davenesbitt.com

This is another post excusing the fact I haven't posted anything meaningful for months. I could make the usual excuse that I have been too busy but it wouldn't be true. I have been busy, both at work and home, but I could easily have found the time for a quick post or two. Look, here I am doing just such a thing. I could also claim that I just haven't found anything worthy of blogging but this wouldn't be true either. I've seen, done and heard lots of things that I could have blogged. The following anecdote is vaguely related to this:

I was at the EEMA European e-Identity Conference 2009 last week (more articles on this to come) and I attended a session on OpenID. The speaker asked everyone in the room who didn't have an OpenID to raise their hands. I, and a few others, did. He then said "well, hopefully after this session you'll change your mind". He then proceeded to deliver an extremely detailed (and, frankly, dreadfully dry) series of PowerPoint slides discussing what NIST Levels of Assurance OpenID is appropriate for. Now, I'm sure that some people in the room really did care what NIST Levels of Assurance OpenID can deliver, but I can't pretend to be one of them. I was kind of hoping he might explain exactly why anyone (apart from the most hardened blogger or web user) really needs one, but he didn't. He just assumed everyone in the room spends all their time flipping between Twitter, Facebook, Blogger and whatever social networking software is currently de rigueur and needs an OpenID to provide SSO and non-repudiation. But I don't. I do use Twitter and Facebook (but not very often) and I do blog (but not very often) but I've become so used to maintaining a seperate username and password (well, sometimes a different password, most times it's the same one) or writing them down in a password file (BAD! BAD!) that I don't feel I need to get an OpenID.

I'm sure there's an interesting and relevant lesson here for those who believe that self-asserted and user-centric identity is the answer to all our woes (but I'm not really confident enough to express it loudly just yet) and it's the same thing I say to people when explaining to them why they shouldn't bank their project success on user self-service or delegated management: just because users can do something, doesn't mean they will. Just because we give them a portal through which they can change their own data doesn't mean they will. Just because there exists an ID that we can all have that can be used between most major Web 2.0 sites, doesn't mean we will bother registering for one. Some of us just have other things to do...

But I'll probably feel different next month and be blogging on a daily basis about the wonders of OpenID and/or InfoCards ;)