Ariel Gordon, in charge of everything identity at France Telecom / Orange, tells me that Orange.fr, their portal, is now OpenID-enabled.

This must be one of the largest OpenID Relying Parties so far. Congratulations, Ariel!

... for landing and deploying Bell Canada as a customer for his social networking software.

Instead of just competing with Ning, it looks like he's setting his sights higher on Google, Facebook and the like. Takes guts. Congratulations!

Caught your attention? ;-) I think that's why he chose this title.

I just attentended a talk with that title at IIW by Brad Templeton, who is the chair of the board of the Electronic Frontier Foundation and as such pretty influential. He wasn't actually talking about OpenID itself, but about pretty much all technologies that make it easier for users to share identity information on-line. I think his core points are as follows:

• The easier it is for individuals to share identity information on-line, the more often it will done, and the more often sites will require it. As a result, more personal information will be shared, which is worrisome from a privacy perspective.
• On one hand, user-centric idea is a great idea. On the other hand, it removes the ability of the users to negotiate with a similar clout as the service providers, and as a result we might actually get less privacy than in case of a more centralized system such Microsoft Passport, with could have benefited from the negotiation clout of a Microsoft. (He was clear that he was not advocating that, of course.)

He was clear (after he had stated the title ... ;-)) that he wanted to be a contrarian with this talk, and that he consciously overstated his case. Primarily to make sure that we technologists building these technologies understand the unintended consequences.

I think he's right about both points, but I also think that there are many counter-trends to that. For example, the easier it is to share information on-line, the less need there is for service providers to store the information, which leads to a net increase in data security (e.g. no backup tapes of my address can be stolen if the service provider does not store it because they know that I can very easily provide it again and thus they have the option not to store it.)

Worth blogging and thinking about though ...

Scary, scary. From McAfee's Avert Labs Blog.

Nico Popp at VeriSign has an excellent post titled "The Business of Identity". It might be the best public summary of possible business models that I have seen so far for internet identity, and for OpenID in particular.

He enumerates the following distinct models:

• The IDM Software Business Model: enterprise software
• The Service Aggregator Business Model: increased upsell and cross-sell to their subscribers by telcos, cablecos etc.
• The Security Business Model: the long tail for second-factor vendors etc.
• The Insurance Policy Model: taking liability for the correctness of assertions, in exchange for a fee
• The Lead Generation and Advertising Model: higher price-per click through better information about the consumer

This is just my simplified summary, he has a lot more detail. Note that he does not list "set up a free identity provider and wait for a cash flow miracle" ;-).

For those of us who are trying to pay the bills, we could do worse than pondering this list. I can think of a few other models — and in fact pursuing one of them — but this is an excellent start. I'm also sure this list will grow as OpenID moves from the technology enthusiasts into the world of business.