Very interesting article by Stephen Downes titled Authentication and Identification. He argues quite persuasively that authentication systems are fundamentally doomed as they can do no more than self-identification systems can. It will take me some time to think this one through, and whether I really believe all of his points, but it's very thoughtful and should be read by anybody interested in identity and related issues. (Assuming his argument indeed works out, I'd also expect a whole range of people with commercial interests in the matter to shout bloody murder, for obvious reasons)

In the second part of his article series, he then goes on to propose a system he calls mIDm, that looks a lot like LID to me (he was one of the first people to install LID, after all), but which eliminates the step of having to type in the LID URL the first time ones visits a protected site, by using a browser plugin. Good idea, but I'm not sure it flies because it does not allow a user to use different identifiers as easily as we do in LID, and thus creates the potential for global identity correlation; not something most people are comfortable with.

If we indeed have to mess with the browser/client and change it or add to it through plug-ins, methinks we might as well use the card analogy that Microsoft InfoCard uses, which I think is a brilliant idea (Kim Cameron says it was his: kudos to him!). And if so, why not add another, optional, authentication (oops, I mean identification) parameter to HTTP, which is where this kind of thing should be in the first place? I don't know SSL/TLS very well, but maybe there's a mechanism to use a public key on the client end that could be the same as the LID public key?