And on the topic of twins and IDs – A friend was telling me they wrote initials on the feet of their identical twins with a magic marker when they were babies to tell them apart. Now that's what I call an Open ID.

2. Wow, there's no pleasing you Community = bad, decisions by corporation = bad. I give up, what = good? Would you settle for better, at least in this case?

3. Again, not a blanket good vs. evil, but a this is better than that argument. I don't think you're saying using the same credentials on dozens of sites is better than OpenID.

4. Hardware level repudiation? Provided by a single vendor? Sounds like a monopoly in the making, where do I get on that train

No worries. OpenID isn't necessarily for everyone, and it's not meant to be. Some people (probably you) take credential management as seriously as it should be taken. Unfortunately (fortunately if you're into evil), you are in the minority. Thus, I don't think the OpenID community is worried about wasting effort.

I think you get it, well enough to recognize it's not for you.

2. Assumption that community decision is good. Yesterday was the anniversary of the first witch-burning in New England. I'm still creeped out by the scene in The Illustrated Man (movie) where they killed all the children. And of course, Zardoz was ultimately a story of fixing a bad community decision that seemed like a good idea at the time. The process may be different, but that doesn't mean better.

3. Disagree, for reason 1. Familiarity breeds ignore. Read any adhesion contracts lately?

4. This all goes away with a strong non-repudiation mechanism, down to the hardware level. But that won't happen for a long, long time. Probably after some very high profile screwups.

Sorry to be such a negative Nellie, but I'm just not convinced the problem statement is done well. This just seems to be a lot of effort that will fall by the wayside. Of course, I may just not get it.

1. The majority of people use the same password (or two) all over the place, making it dead simple to harvest their information. Bad. They also frequently use the browser to save site passwords, also bad practice.

2. There is a difference between the standards used by MSFT and commercial bodies. OpenID is open source. There is no commercial gain to be had, and decisions are made by the community. Very different process.

3. When you use OpenID to authenticate, the provider tells you what the requesting site wants to know about you. So, you know before you agree.

4. I agree about failure points, but the alternative is even messier, i.e. multiple sites, multiple logins, shady terms of use, misuse of API data (think Twitter credential harvesting), etc.

I think your ideal viewpoint is one that doesn't use all these sites at all, which means no password remembering issues Nothing wrong with that, and I lean toward that side myself, which is why I want more support for OpenID.

OpenID attempts to safeguard people who are not as cautious as we are.

But to really see my point of view, imagine you are using IE and it asks to remember your password. Well, maybe I'm weird, but that makes me just recoil and hit NO! Of course, that's due to my dislike of MS, but is there really any difference between them and any other mysterious standards body? Gawrsh, what if Network Solutions ran the world? Icannt even imagine…

It's a fact of social network life that different areas are going to have different views of your online persona. If you are going to have an open ID kind of tagged global login, it needs to be able to handle this simple basic observation. Even the oddly misnamed Oracle SSO recognizes this, think of the difference between OTN and metalink.

Also think about single points of failure – haven't we all seen google results with the first link something nasty? Poisoning reputation is bound to be trivial.