I think my pages got out of order, so apologies if this doesn't make chronological order.

OpenID research papers is hard to use, some people have it but many people don't use it. It's not always obvious that the site you're on supports it.

Providers support some services, not others. Users aren't sure if it works

Username / email as ID works, but people use it across different sites and often use the same, weak password. Crack one, crack many.

Only a few providers, not a truly decentralised standard.

How do we mkae it useable for nomal people, not just nerds.

Cost / benefit radio too low for most people, worth it for some heavily internet/nerdy people

OpenID open to phishing. Browsers redirect to other site, teaches people that that's ok to do.

OpenID kinda suboptimal, let's fix it

Goals

Persistent profile across internet

1 -> N decentralised 'you', provides auxilliary services

Single sign on through username/password common to most sites, need to educate users that reusing password is not OK.

How do people aggregate information about themselves?

Freedom to aggregate info and disaggreagte info

Context management, SSO is a nice by product, but not the big win

Allow assertions by 3rd parties to prove things about yourself

Higgins Project - Novel, IBM, Microsoft

Special ID interface and client to manage identity - it's special, it's hard, it's you. You're worth it.

Needs to be extensible, need sto be portable, needs to be easy to adopt

Can't start from "already adopted, everything is wonderful because we're ubiquitos" - real work, peicemeal adoption that provides value as it progresses

Information context is big win.

Javascript could be used to add to existing websites.

Twitter username to twitt pic - training people into bad habits

Shibboleth only provides one level of authenticatoin. Auth given to one service, but can't pass it on. Grids need to pass on services. Everyboydy is doing SoS, this needs to work. OAuth, Kerb have this sorted.

Authz vs Authen.

What is an identifier. URLS, email, all specifc ids.

Trust in URI is bad, pgp keyservers bettter

INAme, centraliesd root registry like DNS

DNS works, but is not designed for humans

Just give out the ID endpoint, not your email/ website. These are all additional endpoints that the ID endpoint might allow you to access. XRD: gives out IM, email etc servcies.

THIS IS DOABLE

real name is globally unique ID for some peole, but not everyone. GUID needs to be humand readable, definable by the person giving it to allow context managment.

Name allocation is hard

Twitter has a powerful namespace

Technically solved if you can be bothered to pull it together, but takes effort.

There are social problems for most people. We don't habitually know about what the rules of informatoin sharing are.

Bazaar of social identied solutions. Many competing, different ones. What does that look like? Can a regular human understand that?

Let's design the user experience. Card selector is good, best so far, but not perfcet.

Azigo, Higgins good to look at.