Own your authentication!

After Passport Windows Live ID and the Liberty Alliance Project now comes Google Account Authentication, which opens up the ability to use anyone’s Google Account to perform authentication to a system.

What surprises me in this whole deal is that it seems we are going backwards, back to a “one authentication to rule them all” idea that Microsoft tried to introduce with Passport (errr) Windows Live ID which, as you know, didn’t go quite where they wanted it to be.

After the whole Web 2.0 buzz and “User Generated Content”, A.K.A the forbidden word, where users are now the masters of their own content, why can’t they be the masters of their own identity/authentication?

OpenID

I’ve lately been tracking the OpenID initiative which tries to create a REAL distributed identity system which actually fits into the Web 2.0 world.
While OpenID’s spec is still a bit rough on the edges (the loop for verifying which authentication servers are authorized, live and not spoofed is not closed) it does seem to provide the right think in the right direction.

The benefits of owning your own identity

Owning your own identity has a number of interesting affects.

The first and foremost is that it is yours and you can store it wherever YOU think is save and good for you. This can be a server you own/rent. This can be a general repository, but one that you want to use and not one being forced down your throat (the centralized authorities that are usually controlled by large software corporations).

The second effect is that your identity is persistent. Since you control where it is stored and how it looks (according to the OpenID specs, of course) it is persistent across services (providing they support OpenID) and across identity providers (remember, you choose where to store your identity).

Hoping for a better authentication future

I would really like to see (perhaps I can even contribute) OpenID’s spec closing the loop on authenticating OpenID servers (or at least preparing a procedure for that) and starting to get adopted more rapidly across sites cause I’m really tired of having multiple identities just because various sites don’t talk to each other.

Even if the big player – Windows Live ID, Liberty Alliance Project and Google Account Authentication would support the OpenID specification, the wold of authentication would get a step closer to actually becoming useful.