I am a huge fan of OpenID. My initial interest was piqued by the promise of no longer having to remember login credentials for dozens if not hundreds of websites. The security benefits of only having to protect one set of login credentials instead of many became quickly obvious thanks to an ebay hacker.
I must say, when I first heard about the use of URLs as identifiers, I was skeptical (and to some degree remain skeptical) that your average, not-an-early-adopter consumer will be willing to wrap her brain around the concept that a website address is sometimes also a username. To me, the most obvious identifier to use would have been the email address. Almost everyone on the internet has at least one and it is already associated with identity in everyday life.
I-Name Skeptic
I became increasing skeptical when I heard that as an alternative to URLs, an identifier called I-Names was also part of the OpenID spec. I-Names are XRI globally rooted at xri.net. This means one organization (a company in this case) has a monopoly on the issuance of I-Names.
We know from economics that monopoly suppliers have the incentive to create artificial scarcity and drive up prices. Yes, this means you have to pay for an I-Name. The going rate is about US$20 for an “individual I-Name” and US$55 for an “organization I-Name.” Wow! Someone must have a lot of confidence the market is going to buy into I-Names even given that OpenID URLs offer many of the same benefits at little or no cost beyond a domain name registration which has almost already been paid for other reasons.
Charging more than twice the current market price for domain names for something that isn’t really that valuable until the network of people that use it is pretty substantial is hardly a way to stimulate viral adoption and gain the benefits of network effect. This is especially true when OpenID URLs are out there are a direct substitute for single sign on identifiers and have a marginal cost of US$0 to the user.
Skeptic Turns Supporter
Despite my early skepticism, I continued to read up on I-Names to figure out why intelligent people would spend so much time trying to create something that at first glance by an identity layman seemed to be a scheme to charge unsuspecting consumers US$20 for something that could basically get for free by using an OpenID provider such as MyOpenID.
Drummond Reed (=drummond) has been one of the most visible supporters and whose posts on the OpenID mailing lists and his blog have been most helpful in shedding light on why I-Names are technically superior and desirable for consumers.
Supporter Buys-In
Convinced of the superiority and desirability of I-Names, I decided to buy my own individual I-Name. You can buy an I-Name for a number of accredited registrars. Having little info to go on, I bought mine from 2idi because it is one of the initial registrars. I falsely assumed that they would have the most well developed feature set and management interface.
I have been using my I-Name to log on to OpenID sites that support it. Hopefully, once the OpenID 2.0 spec is complete, support for I-Names will be more consistently implemented. Right now sites using older OpenID spec 1.0 libraries do not accept I-Names.
Because of the less than desirable feature set of my I-Name provider and the fact that they do not yet support the latest OpenID spec, the best security practices, or provide a means to manage relying parties, I have tried without success to delegate OpenID authority using XRDS to my MyOpenID URL. Has anyone else been able to accomplish this? Perhaps 2idi is listening and could let us know if and when we will be offered a feature set more comparable to other OpenID providers?
Much of the success or failure of I-Names will resolve on getting the world at large to accept and recognize them for what they are, a unified contact handle that has the potential to replace phone numbers, email addresses, mailing addresses and more with one simple identifier all while giving users more control over their information and who is allowed to contact them and by what means. US$20 per year is way too high for anyone but the most enthusiastic early adopters to pay if that goal of mass popularization is ever to be met, at least in the beginning.
One road to adoption that seems very promising is by employers providing delegated community I-Names to their employees or websites to their users. For example:
@example.company*Marketing*Fred.Smith < ----- This would be Fred Smith in Example Company's Marketing department.
@example.company*Smithy < ----- This could be the user with nickname Smithy at Example Company's Web 2.0 application.
Help Delegating
I am interested in providing users of my yet to be launched tech start up with community I-Names. However, I have yet to find an I-name registrar website that provides information on how this could work beyond simply mentioning it is possible.
