myVidoop.com will be down for a few minutes as we update our servers
UPDATED 6:24PM
All done. Thanks for waiting.
myVidoop.com will be down for a few minutes as we update our servers
UPDATED 6:24PM
All done. Thanks for waiting.
The folks over at JanRain have launched demand.openid.net. This is a great little tool that will help users tell the sites they like how much they really want OpenID. It comes complete with a handy-dandy bookmarklet you install in your browser to quickly tell the world about the sites you want OpenID enabled. Great work JanRain folks!
Already have some coverage on it already:
Neither =nat nor http://xri.net/=nat seem to work.
I guess it is using Drupal.
Perhaps I should look at the Drupal library… when I have time 
So it’s not exactly news at this point, but it is indeed true that as of today I am now employed by Vidoop. This has been a few months in the making, so I figured I’d explain a little of why and how we got to this point.
I’ve been working in the Identity Management space for a few years now. I started getting involved with the Shibboleth project while at the University of Memphis. After a year and a half, I moved to California and took a job at USC working in their middleware group. I’ve spent the last two years there helping to develop and manage various parts of the Identity Management cloud including the LDAP directories, meta-directory processes, and their Shibboleth environment. In October 2006 I formally joined the core Shibboleth development team, focusing on the Shibboleth 2.0 Identity Provider.
Meanwhile, I have also been toying with OpenID for a couple of years. In early 2007 or so, I sort of took over development of Alan Castonguay’s OpenID plugin for WordPress. I started with a couple of new features, then worked to add support for the latest OpenID protocol, lots of code refactoring, etc. I got to know characters like Chris Messina, Scott Kveton, and a host of others. I continued making updates to the WordPress plugin as I had time, but it never felt like enough. Don’t get me wrong, I certainly enjoyed the work I was doing at USC and with Shibboleth… I just would have liked to have had more time for everything else as well. Every now and then Chris or Scott would prod me about going to work at Google or somewhere to spend more time on OpenID and related technologies, but I wasn’t ready to leave my work at USC.
Late last year, Chris Messina and Steve Ivy announced the DiSo Project, initially based on my updated wp-openid plugin. Within the first week after it was announced, I sat down with Chris and Steve and we decided it would be best to officially move the wp-openid plugin under the DiSo umbrella to allow for tighter integration with the other planned work. Then a lot happened this last February in the social networking space — Google announced the Social Graph API and SGFoo really got people talking more about enriching the OpenID endpoint (among other things). Things were beginning to move pretty fast, and I felt like if I didn’t jump in now then I’d end up watching all the great new developments from the sidelines. I spent the next few months interviewing with a number of companies active in this space and made a couple of trips to San Francisco to talk with them in person.
In the end, a dinner conversation with Luke Sontag had me sold. I was quite familiar with Vidoop and their OpenID provider, knew they had a great development team, but had always been a little skeptical of the company. After Luke gave me a better picture of their overall vision and where technologies like DiSo fit into that picture, I knew that these guys really “get it”. They understand the importance of what DiSo is trying to do, and more importantly they are willing to do their part in making it a reality. I love Vidoop’s OpenID implementation and have been using it since before I took this job, but that’s not why I did. I took the job because the team at Vidoop know their shit, they know the kinds of problems we’re up against, and they are ready to take a shot at developing some real solutions. Well that and I really can’t wait to get started working with Chris a lot more. :)
Vidoop’s News Clipping Service…
· Finjan, a San Jose-based maker of Web security software appliances, released a report saying researchers found a single server that had a pile of business and personal information stolen from 40 companies around the world.
· This type of information has become more valuable for criminal hackers.
· Finjan reported data breaches at both the FBI and Department of Health and Human Services.
· The server Finjan researchers found was in Malaysia.
View all my bookmarks on Ma.gnolia
Yes indeed… Alex Polvi submitted an excellent video about how he identifies himself and won $1,000 that he is donating to the free open-source video platform, Miro. Vidoop will match this, bringing the total donation to Miro up to $2,000.
“Alex Polvi, friend of Miro and a community marketer for Mozilla, has won a Vidoop contest called ‘How do you identify?’ with a very cute video (see below). Vidoop is a company that takes a cool approach to internet logins, with an OpenID service that gives you one universal login and an option for image grid based identification (take a look). Alex is donating his $1000 prize to Miro and Vidoop is matching that. Thanks so much guys!”
