Long one of the most visible leaders of the open, federated identity technology OpenID, Portland, Oregon startup Janrain announced tonight that it has raised $15 million to build itself into a leading provider of identity management, for big branded websites seeking to leverage big brands of tech ID like Facebook Connect, Twitter and Google. The Wild West had terrible UX and never caught on like the dreamers dreamed. Now Janrain is building a business with OpenID in the background, almost just out of politeness it seems. Big ID has won and Janrain is serving it up on sites like CitySearch, MTV, NPR and yes, LadyGaga.com.

I wouldn't presume to know how it could have been implemented any better, but I wrote in great detail about the failures of OpenID and Janrain's leadership of it nearly 4 years ago. Poor user experience, uninspired design, ineffective explanation of the value proposition and widespread technical community infighting were among the causes of death.

Today OpenID is rarely talked about, except in obscure corners like Portland's recent IndieWebCamp, where registration was only allowed if you could log-in with a website that you owned yourself and had tied delegated OpenID credentials to. I don't know how that event went, but the barrier to entry seems so absurdly principalled (if well intentioned!) that it may have been too dorky and demanding for even an episode of Portlandia. (I'll show you a bird you can put on it, you lovable, if obnoxious, dorks.)

If I'm wrong about this, then the place to look may be the OpenID Foundation. But that organization's "Committee to coordinate adoption, usability and marketing strategies" hasn't had an email posted to its email list in a year this month.

Now Janrain is pointed in the opposite direction. When you land on a site that uses the new Janrain Engage technology, you're invited to log in first with Facebook, then Twitter, Google, Yahoo, MySpace, PayPal (who would login with PayPal? I can't imagine) and then OpenID later down the road.

The company then captures the payload of data associated with your authenticated identity and helps the customer manage that data. It's the promise of Data Portability, but delivered by the big centralized vendors instead of by free people with their own little corners of the internet. In some cases the end result may be to the user's benefit, but Janrain likes to talk about how useful that data is to marketers.

I love my corner of the internet, but let's be honest: I log into websites with my branded IDs. I am a slave to the man. I also wrote this post while drinking kombucha down the street from the old Alberta Street Clown House, fwiw.

As Janrain's new millions were talked about in the tech press tonight, poor old OpenID hardly got a mention. Mike Rogoway wrote in Portland's Oregonian that Janrain faced "slow growth" when focused on the open technical protocol. GigaOm's Colleen Taylor said Janrain "makes a software platform inspired by the OpenID protocol." Liz Gannes said "online identities used to be a niche cause full of acronyms and hypotheticals." (Ouch.) VentureBeat's coverage didn't even mention OpenID.

Oh well, people certainly tried. And other people will try again. Mozilla's BrowserID might work, it's said to have a very smooth user experience and it's been quietly under development for years.

But things don't look so good for the very ambitious, widely discussed project called OpenID.

Will making it easier for Yahoo users to sign in to Google - a direct competitor - draw users away from the portal, search and mail provider, or will it help create an overall better user experience? According to Yahoo, making a process that users were already engaged in simpler will provide a better user experience and keep them interested in one of its most solid products - Yahoo Mail.

"People have been asking FOREVER when are the big web portals actually going to accept other people's OpenIDs. This a significant step by Google to become a relying party," Hamlin told us today.

Scott Kveton, co-founder of the OpenID Foundation, agreed that it was "a big step forward for making OpenID that much easier to use".

"Making it easier to have Google and Yahoo work together is great for Google," said Kveton, but he questioned the advantage for Yahoo. He noted that "making it easier to on-board users into Google via their email accounts means being able to suck in the social graph."

We asked Eran Hammer-Lahav, an Open Web advocate for Yahoo, about the feature, and he told us that it had been in some form of discussion for over two years and would provide a better user experience for Yahoo's users.

"We don't try to lock our users in any way," said Hammer-Lahav. "We want them to have a better Web experience no matter what site they are on, just by being a Yahoo user. Yahoo is not in the business of locking users to only use its services, especially when the Web is getting so much more distributed and social."

