Sounds like Blogger (owned by Google) beat other big internet gorillas to the punch. One can now use OpenIDs to authenticate for comments in blogger.

The announcement is here.

This is another major OpenID announcement, because so far, the position of Google on OpenID was rather unclear. I can't really think of any substantial internet company any more that might be actively opposed!

Eric Norman took my recent post Who Are All These Identity Working Groups and What Are They Doing? and updated the Identity Landscape page on the Identity Commons wiki.

Thanks, Eric!

Peter Campbell not only asks, "What does OpenID mean to Non-Profits?", as he says, but really "Is OpenID a net-positive or net-negative for my business?" His thoughts are equally applicable to for-profits and deserve to be treated seriously:

Well, unless I'm missing something, [OpenID is] possibly a threat, and it will probably put orgs in a bit of a catch 22. Like most companies, you want to capture contact data from your web visitors. It's key to your CRM strategies. Supporting OpenID removes the most compelling reason for them to give you that info - access to your interactive web services that require authentication. You're going to have to beef up the begs and rewards for sharing more data if you support it. But, if you don't support it, and it becomes a widely-spread standard, you're going to look unethical.

In nutshell, he says that by allowing site visitors to bring their OpenID, instead of having to sign up for a new account, the site gets less data about them; and many sites' success depends on having that data. If that was indeed the case, then I would agree, OpenID would represent a disadvantage to those sites (possibly, but not necessarily always balanced by the increased user convenience, improved security through fewer passwords etc.).

But that's not necessarily the case:

• A site might collect a lot of information from its users when requiring them to fill out a bunch of forms before they can get an account. But very often, the information that visitors provide is intentionally wrong. (I'm sure we all have done that between 0 and 100% of the time). So collecting that information may not be all that it is cracked up to be, unless the business can validate it as a matter of course, which most sites can't. There is clearly a trade off between quantity and correctness of provided information.
• Because users can provide their OpenID that they also have provided to other sites, the site can actually learn more about the user — which other websites they frequent, for example. (Of course whether or not that correlation is possible is up to the user by deciding which OpenID to give to a site). Personally, if I have a choice between knowing a URL pointing to your blog, and having the information you typed into a web form that I put up, I take the blog any time. (That might even be true if the form's data was all correct!) That is not data that your typical CRM system knows how to manage, but as we all know in the blogosphere, extremely valuable to gain some view on the user's social network and reputation and interests.
• Because user-centric identity puts the user in control, the user can feel more confident in the relationship with the site. Admittedly, we are still missing some broadly deployed technology for this (like enforceable link contracts). But the promise is clear: if I, as the user, can decide when to share what information with a site and when to revoke it, I am far less reluctant to share correct information in the first place. That's probably true for most of us. (Assuming we can trust that the site indeed honors the contract.)
• Most importantly, making single-sign-on easier allows the site to have some (although a weak) relationship with their visitor much earlier, before the visitor decides to invest the time, and trust, to share more (true) information about them with the site. That effectively adds another customer/visitor segment to the existing visitor segments: instead of just registered and anonymous, we now get registered-with-shared-information, known by their OpenID, and anonymous. The relationship between site and user in the OpenID category may be less strong and durable than others, but it's valuable in its own right, in particular when combined with the other points.

OpenID clearly requires some rethinking on what constitutes Customer Relationship Management by companies, non-profit or for-profit. Which is why it creates both challenge and opportunity. But I want to be very clear that on balance, OpenID is a net win-win for both user and site; or at least those sites that take advantage of it properly.

Great technology is being developed in identity land. However, the conversation has been largely limited to hard-core techies. That's what I'd like to change ...

So, calling all marketers and business-minded folks, for two hours (or so) of discussion the week after next,

Topic: "The Business of Identity"
Wednesday, May 16th, 10:00 am
Mountain View, CA
at the Computer History Museum
during the Internet Identity Workshop (IIW)

to talk about subjects such as:

• what are the business benefits for enterprises adopting user-centric identity using technologies such as OpenID and CardSpace? Are there any pitfalls?
• are there any differences for on-line businesses vs. other organizations?
• what are the benefits for identity interoperability across vendor boundaries? Which customers/users will first experience those, and which won't?
• what are the adoption patterns for user-centric identity, and what we can do to remove obstacles?
• what does the "identity" whole product look like?

It will be an open discussion in line with the "open space" principles of the extremely successful IIW event, now taking place for the 4th time. I don't intend to bring slides or let anybody formally present anything ;-) Instead, it would be my hope that an event like this one can help us move this market forward, just like similar sessions across vendor and competitive boundaries have brought the technology forward substantially since the first IIW in 2005. Why can't we do this for the business end? And it won't hurt any of us if we could grow the market as a whole by doing this...

P.S. If you are a technologist and read this, please forward to your product or marketing folks. Tell them they are free to contact me with questions any time.

Got to quote this in its entirety:

Marc Cantor sets out his "ID Hub" story in further detail today. But he completely misses the point of the third wave of identity products. Cantor says he wants to "enable folks to easily move their personal data in and OUT of the system."

In other words, he wants to make it easier for you to copy all of your data from one silo to another!

But the promise of the third wave of identity is that silos are no longer necessary - silos can be removed - because identity data is available to be used whenever and wherever it's needed - the data should be pervasive and ubiquitous as well as federated and distributed.

The silos don't need my data when I'm not there, so there's no need for them to keep copies of it. It's actually better that they don't keep a copy since getting the data at the moment it's needed guarantees it's accuracy.

The bottom line is very simple: silos are bad. Making it easier to populate silos is aiding and abetting bad behavior. In criminal law, those who aid and abet a wrongdoer are also guilty. It should be the same in the identity market.

Ah, Dave, you just expressed something very concisely that I hadn't been able to articulate before but that had been bothering me. Thank you!

It's the equivalent between having RTF, so I can import a Word file into WordPerfect. That's good -- but a far cry from being able to use the Web, where all data is "just there" and no moving is required by the user. By analogy, imagine the Web built on an RTF process ... it would be much better than microfilm, but a pale shadow of what the web is.

Otto, a major retailer in Germany has put on-line the first real CardSpace application in the wild.

Check it out at otto.de/vista.

They are portraying it as a "Microsoft Vista" application, so I wonder whether it will also work with non-Microsoft implementations of the same technology.