Stay tuned to the Vidoop contest page for information on upcoming contests where you can win cash from your favorite security and identity company… Vidoop!
Below is a partial list of videos that were submitted… check em’ out!
There's lots of talk right now about aggregating action streams to provide a single stream of "what are my friends doing?". You can see this on Facebook's news feed and on Plaxo Pulse. The current state of the art on this is simply aggregating the content in a bunch of public RSS or Atom feeds, but there's clear interest in being able to aggregate non-public content: if the owner allows me to see it on the originating site, why can't I see it in my friend stream?
A solution that's been banded around for this is to use OAuth to fetch the RSS or Atom feeds, thus allowing the content owner to give the aggregating site (e.g. Plaxo Pulse) the ability to see the non-public items. The problem with this approach is that we're asking the wrong user; I want to view an aggregated version of all of the things that my friends would like me to be able to see on the web, but for this purpose a web-based aggregator like Plaxo Pulse doesn't work because while I have permission to view my friend's private blog on Vox, Plaxo does not. My friend is not a Plaxo user, nor does she have any business or trust relationship with Plaxo, and nor should she have to.
My gut feeling on this is that aggregators must therefore be implemented at least partially client-side, in a client that I control on a computer that I control. This simplifies things considerably: now I can authenticate to my friend's RSS and Atom feeds directly. You can imagine middle-road alternatives where the web-based aggregator just recieves encrypted, opaque blobs that can be decrypted client-side using a keypair that was set up separately, but I think that's still more than we can expect from today's browsers, and would be difficult to explain to users.
I think the most important thing to remember is that "just use OAuth" is not the answer to this problem. We've still got plenty of work to do.
Had a discussion about Reputation and Trust at IIW2008a.
Started to think that “Reputation” is a word that is too broad for most people. Probably better to concentrate on the more concrete cases.
The cases I am interested are specifically:
1) Probability of the PAPE assertion being true.
2) Probability of the adhearance of the RP to the usage proposal of the personal data that I provide.
In the above cases, I started to feel that just stating
a) Criteria, i.e., 1) or 2) above
b) Subjective Probability: 0 to 100 numeric percentatge.
c) Variance/Confidence range
together with other things like signature etc. for the security reasons are enough.
This morning at IIW Dick Hardt presented his vision for solving the issue whereby a user is dependent on his OpenID provider being up and non-evil. He's posted a demo.
The basic principle is that a user is identified by a triple of (url1, url2, keypair) rather than by a single URL, and can update any one of these three tokens when authenticating to pivot to a different identifier and thus provider. The two URLs and the keypair are linked together via hidden metadata at the URLs allowing the RP to verify that they are valid. Revoking one of the URLs and replacing it with another just requires updating that hidden metadata to create the new two-way linkage. You can also change the keypair as long as you update the linkage at the two URLs. Another change is that the request can now go directly from the browser to the OP rather than via a redirect at the RP, thus improving performance and making it easier to develop client-side "providers" in the form of browser plugins.
This seems like a promising approach, but it's quite a radical change from the way that OpenID currently operates. I think we'd need a good migration story so as not to leave all of the existing adopters out to dry. I suspect that if we did go this route we'll ultimately need to find a compromise between the two approaches. It could also be argued that we should wait and let OpenID 2 finish bedding in before making yet another complete rewrite; while OpenID 2 does have its problems, I believe that we should try to extend it as far as possible without replacing OpenID 2 already, especially after how long OpenID 2 itself took to finalize.
I’ll be traveling to India later this week (reason why I’m missing out on IIW). It’s been a while. Our last trip was in 2003. And I’m told that a lot has changed since then.
I’m a bit leery of how the kids will handle the 15 hour flight, but I’m looking forward to spending some time with family and old friends.
It is official, long time OSS advocates and developers Chris Messina and Will Norris will be joining a Vidoop team that has been tasked with building a truly open distributed social networking infrastructure. They will continue to lead efforts with the DiSo Project (http://diso-project.org). DiSo - distributed social networking applications, is an umbrella development for a group of open source components such as OpenID and XMPP that will lead to the development of user-controlled distributed social networking concepts, portable social networks and user data portability.