Hammer-Lahav told us that Yahoo believes its mail product is strong enough to keep users happy (and loyal), as evidenced by when Yahoo was one of the first email providers to provide address book mobility. When we asked if Yahoo would be offering the same sort of feature, he explained that there weren't many Yahoo products that required email sign-ins, but the company is adding OpenID support for activities like adding comments, which do require full account sign-ins. In this case, Google added this functionality, he explained, because Yahoo email account holders make up a large percentage of the email market and those trying to create Google accounts.

In the end, that may be just it - the simple fact that users will be drawn to Google's growing arsenal of Web tools, from Google Docs to Voice to AdWords, and it's better to keep what business you can rather than have your users abandon your product completely.

These protective measures don't go very far, according to the New York Times, because hackers can get ahold of passwords with software that remotely tracks keystrokes, or by tricking users into typing them in. The story touches on a range of issues around the problem, but neglects to mention the obvious: the march toward a centralized login for multiple sites.

It would also solve the problem of password-overload. Managing logins for all the Web sites that require registration is a pain, and any frequent Web user who says differently is either lying or has a photographic memory. Browsers have taken some of the pain away by remembering passwords for us, but clear your browser's history and suddenly you have to answer secret questions and email your username to yourself for umpteen different sites.

A handy chart to help you create secure passwords, from Microsoft.

One or more options for a universal login is inevitable and progress is well underway. More and more sites are supporting the easy-to-use Facebook Connect, which lets users register for a site with their Facebook profile instead of creating a site-specific username and password. As of last year, there were more than nine million websites using OpenID, the openly-developed standard that users can use to log in across multiple sites.

Standards like OpenID carry their own security problems (and other problems - see The Troubles With OpenID 2.0), the obvious being that a successful hacker can gain access to all the sites and services you use at once. But the convenience of a universal login is irresistible, especially for the myriad sites where there's no danger if your password is hacked, such as news sites. Users who try it won't want to go back - which is why it's important to talk about the security issues around these new protocols for users and the sites that implement them.

How do you manage your logins?

Just when you thought the Identity game was over and Facebook or Twitter had won, now you can welcome 55 million more docomo customers onto the OpenID side of the contest.

OpenID is an open source and open standards system of Identity that allows users to log-in to any OpenID supporting website with the account they've already created through a trusted identity provider. The system makes it easy for users to start using new sites with just a few clicks, easy for them to take their profile and friend data with them from site to site and easy for websites to offer personalized service immediately, based on the data an OpenID user brings in with them from their cross-service identity provider. Though ease of login has been the primary use to date, identity and payload as web-wide development platform is the long-term promise of OpenID.

It's an intriguing paradigm that has had mixed success to date, limited primarily by design and User Experience challenges. The entry of Japan's largest telco into the OpenID ecosystem could help propel OpenID forward, but many other large companies have gotten as far as offering outbound OpenID and then ceased active engagement with the protocol.

We've got our fingers crossed, though, for the success of a portable identity system that isn't owned by one single provider like Facebook. Facebook's Connect system of identity does offer a good perspective, though, on what's possible in every way but independent ownership.

But how can you have both? I created a spectrum of identity to help understand the different forms that exist on the internet. On one end is Anonymous Identity. Basically you use an account or identifier every time go to a Web site - no persistence, no way to connect the search you did last week with the one you did this week.

Pseudonymous Identity is where over time you use the same account or identifier over and over again at a site. It usually means you don't reveal your common or real name or other information that would make you personally identifiable. You could use the same identifier at multiple sites thus creating a correlation between actions on one site and another.

Self-Asserted Identity is what is typical on the Web today. You are asked to share your name, date of birth, city of residence, mailing address, etc. You fill in forms again and again. You can give "fake" information or true information about yourself - it is up to you.

Verified Identity is when there are claims about you that you have had verified by a third party. So for example if you are an employee of a company, your employer could issue a claim that you were indeed an employee. Or you might have your bank verify for your address.

A Linear Spectrum?

