Two years ago, I was introduced to Sxip and the work around Identity 2.0. The key standard involved in all of this is OpenID. Here’s a quick recap of OpenID:

OpenID is an open, decentralized, free framework for user-centric digital identity.

OpenID starts with the concept that anyone can identify themselves on the Internet the same way websites do-with a URI (also called a URL or web address). Since URIs are at the very core of Web architecture, they provide a solid foundation for user-centric identity.

…

To login to an OpenID-enabled website (even one you’ve never been to before), just type your OpenID URI. The website will then redirect you to your OpenID Provider to login using whatever credentials it requires.

OpenID has been in the news lately with two separate announcements from major companies. Both Microsoft and AOL are committing to support OpenID. Microsoft has simply announced support. AOL has gone a bit further and enabled OpenID URIs for every one of their users. That’s a big, big deal. I don’t know anyone without an AIM login.

Just a couple of notes. The most important takeaway to me is that it’s now even easier to start a company. I’m building a new site right now at home and having to write a new registration system from scratch absolutely sucks. I don’t know why we all do it over and over again, but we all do. It’s a waste of time and only takes away from building the great product.

The other interesting thing is that the companies that went this way are the two companies who really have pushed single-sign-on in the past. I would’ve expected the first major company to move this way to be a more tech-saavy, personalization focused company like Yahoo or Amazon. I just didn’t expect a big company like AOL to do something so, well, technically savvy. Of course, after buying WIN and getting Jason Calacanis, even for that short while, they did a ton of smart, savvy things. So maybe they’re more nimble than I thought.

On a slightly different note, I noticed that Sxip has killed sxore and is focusing on Sxipper instead. I think this idea is better and will be trying out the plugin. The idea is a variation of something I thought would be better than the completely web-based approach.

I’m hoping that OpenID providers like Sxipper or MyOpenId or even AOL or Microsoft catch on so that one day I might be able to just build a web site without reinventing the register-login-recover-password loop that seems to be a universal requirement.

I’m watching the Sxip presentation given by CEO Dick Hardt. I spoke to their marketing person yesterday and went to their little shindig up in their suite and have to say, I’m still skeptical. Very quickly, Sxip aims to create a user-centric identity system they’re dubbing Identity 2.0. The idea is a single sign-on (SSO) system that, unlike systems like Passport, puts you in control of which companies host your data, what data to share, and which data from which provider to share. So, theoretically, if you had an ESPN.com account, you could make ESPN.com the authority for one of your online identities. If you went to Amazon.com, in a Sxip/Identity 2.0 world, you’d be able to tell Amazon to use ESPN.com to authenticate you. ESPN.com would only pass on the registration data you authorized to Amazon. Sxip doesn’t have to be the solution for Identity 2.0, but of course they want to be the preferred choice.

The problem I see with this system is that it’s too cumbersome for users. The problem I have isn’t that I have multiple identities on different sites, but that I have to fill out the same email, name, address, phone number, etc. all over the place. It’s annoying. I do actually really like having multiple identities.

The system doesn’t do anything about naive users making “bad” privacy choices. Instead, if I add my cell phone, say, for a particular site to use, I might just always opt to have my authority site (home site in Sxip jargon) keep that data too. Just for ease of use, if nothing else.

What I’d rather see is a browser/computer centric solution that would allow users to store certain data on the client and then come up with a microformat-style system where the browser or a plugin could fill in the form using the hints provided in the form.

That would be simple, and easy for users to understand. Every time they add data to the local schema, it’s always convenient and it makes it more difficult for users to make “bad” privacy choices. People just read forms, see the fields that get filled in, and then can either just delete the fields they see filled in. Perhaps the persona idea from Web 2.0 could be stored locally as well. Anyway, anything that works well on the client and keeps data with me I think is better. Most users won’t know this, but will get the convenience of SSO and simplified registration. That’s all we really need, right?