“The open protocols that make up DiSo, such as OpenID, are quickly gaining traction across the internet,” said Scott Kveton, Vidoop’s VP of Open Platforms. “Vidoop will be using these protocols to integrate DiSo functionality into its OpenID provider, myVidoop.com, and will continue to secure these IDs through its unique image based technology.“
You may know Chris Messina from such community efforts as “Spread Firefox”, “BarCamp”, he also helped to push open web standard initiatives such as “OpenID”, “OAuth” and “Microformats”. Will Norris has been active in the realm of identity management working actively with “Shibboleth”, “OpenID”, and “MicroID”. Norris is also the author of WP-OpenID, the technology that provides OpenID support for Wordpress.
Everyone at Vidoop is very excited to have these two on board and look forward to the vision that they will bring to the team. “Messina and Norris are considered thought leaders in their field,” says Joel Norvell, President and CEO of Vidoop. “They will help deliver and promote the next generation of social networking tools based on open protocols. These tools add great functionality for the user and reinforce Vidoop’s role in the secure OpenID space.”
Caught your attention? ;-) I think that's why he chose this title.
I just attentended a talk with that title at IIW by Brad Templeton, who is the chair of the board of the Electronic Frontier Foundation and as such pretty influential. He wasn't actually talking about OpenID itself, but about pretty much all technologies that make it easier for users to share identity information on-line. I think his core points are as follows:
He was clear (after he had stated the title ... ;-)) that he wanted to be a contrarian with this talk, and that he consciously overstated his case. Primarily to make sure that we technologists building these technologies understand the unintended consequences.
I think he's right about both points, but I also think that there are many counter-trends to that. For example, the easier it is to share information on-line, the less need there is for service providers to store the information, which leads to a net increase in data security (e.g. no backup tapes of my address can be stolen if the service provider does not store it because they know that I can very easily provide it again and thus they have the option not to store it.)
Worth blogging and thinking about though ...
Our password service will be down for about 15 minutes while we update our servers. During this time you will not be able to retrieve or update any of your online password data. Sorry for the inconvenience, and we’ll be back to normal soon.
Update 3:43 CST: The service is back up. Thanks for your patience!
A new version of the myVidoop online password manager for Firefox is now available.
This updated version includes:
If you already have the plugin installed simply go to ‘Tools’ -> ‘Add-ons’ and then click “Find Updates”.
Otherwise you can download it from this link: https://myvidoop.com/plugin/firefox/myvidoop.xpi
The myVidoop plugin lets you harness the security of your myVidoop account to store and manage your passwords in your personal vault. The plugin saves you time by remembering all of your passwords and then automatically logging you in to the correct site, every time. Passwords are only remembered when you want them to be and all data is encrypted and stored either on your local machine, or online with myVidoop so they can be accessible anytime anywhere. Check it out today and start saving yourself time and protecting your personal data online!
Update by development team: We have discovered an issue that affects Firefox plugin 1.0.3 users who store their passwords offline in a non-default location. If you are using 1.0.3 and had previously created a new file or saved your passwords as a different file under the “More Actions” menu, this may affect you.
There is a bug that may cause your plugin to forget the location of your password file. Go to the sites tab. If you notice some or all of your offline passwords are missing, you are no longer using your previous file. To fix it, you only need to re-open your file: click “More Actions” -> “Open Passwords File” and locate your previous file. If you haven’t already updated, this problem is fixed in the latest version of the Firefox plugin (1.0.4). We’re sorry for the inconvenience, and let us know if you have any problems.
After IIW today I went to the Google Camp Fire where Google Friend Connect was launched. Despite the jet lag setting in not long after I arrived, I managed to pay enough attention to the presentation to be quite impressed by this new product. At first I was skeptical, because I'm not a fan of "widgets" as an integration mechanism, but one of the speakers showed a new version of ingridmichaelson.com created in conjunction with iLike.com which makes use of Friend Connect to create full pages of content that for all intents and purposes act as if they are part of the site they are integrated into. (though it does seem to misbehave a bit in Opera.)
Being an OpenID guy, I was especially impressed that Google has now effectively made it possible to be an OpenID relying party with only a drop of JavaScript code on your site. Of course, you're actually authenticating to Google's system rather than to the site it's integrating into, but since the target for this seems to be sites whose social functionality is also provided via Google the distinction is largely moot.