It seems like the two ends of this spectrum can't go together. You can't be anonymous and verify yourself by sharing all of the details on a credential from a government issuer who has asserted they have checked these things are true.

Microsoft demonstrated today how you can achieve anonymity and identity verification together at the same time, giving you verified anonymity. This technology (that relies on some pretty complex cryptography) lets you prove things without giving away too much information about yourself. For example:

• Proving you are over 21 without giving away your actual birth date
• Proving you live in a certain congressional district and are a registered voter but not having to give away your name or address
• Proving you are a kid at a middle school in San Jose without giving away which school or which grade you attend

Two years ago Microsoft surprised a lot of people with the purchase of Stefan Brands' company Credentica and its product U-Prove. It promised to open up the intellectual property and make it available for everyone. Finally, two years later, it is opening it up under the Microsoft Open Specification Promise. If you want to understand the crypto you can watch an hour-long video of Dr. Stefan Brands explaining it .

Microsoft is releasing the reference SDK's in source code (a C# and Java version) under the BSD open source software license. The goal is to enable the broadest audience of commercial and open-software developers to implement the technology in a way they see fit.

At the last Internet Identity Workshop there was a lot of conversation about Active Clients for all identity protocols: OpenID , SAML, WS-*, Information Cards, etc. Active clients support end users - regular people managing their different identities and credentials (like an over-21-verified, but anonymous ID). One way to make them usable is to map the underlying id management tools available online to real world metaphors - like the cards you find in your wallet. Information Cards are digital cards that are selected as one needs them to present online via a selector. The community has developed an open standard for exchanging information in this format in the IMI (Identity Metasystem Interoperability) Technical Committee,and is at OASIS.

Microsoft is releasing more IP under the OSP for the integration of U-Prove technology into "identity sectors" that other companies are developing. This includes the Higgins Project, which has the main open-source information card selectors.

As for its own products, the company is releasing to the public the Community Technology Preview (CTP) of the U-prove technology (as per the crypto spec), with Microsoft's identity platform technologies (Active Directory Federation Services 2.0, Windows identity federation, and Window's CardSpace v2). This video gives you a developer's perspective of the U-Prove technology from the guys who have been building it for years.

The underlying cryptography, open standards used to exchange information, and the client-side tools to support end users will enable more Web services to take advantage of the full range of identities on the spectrum - not just the socially verified ID's that services like Facebook or Twitter provide.

Making Your Email Address More Useful

You can think of WebFinger as an email-centric cousin of OpenID. While OpenID associates your identity with a URL, WebFinger links your identity to your email address. WebFinger can store metadata about your account and make it publicly accessible. This data can include your public profile data, information about other services that are used by this email address, a URL to your avatar, or - if you choose so - a declaration that this address doesn't have any metadata associated with it. The WebFinger metadata can also point to an alternative identity provider, which can be an OpenID server.

Update: we should note that while webfinger accounts look like email addresses - and often are email addresses - they can also simply point to a webfinger account that isn't actually an email address, too. It could just point to a public profile.

Currently, there are not a lot of user-facing projects that expose this data, but you can find a small demo service written by Google engineer DeWitt Clinton here.

Adding Value to Google Profiles

With Buzz, Google already put a lot of emphasis on Google Profiles and today's announcement increases the value of these profiles even more. It's important to note, though, that WebFinger is an open and free protocol, so any email service and identity provider can implement it. You can find more detailed information about the WebFinger protocol here.

Image Credit: Flickr user purpelslog.

The latest chapter in the fascinating story of Chris Messina's life ends with one of the most high-profile young proponents of an Open and Distributed Web joining Google, a company that aims to organize all the information in the world and a behemoth that many free spirits online eye with ambivalence. What will the future bring for Messina and his work? A look at how he got to Google might offer some clues. It isn't all pretty, some people worry about what the move will mean for the web, but the announcement is definitely important for all of us.

Chris Messina grew up in a well-to-do suburb in New Hampshire. As a teenager he railed vocally against a middle class culture that he says he now realizes he was very much a part of. One of his biggest influences, though, was a grandmother with strong Libertarian tendencies.

