
• Because user-centric identity puts the user in control, the user can feel more confident in the relationship with the site. Admittedly, we are still missing some broadly deployed technology for this (like enforceable link contracts). But the promise is clear: if I, as the user, can decide when to share what information with a site and when to revoke it, I am far less reluctant to share correct information in the first place. That’s probably true for most of us. (Assuming we can trust that the site indeed honors the contract.)
• Most importantly, making single-sign-on easier allows the site to have some (although a weak) relationship with their visitor much earlier, before the visitor decides to invest the time, and trust, to share more (true) information about them with the site. That effectively adds another customer/visitor segment to the existing visitor segments: instead of just registered and anonymous, we now get registered-with-shared-information, known by their OpenID, and anonymous. The relationship between site and user in the OpenID category may be less strong and durable than others, but it’s valuable in its own right, in particular when combined with the other points.

OpenID clearly requires some rethinking on what constitutes Customer Relationship Management by companies, non-profit or for-profit. Which is why it creates both challenge and opportunity. But I want to be very clear that on balance, OpenID is a net win-win for both user and site; or at least those sites that take advantage of it properly.

Mark the date if you are interested in healthcare and technology. Indefatigable Matthew Holt (who writes the Health Care Blog) and Indu Subaiya (with Etude Scientific) are putting together a one-day conference titled:

Health 2.0 Conference
User-Generated Healthcare

Online communities, blogs, wikis, podcasts, user-generated video, specialized search and web-based consumer tools are changing healthcare as we know it. Will HEALTH 2.0 grow into an independent industry sector, be subsumed into the current healthcare system, or create a new hybrid landscape? Be part of the conversation!

It will take place on September 20, 2007 in San Francisco, with a high-powered cast of speakers, including representatives from Microsoft, Google, Cisco, WebMD, Healthline and others.

This is the conference that grew out of the Health Camp last December. I’m looking forward to it.

Disclosure: I’m on the advisory board.

I’m sitting in a talk by John Panzer and Praveen Alavilli of AOL at the Web 2.0 Expo. The talk is about "Mashing up with User-centric Identity". They just coined a new term for something important: "Deputization".

They describe it as the ability of the user to deputize a piece of software to act on the user’s behalf on some subjects, bot not others. Example: A mashup that mashes up certain access-controlled data without the user having to be present.

This is obviously very clearly needed for OpenID, and I think it’s a good term. Opinions anybody else?

Government Health IT quotes me in an article on "Health care 2.0", on the shift of power from the vendor to the user, or in the healthcare environment to the patient and their families.

This is of course an example of a broader trend from the Henry Ford mass-production model "You can have any color car as long as it is black" to the new individual-centric model where the individual is the center, and the vendor services that individual. Which of course is the way we all, as individuals, would like to be served. And the way we’d vastly prefer to part with our dollars.

Whoever truly makes this work first in their respective industries, healthcare or otherwise, is going to have a stampede of customers breaking down their front door. And while I’m generally more of an individualist, count me in that stampede… It’s great to see that even a publication targeting health IT in government is writing about it!

Just saw that Andre Durand blogged this a couple of weeks ago:

Perhaps one of the most powerful concepts of OpenID is the fact that it gives the user a visible ‘handle’ (identifier) that is used and handed out at relying party websites.

It could, quite possibly, end up becoming one of the most important concepts OpenID and LID introduced.

You know how sometimes it’s the little things that get dismissed, overlooked or discounted, when in fact they end up being really important? The visible identifier, in this case, is that little thing.

Little nitpick in the interest of historical accuracy (and self-interest…): “that LID introduced” (OpenID 0.x/1.x came so many months later)

But of course I fully agree that having URLs as portable identifiers for people was and is a really good idea, although in hindsight, a very very obvious one. Adding meta-data discovery to it then made it viable as a foundation for building greater things on top. Which is why the thriving OpenID community became possible.