What I'd like to see now is an API that CMS and blogging software developers can use to automate the installation of these widgets. I'm imagining an API where the CMS can go off and request the widget integration code itself, thus skipping the step where the user copies and pastes the embed code. This could manifest itself as simply a link to the existing page where a site owner selects a widget with an additional argument specifying a URL to deliver the widget code to; Google would then send the code (via a redirect of the user's browser, for example) to that URL where it currently shows the code in a text field. Apps like Six Apart's TypePad could then provide a button in their sidebar widget admin UI to add a Google Friend Connect widget and get a relatively seamless integration.
It's definitely an exciting starting point though, and I'm eager to see what people do with it.
One of the reasons behind launching SignOn.com was to compare and contrast different identity protocols. There are things that you can learn by reading the specs. And then there are things that you can learn by deploying/implementing the specs.
We have had support for OpenID and Information Cards for a long time. With the latest release, we have added support for SAML by leveraging PingFederate.
Additionally, we have integrated with Google Apps. Google Apps is a service from Google that features applications for mail, calendaring, docs etc.
This allows SignOn.com users to
Your username for Google Apps will be the same as your user name for SignOn.com. For example, if your SignOn.com username is joe, your email address will be joe@signon.com.
In order to enable your SignOn.com Google Apps Account, do the following:
For future access, you can either go to your SignOn.com home page and click on Google Apps links (IdP initiated SSO).
Or you can access Google App services directly by going to the following URLs, and it will redirect you to SignOn.com for authentication (SP initiated SSO).
Appreciate any feedback.
No TagsChris Mesina has a great post up about data portability.
1) It dives into the semantic meaning of the phrase and issues it raises about the actual nature of what needs to be built - is it data a physical thing that is ported around? or is it a digital thing that can be copied and moved and is present in the cloud. The nature of the metaphor makes a difference
2) He articulates the relationship between OpenID along with OAuth and other open standards listed on DP’s home page as proposed standards in the “social stack” - (there is none officially)
3) The Risks associated with Data Portability are clearly articulated
* Who does DP speak for and how is that different from the perception of who it speaks for
* Privacy - is it being addressed well? can it be addressed well with the current approach? what are the risks to the technologies if it is not addressed well.
4) What is Good about Data Portability.
* The phrase has created a conversation that can be useful in teasing out the more gnarly issues involved in developing social applications. He is cautionary about this though if the phrase is misunderstood and people have bad experiences with it - does that mean the technologies will be perceived as failures and there is a retreat back to walled gardens.
He closes with this
I think the next evolution of the social web is going to be one where we take certain things, like identity, like portable contact lists, like better and more consistent permissioning systems as givens, and as a result, will lead to much more interesting, more compelling, and, perhaps even more lucrative, uses of the open social web.
This whole posts gets to the heart of the question we will be opening up the Data Sharing Summit with an “unpanel” on Thursday.
Data Sharing: What Could Go Wrong?
Bob Blakely from the Burton Group will open the conversation
What data is shared?
Who’s data is it?
Who should be able to move it? and under what conditions should they be able to do so?
Other Conversant are:
* Daniela Barbosa, DataPortability.org (day job at Dow Jones)
* Marc Canter, Broadband Mechanics
* Jospeh Smarr, Plaxo
* Ken Kovash, Mozilla
Should be very interesting getting to the heart of these matters.
If you care to read it Chris Saad has a response to Factory Joe’s post here.
Byteflow Blog Engine. This looks like the most full-featured of the Django blog engines by a pretty big margin, including OpenID client and server support. A product of the growing Russian/Ukrainian Django community.
I just saw this image of a chart.
it has the name of the company down the side
Smaller co’s/platforms
Then across the top is a list of features. example - OAuth for Exporting contacts. Please comment on other features we should list.
In the matrix you check off what features they have and if they are using open standards to implement them.
The question is what are the features we should have along the top. I think we will do this exercise as a group this week at the Internet Identity Workshop since I know that at least the first 4 companies on this list will be there and I am hoping that last two are too.
So this year after the Internet Identity Workshop there is going to be the Data Sharing Summit - in between is going to be the Chi.mp Happy Hour - in honor of Decentralized User-Centric Identity.