When Chris entered high school, the web was in its earliest days. He became the school's web master, setting up and running its first web site. A group of students at the school wanted to start a Gay/Straight Alliance support group and were facing some resistance from parents and school officials. Messina took it upon himself to post a free banner ad promoting the organization on the school's official web site. He got suspended from school and pulled the site down in protest. (Even in those early days a school librarian had backed up some of the files, so the situation ended without young Messina being paddled or tied to the rack.)

After high school Chris went to college at Carnegie Mellon, where he studied Design. That Design training took him far in the tech world and will be an important part of his new job.

After graduating from college, Messina went on to build an incredible resume of accomplishments recognized around the world.

• He designed the full-page ad in the New York Times announcing the launch of Firefox. Thousands of people donated $10 each to buy that ad, heralding an Open Source, community-based challenge to Microsoft's Internet Explorer.


• He co-founded BarCamp, the now international network of technology and culture "unconferences" that you may have heard of and should definitely attend next time there's one in your town.


• He was integral in the building of the international co-working community, a network of organizations that help each other serve independent, web-based workers who seek a physical space and support infrastructure.


• He is a Board member of the OpenID Foundation, the organization working on standards and adoption of open, federated and portable systems of identity for use around the web.


• He's a leading voice in the movement to create an Activity Streams standard that will allow user activity data to be shared and understood from one website over to another.

Now Chris Messina will be at one of the biggest and most important companies around. Today on his 29th birthday, Messina announced he was taking a job at Google, with the title Open Web Advocate.

Has Chris Messina sold out? "There are many legitimate reasons to work for a larger enterprise," social web sociologist danah boyd, who recently joined Microsoft, told us in response to Chris's move. "Some are practical: health insurance, stable income, and all of the other benefits that tend to come with such a package. But some come from the same ethos that entrepreneurs have... the desire to ship a product. Where you don't have to do every inch of legwork. And where you know that your work can touch millions. There's also something to be said for being around a whole lot of really smart people."

On Landing at Google

Messina has worked at a wide variety of startup companies. Most recently he was at OpenID provider Vidoop, one of a number of high profile hires the company made while it was still based in Oklahoma. In September 2008, Vidoop put its 40 person crew in a crazy caravan to its new headquarters in Portland, Oregon. In May, 2009 the company imploded, closed its doors and told some of its employees it couldn't pay back wages. Messina shared his account of what happened on his blog.

The next half year Messina spent doing independent consulting, including a month and a half project with Mozilla. The fruits of that labor will be released to the public soon, he told us today.

In September Messina was making the rounds, talking to a variety of companies in Silicon Valley and told a friend at Google that he was considering joining a big company as his next step. His Google contact told him that the company had a strong preference for hiring engineers, rather than people with the skills that Messina has. Doug Bowman, Google's first ever staff designer had made a high-profile departure to join Twitter just a few months prior, saying that Google didn't appreciate design.

Messina left feeling like that door was closed and considered launching his own startup company. Over the next few months a few other companies offered Messina positions, he said, but then his old Google contact pinged him again and asked if he was still interested in joining Google.

What had changed? His contact told him that Google was placing a new emphasis on getting the social web right, in a way that is good for the web. That month Google publicly launched a campaign that had run informally inside the company for two years, called the Data Liberation Front. It works across departments to enable users to remove their data from Google services, a key part of the vision of an Open Distributed Web that Messina has been working toward.

"I went in for the interview," Messina told us today, "and 2 weeks later they made me a great offer letting me do what I was already doing. Yes, the interview process was long but very efficient, and I had to complete 1 logic problem (which I almost nailed, but alas, I'm no Joe Smarr!)" Smarr is the widely respected developer that had been working on these same matters at Comcast Plaxo until announcing that he was joining Google in December.

Messina told us that he's excited to learn how to organize for an Open web from inside a very large company. It's a perspective he's never had before, but one that will lend him more credibility in his efforts to move other large companies.

