It seems like the majority of the community interested in this stuff is wondering how we can do this in technical terms so I think opening the debate into a more practical space is in order.

Having a service to make signing into websites easier is great but that could so easily be a small step into something akin to a passport (not lie Microsoft’s Passport!). Something that does actually profile you in a meaningful way should be treated with almost the same security and uptime as a bank BUT as many sites could be polling for data, the bandwidth demands could make identity hosts a different prospect.

It’s all food for thought ;)

However the concern I have always revolves around the same few points:
1. If I have one single place where access is controlled to all services I use, how can I be sure that this particular service will always be available?

2. If everything’s in one place, one security compromise = a whole host of problems.

3. Can I *really* trust anyone with that much access? I’m sure the people behind oAuth/openID/etc are noble and well intentioned, but it would only take one renegade employee/volunteer to make things difficult for me, if I were to put all my eggs in their basket.

I guess the summary of my position right now would be: like the idea, not convinced we have a suitably robust implementation to make it a possibility just yet.