It is FREE (if you RSVP) from 6pm to 8pm Wednesday May 14th at Temptations, 288 Castro Street, Mountain View, CA 94041
You can eat there or move on to other fine venues on Castro Street.
I have to say how personally greatful I am to be working with Tony and his team on this event.
I met Tony about 2 months ago in NYC when he came to the Identity Commons meetup that Ryan Janssen hosted with me at Angel Soft. We talked a lot about the community and the history and the future - Ken Jordan, author of the Augmented Social Network: Building Identity and Trust into the Next Generation Internet (2003 First Monday), was there too. He has been doing a great job blogging about the issues on Own Your Identity and I am excited to introduce him to the whole Identity Commons and Data Sharing Community this week.
I have a ‘retweeter’ for the week of events set up at Group Tweet. My thought is we should just use one for both events - to help information flow between them. (if people really want a different one for both we can do that but lets discuss)
So how does this work.
First get a twitter account.
Then Follow IIW6 (this is because it is the 6th Internet Identity Workshop)
Then IIW6 will follow you back
When you direct message IIW6 it will be rebroadcast out to all the other subscribers to IIW6.
To direct message you simply type “d iiw6 Kim is giving a great talk in room A”
Then IIW6 will say “via @identitywoman Kim is giving a great talk in room A” and everyone who is following IIW6 will hear it.
With this set up we can talk to each other - back channel like.
The tweets that get sent out are currently sent to public.
If you have never tweeted before I think this a great opportunity to try it.
You can just follow one account - even have it come to your phone (because the volume won’t be that high) to do that you have to set device updates from IIW6 to ‘on’ another step after you click follow. It is very unlikely it will go over you total limit for text messaging for the month usually 150 or 200 messages on a standard plan.
Clearly there is lots to talk about next week at the Data Sharing Summit Thursday May 15th at the Computer History Museum with the MySpace Data Avaliability initiative.
Vidoop’s News Clipping Service…
If you have any interest in people seeing what you write/post read this…
· The free widgets can contain keystroke logging systems.
· University of Indiana did a research project where 72% of students clicked an e-mail link and entered in their university user names and passwords at a fake site.
· Security.itworld.com has no IE bugs to report for the previous month but say Firefox and Safari have been hit hard.
· Firefox released two updates in the past six weeks fixing five security vulnerabilities.
· The most recent Safari update was used to patch 13 holes.
“OpenID’s main aim is at providing a secure, scalable solution for the authentication service in the identity stack” … (cool diagram included) … “To a lesser extent, it also hopes to help the identity provider and authorization services by becoming a transport container for identity claims that drive these services.”
· Compares the current state of the Internet to the time when people logged on to “walled gardens” through AOL, Prodigy, and Compuserve and how open e-mail, allowing people to send mail to others regardless of their provider, was revolutionary.
· Now we are moving through another time in the Internet that is changing everything.
· “In the next phase of the Web, who you know becomes valuable to you and meaningful and accessible to you across any website, application, or device.”
View all my bookmarks on Ma.gnolia
Last week SourceForge quietly added support for OpenID to their site. The news is official now.
SourceForge implemented relying party support (as opposed to just being a provider) which is a trend not often seen by larger players. I wanted to talk with one of their developers to see what it took to make this all happen, especially in a large organization like SourceForge. I spoke with Luke Crouch who was the lead developer on the project.
In this podcast I try to cover some of the questions that large sites have to consider when adopting OpenID as well as ask a bit about the future for open technologies at SourceForge. Hope you enjoy it.
Luke Crouch is a developer working at SourceForge on the site engineering team. For those who do not know already SourceForge recently announced they are supporting OpenID as a relying party.
Scott and Luke talk about why SourceForge went OpenID, their support of the Open Source community, identity (why IDP vs. RP) and what issues they ran up against while implementing OpenID. There are lots of technologies that are complimentary to OpenID, what is next for SourceForge?
Listen to the mp3 for the full interview… big thanks for Luke for taking the time to speak with us!