What This Means for the Web

Messina and Smarr join a growing and impressive roster of Googlers dedicated to building an Open, Distributed web. That's a vision that's the opposite of a centralization and control - the typical model of financial success for a large company. This team of people will have to battle inertia, corporate interests and the natural tendency many people say is inherent in a large organization to bring more and more of a market under its control.

Google controls a growing size of our search, our advertising sales, our email, our document collaboration, our mapping, our voice communication and much more online. The company is almost sure to face anti-trust legal pressure someday soon.

It's always been a part of Google's DNA to support what's good for the web at large, the more people use the web the more they'll click on AdSense. This much centralization of power is cause for concern, though. It's as if Google is set to have a battle against itself. It's staff against the nature of its economy of scale.

The culture of the corporation may be more important than its size, though. David Recordon, an open web advocate that works closely with Messina and recently joined social networking giant Facebook, had this to say: "Personally, I love how Facebook's culture lets me continue working on what I'm passionate about while having a tremendous impact on both the technology industry and the world at large. I hope that as my friend, Chris is able to do the same at Google."

The day to day reality of effecting change may be more complex than that, though. Yahoo's Eran Hammer-Lahav, the best-known technologist working to develop and support open login standard OAuth, raises an important concern.

"This is clearly a big win for Google," he told us. "Messina and Smarr are huge assets in the social web space."

"My concern is specific to Google. With Messina, Smarr, [inventor of OpenID and more Brad] Fitzpatrick and others all working for Google, focusing on the Social Web, there is less and less incentive for Google to reach out. Google has a strong coding culture which puts running code ahead of consensus and collaboration. Now with so many bright minds in house, they are even less likely to reach out.

"A week ago, you would have to get at least Google, Plaxo, and Messina (representing the independent voice) to collaborate. This week it's just Google.

"While I am certain that Messina and Smarr will keep their independent voices, and am not suggesting they will 'sell out' or alter their principles, they no longer need to surface many of their ideas out to the community. They can just have an quick internal meeting and ship products."

What will going to Google mean for the rebellious young man who's become such a big personality agitating for the open web outside of the biggest companies on the web? What does it mean that the biggest companies, especially Google and Facebook, keep hiring outside social web technical leaders? Time will tell, but Messina says he's been told explicitly that people for whom "it's all about them" don't do well at Google.

The company must be full of formerly big personalities now working as part of a team. PubSubHubbub co-creator and now Googler Brett Slatkin once as a brash college freshman told Newsweek that "If I made a great product, and Microsoft offered me a lot of money, I would spit in their faces." (That's one of my favorite quotes.) Now Slatkin has toned it down and talks tech without the bombast.

Messina says he knows it's going to be a big change and is excited to see what being part of Google is like. So the next chapter of the story of Chris Messina will be a part of the next chapter of the story of Google.

Like this post? Read: What could all this look like in the future? See one vision in our article Toward a Value-Added User Data Economy

ReadWriteWeb also profiled Chris Messina in The Real-Time Web and its Future a report about the real-time Web, the thought leaders and companies shaping this market. Based on more than 50 interviews with industry leaders like Chris Messina and John Borthwick and insights into companies like Twitter, Warner Brothers and Nozzl Media, it's a must read for information technology decision makers, innovators and thought leaders.

While systems like Facebook Connect and Twitter Auth are making fast progress in offering website users easy access to their primary identity, social and activity data when visiting sites all around the web - OpenID technology is making progress as well. Here are the three new leaders elected to help advance that agenda.

Marc Frons, CTO for New York Times digital operations
At LinkedIn (Past gigs include Dow Jones, AOL and SmartMoney.com)
On Twitter (Joined April, 2009)
On Times People, the NYT link sharing network

Daniel Jacobson, Director of Application Development at NPR
On LinkedIn.
On Twitter.
Joined July, 2008, communicates with @nprtechteam, @magicmerl, @acarvin and @khopper.

John Bradley, engineer
On LiveJournal. Works on OpenID for government.

Smarr's work is all about enabling innovation by making it easy for users to move data from site to site.

