There is a big movement on the web about peoples’ identity at the moment. It’s not just about security, it’s about how you sign-in to the accounts with sites and services you use and how you can control the information about yourself.
So we have the DataPortability Group, which encompasses many technologies such as OpenID, oAuth and many others as well as project Diso. The community is attempting to derive a means of embodying control and identity for users on the web and who you relate to (XFN/FOAF) , what you like (APML) and what feeds you read (OPML) mixing in useful technologies to form a meaningful whole.
Aside from the difficulty in technological implementation, not only of a working solution but a solution that can be easily adopted by developers world-wide, I think we have some basic issues on a more conceptual level before people are really going to use this.
Say you have a single point of identity – your login is through a URL such as http://yourname.provider.com. This suggests to me that your identity could be prone to the same issues as the average website but with more profound effects. If you identity or provider goes down, you can’t log-in to any of your sites or services (unless a fall-back is considered), the providers would increasingly become the target of criminals and you would need the assurance in whoever is you identity host.
AOL and Orange (France Telecom) for instance have enabled their user accounts as OpenIDs, which is a significant move in terms of availability (but still is an issue over whether there are the opportunities to use these on many high profile consumer websites and whether their customers understand what this means to them). With a name like this, you may feel a sense of security but it’s possible for any developer or host to become an OpenID provider. Would a bank be a more likely source for your identity or is putting all of your important personal information in one place asking for trouble?
Imagine all of your accounts on the web used your URL as your login and services polled your APML for interests, your feed reader polled you OPML reading lists, etc. This much reliability surely needs a different and more secure kind of host?