If you have feedback for Luke or SourceForge in general please visit their community home: http://sourceforge.net/community/
SourceForge Implements OpenID Technology Primenewswire (press release), CA - 3 hours ago OpenID is an open, decentralized, framework for digital identity that eliminates the need for multiple usernames across different websites. ... |
Next week is going to be a busy one. From Sunday for a week and a half I'll be visiting San Francisco. The first week is all but consumed with things relating to identity and data portability, which I'll be attending:
SourceForge Now OpenID-Friendly Mashable, CA - May 7, 2008 SourceForge, an immense base of open software development and discussion, today announces its newly instated mechanism for accepting OpenID users. ... |
The timing was serendipitous; we just got everything locked down here in the office, W+K had to reschedule, Dawn Foster introduced me to Jake Kuramoto at BarCampPortland, the result… Vidoop will be hosting Lunch 2.0 on Wednesday, May 28th 2008.
Lunch 2.0 started in Silicon Valley, though has made it’s way up the coast and is now moving around Portland. In a nutshell Lunch 2.0 is “A social phenomenon referring to a migration of Web 2.0 company employees to other offices around the Silicon Valley/Forest/etc; characterized by open communication, decentralization of authority, freedom to share food and ideas, and ‘the lunch as a conversation.’ ” The San Francisco Chronicle has an excellent write up explaining the history of Lunch 2.0
We will be having Fords on 5th do the catering, so bring your appetites and an interest in learning about the latest in internet security and identity. Since Scott Kveton will be involved you know bacon will be on the menu. There will also be vegetarian fare available, though it may be wrapped in bacon 
Please RSVP on Upcoming so we know who/what to plan for!
For Saturday evening just three quick notes about OpenID related news from Germany:
Anybody following Identity/Privacy today is rooting for OpenID. They look like the good guys and they have momentum. However the purchase of Credentica by Microsoft in March was below most people's radar screens. You would need a keen interest in Identity/Privacy and Cryptography to have taken notice, and you're already rooting for OpenID, so why even look at what the Beast of Redmond is doing? This must be an evil plan to suck us all into Hailstorm 2.0, right? Maybe not.
It might be worth giving Microsoft some benefit of doubt for a while. First, my CliffsNotes on why Identity/Privacy matters:
That was easy enough to write, but it is much more difficult to deliver. Squaring the privacy vs. personalization circle is hard. That's why nothing has yet hit the spot.
The privacy backlash has predictably got the politicians and regulators into the act. Yet, they might just make it worse. A ham-fisted regulation - most regulation related to technology is ham-fisted - would ruin the business for publishers and advertisers and probably be quite easy for the really bad guys to hack.
On top of that, some governments just love to know what all their citizens are doing and that is not always in the citizens' interests. Would you want your government as the repository of all citizen private data? ... That's what I thought!
So who would you trust? Microsoft? Hmm, they tried that with Hailstorm and had their heads handed to them. Maybe Google? After all they already know all your searches and you have to trust them not to use that to identify anything about you personally. And Google said "don't be evil" and we mostly think they included themselves in that injunction. But who knows, even good guys can be tempted or get bored and let the bad guys take over.
So the answer for most people would be "None Of The Above." Which implies that nothing will happen, the status quo will remain. But that is clearly not ideal. It means that your personal information is scattered across lots of sites, most of which will have relatively weak security, so that hackers can easily get it. Just like they did recently at Facebook.
Ok, lets test that. Who would you trust to store all your private information? Please vote in the poll below.
Who would you trust to store all your private information?That's why Credentica is important. Look at this 5 minute video to understand the technology. I don't know anything about cryptography, but it appears that the people who do understand it believe that Credentica is technically secure.
So then it is a question of trust. What will Microsoft do with Credentica? Which is a question that nobody has the answer to. Although I am sure many people have opinions -- and feel free to leave them in the comments. Steve Ballmer, what's the deal? What do you have planned?
Quite possibly, Microsoft is still figuring it all out. They do have somebody called Kim Cameron who has been thinking about online identity longer and deeper than most. His bio says:
"Kim Cameron is Chief Architect of Identity in the Connected Systems Division at Microsoft, where he works on the evolution of Active Directory, Federation Services, Identity Lifecycle Manager, CardSpace and Microsoft's other Identity Metasystem products.
Kim joined Microsoft in 1999 when it bought the ZOOMIT Corporation. As VP of Technology at ZOOMIT, he had invented metadirectory technology and built the first shipping product. Before that he led ZOOMIT's development team in producing a range of SMTP, X.400, X.500, and PKI products.