Smarr was the first non-founding employee of Plaxo, a dynamic contact management service that was once the darling of Silicon Valley, and then became its spammy boogeyman, and was finally acquired by Comcast 18 months ago. Plaxo was co-founded by Napster co-founder Sean Parker and was backed by Sequoia Capital, the fund that backed Google and YouTube.

Chris Messina, fellow open-web leader and the self-described evangelist that helped turn Smarr from the dark side of Plaxo's early days ("champions of the open web can come from all corners," he told us), said of the move: "Smarr joining Google is a logical next step for him - I think he's done great work at Plaxo with John McCrea, but advancing the open web has not been able to be his priority since he took on the CTO role there."

Kaliya Hamlin, who says she introduced Smarr to the Identity community, said of his move to Google: "His spirit and energy to get things done, work across company boundaries and a deep commitment to open standards innovation will be a great asset for Google. One thing that really stands out for me was his innovation with Microsoft on the Portable Contacts API. That idea originated at the Data Sharing Workshop seeking to make progress on what was possible and within six months under his leadership it was complete."

OpenID leader Scott Kveton said this announcement is just the beginning. "That's great news," he told us, "and just the first of more to come I hear. It's going to be down to Google, Microsoft and Facebook. They are hiring all of the people building the open web. I'll be curious to see what kind of impact it has."

Smarr photo by Adactio.

With a community of nine million sites that use OpenID logins and one billion enabled accounts, OpenID has effectively revolutionized the way we are able to create and maintain portable identities. Best of all, it's not just bloggers and geeks who sang OpenID's praises: The U.S. federal government got on board this year, too.

As for the government, at the Gov 2.0 Summit in Washington, D.C., earlier this year, the General Services Administration and several government agencies announced they would adopt OpenID as part of the White House's Open Government Initiative. Participating companies included Yahoo!, PayPal, Google, Equifax, AOL, VeriSign, Acxiom, Citi, Privo and Wave Systems. On the government side is the Center for Information Technology, National Institutes of Health, U.S. Department of Health and Human Services, and related agencies.

Not only is the government's involvement a vote of confidence for OpenID's innovation, it also speaks to the product's security progress, which was spearheaded by security committee head and PayPal exec Andrew Nash.

In addition to developing and spreading the OpenID product, there's also the OpenID Foundation, which appointed its first executive committee, including Chris Messina and Don Thibeau, in 2009.

Portable identity is one of our favorite themes from this year, and we applaud what OpenID has been able to accomplish. What do you look forward to seeing from the product, the foundation and OpenID partner sites in the year to come? Let us know your thoughts in the comments.

Update: The title of this post was changed to reflect the discrepancy between the number of OpenID enabled accounts now online vs. the number of probable OpenID users.

This year marks the Foundation's second election; last year, Snorri Giorgetti, Nat Sakimura, Chris Messina, David Recordon, Eric Sachs, Scott Kveton and Brian Kissel were elected. Of the current community board members, Messina and Sakimura were elected to two-year terms. Kveton has indicated he will not serve another term.

In a blog post today, executive director Don Thibeau wrote that he envisions changes for how the board and the Foundation will operate in the coming year.

"Organizations that have transitioned from specification development to market adoption (the space we entered this year) have evolved their governance and membership programs to meet operational and financial objectives. In order to improve the core technology product, drive RP adoption, and increase member services, we need to find ways to offer more membership value and create diversified sources of income.

"2010's board members will consider how best to balance competing priorities with still unfolding value in the trust framework and certification work to do with the U.S. government and others. We've been told by experts that demand for certification is a leading indicator of the growth and maturity of a technology standard. How we do certification will, in part, shape our future."

As distributed social networking continues to grow and shape the Web we use, issues such as creating secure, portable digital identities become more and more intrinsic to making the Internet work for users, sites and content creators. Thibeau concluded, "For myself, I believe an open, reliable, trusted identity standard can be the next key operational piece of Internet infrastructure. It can be to the identity layer what DNS is to the Web layer and IP is to the packet layer."

