In an excellent sign of what’s surely to come, Technorati has adopted OpenID, at least for the moment, to claim your blog. This is a good first start and public display of support for this grassroots authentication protocol developer by Brad Fitzpatrick of LiveJournal, but until they fully support it to login to your actual Technorati account, this move serves only to whet the appetite.
But Technorati’s support does deserve recognition, as it is still early in the days of distributed single sign-on. Furthermore, the issues around remote login are many and require the involvement of and efforts from a wide range of diverse folks to help push through viable solutions for the myriad interface, user flow and communication challenges that this emerging standard brings with it.
As Ian Kallen of Technorati points out, there are still a number of issues to be resolved, chief among them:
I’m well aware of the concerns about phishy user interface vulnerabilities. The idea of logging in without a password may seem weird.
But that concern in and of itself should not prevent the continued building out of the OpenID network, especially as some smart folks are working on these, and other, thorny issues.
There are two things worth mentioning here as well.
First is that there was an agreement (perhaps a gentleperson’s agreement only) that stated that once Technorati added support for OpenID, LiveJournal would add support for microformats. Whether blog claiming constitutes “support for OpenID” as was intended by the offer is unclear, but it would be a rather positive development if LiveJournal did add support for hcard, XFN and other microformats.
Second, and more importantly, this example demonstrates the potential (I hate to say it) “longtail” value of support a decentralized authentication protocol like OpenID.
Consider this: let’s say that you blog on Blogger or on Yahoo! 360 or on MSN Spaces… as you probably know, each of the majors has their own authentication protocol (Google’s GAuth, Yahoo!’s BBAuth and Microsoft’s CardSpace, respectively). No doubt Technorati could add support claiming your blog using those protocols, no problem. But let’s say that you don’t want to play in one of those three de facto identity silos… what if you’re building your own independent blogging platform and want to offer authentication not provided by one of the Big Three? What are your options? What if you also want to use that same protocol to allow your users to have one login account across your other products?
Well, OpenID is designed to serve that purpose. In fact, you can run your own identity provider without needing to come close to the big three… and yet if did want to support them, work is being done (more thorny work I might add) to unify all your accounts into one OpenID that supports the big three. It’s highly unlikely, meanwhile, for the big three to do the same on their systems (for various appropriate reasons).
But here’s the thing: OpenID provides independents — individuals and small businesses — a way to play in the big leagues like the big guys without having to build the same kind of massive account infrastructure that they have. Furthermore, owing to the network effects of this standard, the more folks who consume and port around OpenIDs, the more valuable the network.
This is why we promote OpenID to all of our clients — as each one adds support for OpenID, all of our client’s clients (our real customers) can then log in and share their accounts across the services that our clients are building. This is a fundamental key to the non-zero sum economics that we preach! People like flexibility, they like control over their data and they like to be in charge of their identity and its destiny. That’s just good business. And the more that we decentralize identity and authentication services, the closer that control moves to the individual.
In the meantime, there is still much work to be done. But these small steps make a world of difference in terms of underscoring the value of this work.
Factory Joe 
Roger, reading you loud and clear.
Your stuff on CardSpace being Silo protocol is just pure wrong. I don’t mean one opinion versus another. I mean wrong.
Let’s talk about this in person to talk about this. Or are you just a propagandist?
Hey Kim,
I dropped you an email yesterday — did you not receive it? I asked for more information on CardSpace — and for the record, I’m not intending to make it out to be anything that it’s not… nor a silo in the same way that I see Google’s authentication + GData protocols creating a de facto silo — one where, even if you can move your data out of their system, the reality of doing so, or of hybridizing their services with their competitors’, proves too difficult for mere mortals.
Anyway, I’m eager to engage on the topic and to have my misconceptions clarified. Passport is a hefty legacy to overcome — and if you’re genuinely making progress on that front, I’d love to support it.