Kim grew up in Canada, attending King's College at Dalhousie University and l'Université de Montréal. He has won a number of industry awards, including Digital Identity World's Innovation Award (2005), Network Computing's Top 25 Technology Drivers Award (1996) and MVP (Most Valuable Player) Award (2005), Network World's 50 Most Powerful People in Networking (2005), Microsoft's Trustworthy Computing Privacy Award (2007) and Silicon.com's Agenda Setters 2007.
Kim blogs at identityblog.com, where he published the Laws of Identity."
He's Canadian, so he can't be evil... and he says he is a "strong proponent of OpenID." (As you can hear/see here.)
So it doesn't look like Microsoft is planning to replace OpenID. Perhaps they just plan to make it secure.
OpenID has the right approach with multiple providers, but as Cameron points out, it is open to abuse by hackers and ID phishers. That is where the OpenID's multiple providers have a branding/trust problem. Out in the wild, who knows the difference between MyVidoop, ClickPass, and EvilPhisher? (I made that last one up).
Credentica had/has a Java SDK. I hope Microsoft keeps this, while also offering a .Net equivalent. For many entrepreneurs the Java vs .Net decision is pretty immaterial, the decision comes down to skill availability. Keeping the Java SDK would increase trust a bit.
Microsoft will have to work hard to forge developer trust in this area. If they can win over developers they have a strong story to tell. The game will shift from just being an ID Provider to offering "secure ID" as a feature of your service. In other words, they will shift this "up the stack," which will be a threat to an ID Provider that plans to use that one feature to build a business, but maybe great for other entrepreneurs.
MyBlogLog is becoming the most talked about service on this blog, I guess. Maybe I should make it a weekly feature. 
Well, what’s the news of today then? MyBlogLog is an OpenID provider now. And no, sadly it’s not a relying party as well.
Users who want their MyBlogLog profile URL to be an OpenID identifier have to opt-in at the Yahoo! OpenID site. So it is no surprise that this implementation provides the same features as Yahoo!’s (see my post about it). It also means that users don’t have to log in with their complete profile URL (http://www.mybloglog.com/buzz/memebers/username) but can shorten the OpenID to mybloglog.com. OpenID 2.0 and directed identity make it possible.
Also interesting to note is the blog post about MyBlogLog’s OpenID support by Shreyas Doshi, product manager for Yahoo!’s OpenID initiative:
With this change, we have also eliminated the only-one-custom-OpenID-identifier per-account restriction. This means that you can select both your Flickr photostream AND your MyBlogLog profile URL as your OpenID identifiers, in addition to creating a pretty me.yahoo.com identifier.
Can we speculate about del.icio.us and Upcoming OpenID identifiers as well now? More providers? Please become relying parties!
By the way, MyBlogLog also added a nice FOAF icon next to the vCard and hCard icons on profiles. They heard you, Robert. 
Meanwhile Digg has added XFN support to user profiles and RDFa to submitted stories. Good to see further implementations of open standards on Digg. Maybe we will eventually see OpenID support. Announcements have been made more than once.
If you want to learn about OSIS, I put my presentation on OSIS at last week's European Identity Conference on-line here.
For the first time, I'm trying out slides plus audio; let me know how it works. This is an export out of Keynote; I was hoping the file would be smaller, but neither Quicktime nor Flash seem to optimize the slides well when exported from Keynote with sound.
SourceForge Allows OpenID Logins. Excellent—SourceForge is the kind of site that I log in to infrequently enough to always forget my password (and indeed username) making OpenID a great fit.
Vidoop’s News Clipping Service…
Aaron Hockley, effective immediately, will no longer be commenting on tech blogs that don’t support OpenID for comment authentication.OpenID support is available on Google’s blogger platform, it’s available as a super-easy-to-install WordPress plugin. Movable Type has it as a built-in feature. If you’re using another lesser-known system, rally the troops for OpenID support….
The workshop on April 18-19 was a success. We opened with What is the Problem and Where are we? Nine different industry innovators and influencers spoke. There has been a lot of progress since the first meeting of the community at the first Data Sharing Summit in September.
News on OpenID come in daily this week, it seems. OK, it’s only Tuesday and maybe there won’t be any OpenID related news for the rest of the week anymore. So here’s a roundup of the last two days.
There’s big news in the OpenID world; new solutions are hitting the market that aim to solve probably the biggest problem the paradigm faces - usability.