Indeed, the past year has brought lots of publicity and material advances to the Foundation's cause. At the beginning of 2009, we reported that Google and Plaxo had created a simplified workflow for OpenID logins that added OAuth and the Google Contacts API. During the OpenID UX Summit in February, we wrote that one Comcast property reported a 92% success rate with OpenID logins. Perhaps most exciting of all was this May's news that Facebook would be allowing users to log in using OpenID. But no nod of approval carried more weight than the recent decision of the US government to allow members of the public to use OpenID to log in to certain government websites.

We look forward to reporting more good things - including nomination and election results - from the Foundation in the months to come.

That's right - someday soon you'll be able to log in to the websites of the Department of Health and Human Services, the National Insititute of Health and other government agencies with your accounts from Google, Yahoo and similar services. Below we discuss the privacy protection steps being taken, the usability issues and the ultimate significance of this announcement.

Participating companies include Yahoo!, PayPal, Google, Equifax, AOL, VeriSign, Acxiom, Citi, Privo and Wave Systems. On the government side is the Center for Information Technology (CIT), National Institutes of Health (NIH), U.S. Department of Health and Human Services (HHS), and "related agencies."

Conversation about whether and how best to implement a system of Federated Identity across government websites has been underway for at least the last 6 months. We wrote about the first public rumblings this summer. Kaliya Hamlin explains the state of the conversation in detail on her blog.

The two biggest questions will be protection of privacy and user experience.

Privacy Protections

OpenID board member and Facebook employee David Recordon explained to us tonight that participating government sites are not allowed to pass personal information about users from one site to another, even though we'll be logging in with the same accounts. Instead, when we authenticate ourselves with Google, Yahoo, Verisign or whoever our Identity Provider of choice is, that website will pass a different, unique URL to the government site we're logging in to.

The identity providers will keep track of all the unique URLs used to identify us to different government sites and we'll just need to remember one log-in. That means you'll need to trust your identity provider to keep your private information separated between agencies - it won't be up to the government sites themselves to do so.

User Experience

User experience has been one of the biggest issues around systems of federated identity since they began to proliferate. No decisions have been made yet about exactly how users will log in to these government sites, but we will be given a limited number of choices between providers that have been government approved. (If you own a domain that's an OpenID provider, you won't be able to use that.)

Most likely users will be presented with an array of logos to click on, launching a new window to communicate just with the identity provider. Once a user proves who they are to the identity provider, that company will then vouch for the user to the government site.

Why Is This Important?

This is a significant move for three reasons. First, it could make securely accessing government websites much easier for users. That would increase use of government services online and could kick off a virtuous circle of increased web-savvy service in response to increased citizen interest.

Second, federated identity provides not just easy "single sign-on" but also offers the opportunity for users to carry personal information with them from one website to another. This "payload" of information can help new websites we use quickly personalize our experience and deliver more intelligent service. That's likely to be complicated when it comes to privacy-centric areas like health, but there's a lot of potential there. If Google knows you've made plans to travel to another country soon, and if you're willing to expose that information to a government website, then the site could offer health-specific information about the country you plan on visiting for example. That's a long ways off, but it's part of the big vision of data portability.

Finally, when any large institution puts its weight behind an open standard then that creates more incentive for other institutions to get on board with the standard as well. Federated Identity systems like OpenID and Info Cards have seen growing amounts of support from different companies, but as that support grows then the information available to innovate on top of grows, the number of opportunities for users to access innovative services built on top of standards grows and the incentive for still more companies to get on board with open data, innovative technology and data portability grows as well.

To draw the standard railroad analogy, if one large railroad network adopts the new standard of rail sizes then trains that run on standard rails can travel further, the passengers can go new places and other networks have more interest in adopting the standard as well. On the information super-highway, the network of government websites are a very big railroad (if you will).

The pilot program will remain a discussion for some time. The OpenID and Information Card Foundations are good places to visit if you'd like to participate in the conversations that will inform later implementation.