Simply put, I imagine asking my users to provide their I-name or OpenID when registering. If they provide an OpenID, my site would issue them a new i-number and an associated community i-name under my company’s organization i-name. If they provide an i-name during registration, the existing i-name’s i-number would be used as their unique identifier and an a community i-name under my company’s organization i-name would be issued and associated with the existing i-number.
Ideally, this could all be accomplished with an i-name registrar provided API so that we do not have to run an XRI resolver. Is this possible? Does anyone know of a detailed explanation of how something like this should be implemented?
If this is a service that i-name providers are already offering, how is it priced?
Linksafe seems to indicate that the US$55 / year fee includes the ability to delegate community i-names. Does this mean that Linksafe would provide login, contact, and forwarding services for community i-names that are created under an organization’s i-name?
The I-Name Future
I look forward to the day where I can print my i-name on my business card and people will automatically know what it is and how to use it. Unfortunately, that day will not come until the ease with which people can get i-names is closer to that of the ease with which they get OpenID URLs by both significantly reducing the price of individual i-names and making it a lot easier for websites and companies to provide their users with community i-names with a cost structure that makes sense and minimal technology investment.
If anyone can shed more light on the questions I have raised, or point me to some answers, please leave a comment using your OpenID or I-Name.
Or contact me privately using my i-name.
Good post
When you tried to delegate OpenID authority to MyOpenID, what happenned ?
Did you try using the xri.net/=larry(+openid) style forwarding ?
In your 2idi.com forwarding setup - you can setup a tag (+openid) to point to your blog. And in your blog template, you can setup link tags and point them to myopenid.com urls.
I am sure you have done this but I thought I’d mention this anyway…
I have had quite a few questions about OpenID and I-names and both =andy and =dummond have been quite helpful with their comments.
It does appear that the feature sets are still evolving and the i-brokers are still trying to establish their business models ( = trying to figure out how to charge customers for more:) )
That is where your @business i-name question comes in. I have registered a business i-name also - However, when I contacted the ibrokers about using it, they had mentioned that that feature set is still evolving and there is a business model associated with it.
My hunch is that they will somehow try to charge for the delegated communities that we will hang off of the business i-name & somehow charge for the forwarding services that the community members will be using.
=rajeev
=Rajeev,
I actually hadn’t tried using XRI-style forwarding. I just tried what you suggested and it had no effect. Before, I had tried to change my service endpoints to point to myopenid or another provider instead of http://2idi.com/openid/ without luck. Perhaps my syntax was wrong.
I’d imagine there would be some sort of fee if they’re providing i-name hosting and resolution services for all of the delegated communities off of a business name, but I hope there is no fee merely to delegate the names. That would be like ICANN charging for each subdomain of a domain you already bought.
Thanks for the info!
=Larry
If you dislike providing your private information to an OpenID Server Providers, or you got some problems to use their servers, you totally can build your own OpenID server just for yourself. There is a very simple solution to do that. What you need is a web site which supports php4/5, and use a system called phpMyID, it is an open project under beta test. To get phpMyID please visit: http://siege.org/projects/phpMyID/. If you can read Chinese, there is a tutorial in my blog, it may helps you to install it, or just follow the README in phpMyID zip file. My openID is powered by phpMyID, and it works well.
Hi Larry -
My name is Les Chasen of Neustar. We provide the technical back end operations for the = and @ registries for Cordance and XDI.org. I would be veryy interested in learning more about what you are hoping to do as far as a community space. That is something that I think i can help you with.
One resource i would like to point out to you is http://dev.inames.net. Specifically i would like to point you to the “community registries” page. There is info on hosted community options through i-brokers as well as info on how to run one yourself along with some free software to help you out.
On your question about delgating to your openid provider. I am not quite sure what you are trying to do. XRI does support the capability to have an IDP (OP in openid speak) that is different than the i-broker in which you purchased the i-name from. However, for that to work your IDP would have to understand who =larry is. in looking at your XRDS, http://xri.net/=larry?_xrd_r=application/xrds%2bxml, i see that you have been playing with your openid service endpoint (sep). It looks like you have changed the append attribute to “none”. I think if you change the URI to be your myopenid.com url then it should work. I have not tried this myself.
=les