Microsoft, Verisign, Sxip and JanRain have announced that they will all support the OpenID protocol in their upcoming products. Kim Cameron has the scoop (but then he would have, being the 'Chief Architect of Identity' at Microsoft).

Looks like we might have our web identity winner. Maybe, finally, this will be the year of web identity.

OpenID is a decentralized identity/single-sign-on system which uses URLs to identify people. Now I haven't particularly looked at this stuff for a while, so I was surprised to see how much had happened in the last few months.

In particular:

• Verisign have joined the openid bandwagon. They've got somebody participating in openid2.0, and they've got an openid based identity service. I think this adds a little extra credability to the whole thing, at least for enterprisy types.
• Dick Hardt from SXIP is now involved in the openid2.0 spec. This is good news - I wasn't keen on the original sxip1.0 but I think Dick is one of those charismatic types who promotes things until they succeed. Hopefully he'll be a Dave Winer for open digital identity.
• Some companies have got together and funded an openid promotion initative: iwantmyopenid.com.

All this momentum has prompted me to add openid to my wordpress system - hopefully at some point in the future I'll be able to turn the anonymous commenting stuff off alltogether. I used this plugin for the comment authentication functionality, which worked out of the box (although I did have to tweak it a bit to remove the livejournal cruft and get things looking right). I haven't tried the 'use your blog as an openid server' stuff as I prefer to delegate to a 3rd party provider.

Actually having said that, I don't see the delegation feature mentioned enough: The super-cool thing about openid is that it allows you to delegate authentication to a 3rd party security provider but still use identity URLs under your domain (and thus your control). E.g. my public openid is 'phildawes.net', which means that other web sites authenticate me by going to the http://phildawes.net/ url (which I control). However I currently have the following text in the head of the html page served at that address:

<html>
<head>
...
<link rel="openid.server" href="http://www.myopenid.com/server" />
<link rel="openid.delegate" href="http://phildawes.myopenid.com/" />
<meta http-equiv="X-XRDS-Location" content="http://phildawes.myopenid.com/xrds"
...
</head>

This gubbins tells sites to do the the actual authentication with myopenid.com (which is a free openid security provider). The upshot is that I don't have to run my own security authentication software to control things, but I'm also free to move to a different provider at any time without changing/losing my online identity. Sweet!

I've been experimenting with adding openid authentication to django. I couldn't find another software package to do this (although I did see this, which implies there is some other code out there) Anyway - here's mine so far.

The main problem I've hit is that the username column in the django authentication db schema (v0.90) only has 30 characters, so I can't use the openid url as the username.

Instead I'm currently using the first 30 chars of an md5 hash of the url, which sucks. I probably need to create a new openid auth model which holds the openid url and adds a view for getting new users to create a unique username (or something). Or maybe I should contact the django developers about expanding this?... hmm..