He confirmed to us that he'll be starting on Monday with the title Senior Open Programs Manager. The move was first reported by Spencer E. Ante this afternoon in BusinessWeek.

David Recordon traveled all over the world advocating open standards apparently in the belief that an open web would ultimately benefit SixApart. By the same logic that more web use and thus more search is good for Google, so too is more blogging and more online activity good for an activity stream-savvy SixApart. But the company's activity stream products don't appear to have flowered as much as its blogging software, and Recordon's international advocacy must have been expensive.

Facebook, on the other hand, may have a clearer interest in fostering increased activity and syndication of that activity data. While some critics, including this site, have noted Facebook's tendency to both horde user data and push definitions of privacy in directions most users are unlikely to approve of, the company has also been an active participant in standards discussions concerning both data syndication and privacy. (We worry that users are being pushed to open up data that developers will only be able to access in aggregate for a high price.)

Recordon has been a key leader in the movement to advance standards-based technology concerning identity and activity. We hope that he will help usher in future developments at Facebook that will both make user data available to as many developers as possible to build on and help users stay in control of their privacy in ways they are comfortable with. That's not going to be an easy job.

Just like when open source advocates take jobs at Microsoft, it's hard to know to what degree they are changing the nature of the company and to what degree they are being co-opted.

Meanwhile back at SixApart, long-time team member Anil Dash has greatly increased his public profile in recent weeks with big posts about what he calls the Push-button Web.

Key questions then seem to be these: can Dash and others at SixApart keep pushing the Open Web agenda by bringing new technologies to market effectively? Can Recordon help the part of Facebook that favors open innovation and not just put a happy face on what departed Forrester marketing analyst Jeremiah Owyang recently predicted would be a future of big social networks "colonizing the rest of the web."

Facebook recently announced that it will be expanding its staff by as much as 50% this year, and blogger Robert Scoble notes that he was told by Google employees today while visiting that they are being recruited hard by Facebook as well.

Photo by Joi Ito.

The Open Government Identity Management Solutions Privacy Workshop is being held in Washington DC to draft a process for certifying existing identity providers for low-security government authentication transactions (so-called NIST level 1). If the plans move forward, we may someday be able to log in to government sites using our favorite OpenID-supporting website credentials. Google, AOL, Yahoo or other commercial accounts could become new keys to a consistent experience around the .gov web.

That draft includes requirements that OpenID or related Info Card identities not be used to authenticate people who are physically present (it's just for remote online access), that they not be used to transmit activity data or anything else beyond what is specifically requested by a government agency and that there be measures taken to continue protecting personal information if the identity provider goes out of business.

Identity providers will be evaluated on factors like an organization's technical implementation of authentication, its reputation and its business stability.

Providers who meet the requirements of the Trust Framework may be chosen to provide low-security authentication for users of government websites.

O'Reilly's Andy Oram posted an in-depth look at some of the issues raised by government support for OpenID last week.

"In considering government adoption," OpenID Foundation board member Chris Messina said of the Framework, "primary among our priorities is the protection of individual privacy while also considering ease of use and convenience. These factors cut to the core of the purpose of Trust Framework and feedback, therefore, is strongly encouraged on the document we've produced so far."

Keep your eyes peeled for an opportunity to comment publicly.

Government validation of federated identity could be a major boost for the ecosystem of the open, distributed web, and thus for innovation online. We hope the people making these plans can get it right and that the relevant government agencies can garner sufficient public support.

OpenID is a decentralized digital identity that allows for easy access to a number of networks. Members benefit from one singular identity and networks benefit from a lowered barrier to membership. In this way, more information is shared across a variety os social landscapes and therefore, as with Creative Commons, there are more opportunities for engagement and education.

Says open source advocate Chris Messina in a recent blog post on CC OpenID:

"Creative Commons is redistributing the brand equity and social capital their members have accrued over the last several years by letting people show and verify their affiliation to the organization.

With this simple example, we can start to see the symbiosis of making an intentional choice about identity: Creative Commons finds a new revenue opportunity and members of the community have a way to express their affiliation and promote the brand."