There is:

• e-mail (Mail.app)
• VoIP (Skype)
• RSS (NetNewsWire, and Mail.app)
• Twitter (Tweetie)
• sometimes IM (iChat, others)
• sometimes IRC (Colloquy)

That’s in addition to websites that also act as messaging clients, like Facebook,

I’m sorry, how many feeds am I supposed to monitor in how many pieces of software?

What about somebody develop a real nice piece of software that brings all of them (and whatever they invent next week) into a user experience that actually makes sense? An Ãœber-multiprotocol messaging client that does all of this?

I’m beginning to have second thoughts.

Plenty of people (myself included) got involved in internet identity because of its promise to put all of us as  individuals at the center of our interactions on-line. To empower individuals to define and offer and enforce their own terms in their interactions with others. To not merely be somebody’s user or consumer, but to be a first-class citizen of the net. To not be at the mercy of any government or organization.

And from a merry band of similar-minded individuals, the movement was born. The assumptions were:

• Anybody could set up their “digital home” anywhere on the web at any URL of their choosing. The address of that home would be their LID or OpenID URL.
• When visiting somebody else’s site, they would use that URL-to-home to create a relationship from your site to my site, from your on-line home to my on-line home. It wasn’t thought of single-sign-on, but the equivalent of leaving one’s card at someone else’s place with the invitation to visit and establish a relationship. Technologically similar, but very different in intent.
• This relationship between your site and my site would enable two-directional information flow for a variety of interesting purposes that could be switched off by either participant at any time.

While OpenID, the technology, still can support all of this, the thrust of the thinking of many of its larger supporters today goes into a different direction:

• There is a belief that URLs are too complicated to use by the average individual, which has encouraged what’s called the OpenID “NASCAR GUI“. However, because that GUI can only show a few icons, it clearly encourages me to use a big-company-provided identity instead of my own.
• Directed identity and identifier select hides the identity URL and downplays the “let’s create a relationship by exchanging pointers to home” to the extent that few people new to OpenID can even comprehend they are getting mere single-sign-on, not relationships.
• The primary focus of OpenID-based profile exchange is to convey the user’s e-mail address to the visited site (usually a vendor), so that vendors can send e-mail to the user. Note that because it is e-mail, the the user cannot turn it off. It didn’t have to be that way.
• Certification has entered the picture. While many details are still unclear, all certification schemes that I’ve ever heard of require substantial effort and perhaps money to get certified. In all likelihood, that will make it all but impossible or impractical for individuals to play on a level playing field with mere users of large company’s products. This is particularly ironic when applied to the relationship between citizen and government, which suddenly will have to be mediated by substantial commercial entities. Among other things, they get to see which citizen interacts with which part of the government when and how often.

I know the argument that “if the user can see which attributes go over the wire, it’s user-centric.” Well, yes, perhaps, but in my view that’s user-centric in the same way a calorie-free chocolate cake is sweet. I ordered a real chocolate cake, though, please, where did it go?

Don’t get me wrong, there are good things about all of this, the most important of which is that the state of the art has driven substantially more adoption than it likely would have been in the less organized, decentralized, you-be-in-charge-of-your-own-destiny world.

But is the price of more adoption less user-centricity? Or is that just a phase we are going through?

I hope to discuss this and other big questions at the upcoming Internet Identity Workshop. Hope to see you there.

ComputerWeekly reports somewhat breathlessly:

Multiple passwords to access computer networks and services may soon be a thing of the past.

ITU-T X.1250 provides the ability to enhance data exchange and trust in the identities used worldwide by users, network access devices and service providers using a certificate-based public key infrastructure (PKI) system. This is similar to how e-passports are verified.

I figured something was missing in identity land. I’m sure everybody’s immediately going to throw away OpenID, and information cards, and SAML, and what have you, now that the ITU has discovered PKI and solved the problem for us Clearly all of our work was always doomed to failure because we did not make it work the same way that e-passports work. (Or should I put the last “work” in quotes?)