For Users that already use autocomplete, OpenID is needlessly redundant. For Users that don’t trust their own computers to keep their information secure, why would they trust someone else’s?

My problem is that I see these problems as all being “should-have” problems. I did not use myopenid.com, nor delegation when I started using OpenID myself. Because of that, I am now in a horrible situation of being unable to fix my mistakes without removing and re-creating my accounts. This is a “should-have” problem that can only be fixed by doing actions differently in the past — or by forcing my provider and all of my consumers to change their ways.

Just because myopenid.com may excel in some particular facet — mobiile login, phishing prevention, SREG implementation — it does not mean that all providers excel in the same facet. The ground is only as strong as the piece you’re standing on, and if your piece isn’t set on myopenid.com, your innovation is unfortunately of no use.

You’ve made an excellent case for the technology but little case for the practical use and implementation.

Some people will be comfortable managing multiple username/passwords for various websites. Some will use password management tools or browser plug-ins. Some will choose OpenID. Many will use a combination of all three.

The good news is that there is more personal choice available to users as a result of OpenID. As with many online experiences, it’s often a balance between convenience, privacy, and security. You choose whether to store your credit card info and the mailing addresses of all your gift recipients online with Amazon. You choose whether to let your browser remember your passwords and run the risk that someone steals your computer.

Of the 14,000 sites that are OpenID enabled today (http://janrain.com/blog/2008/06/02/relying-party-stats-as-of-june-1st/), most are user generated content sites (blogs, discussion groups, wikis, social networks, etc.). In these environments, convenience is often important to the user and site operator, security and privacy are less critical, so these are the logical early adopters of OpenID.

The next logical adopters of OpenID would appear to be media sites (newspapers, radio, TV, magazines, movies, sports, etc.) and affinity groups (college alumni associations, PTAs, little league teams, homeowner associations, etc.), and possibly the customer community sections of commerce sites (Dell, HP, etc.) where members can help each other with tech support or purchase decisions. Not much highly sensitive information or financial transactions occurring on these sites.

Longer term, commerce sites will likely adopt OpenID.

As this evolution progresses, OpenID will evolve to meet the needs of the various stakeholders: individual users, website operators, affinity group administrators, OpenID providers, etc.

Already many OpenID providers such as myOpenID.com support anti-phishing and security enhancements such as website verification (per the earlier reference to what banks are doing), SSL Certificate authentication, InfoCard integration, phone-based authentication, password strength indicators, etc. These security features can be deployed globally, or longer term by specific activities (financial transactions, password resets, change of personal preferences, time of day, specific computers, by geography, etc.). Again, the balance between convenience and security will be the driving factor.

Additionally, as OpenID evolves, the convenience aspects will also increase. SREG and Attribute Exchange make it easier for users to, at their discretion, share personal data with website operators to expedite the registration process and keep that data current and accurate. User login enhancements such as ID Selector (www.idselector.com) make it easier for users to login without having to remember the full syntax of their OpenID URL, just pick a provider and enter your account name. Once you’ve registered with ID Selector, it remembers your preference and for every subsequent visit, you get “single click” login with no text to enter at all - what could be easier than that?

As more websites accept OpenIDs, the benefits to users goes up, and the pressure on remaining sites to accept OpenID increases. As more sites and users adopt OpenID, OpenID evolves and improves to meet the market needs. Since its an open source platform, lots of individuals and companies can contribute to the rapid innovation and enhancements.

Rather than citing all the reasons why OpenID will never work, why not focus the discussion on what the OpenID community can do to enhance the ecosystem and leverage the promise of this exciting new technology?

Cheers, Brian