Last week I whined on about how OpenID is a great invention that most people aren’t going to get their heads around. I asserted that the big problem was that unlike inventions like email, people don’t have a familiar metaphor to work against. The label of "curmudgeon" has been leveled against me in the past. So in the spirit of constructive dialogue, I’m going to humbly put forth an approach to make centralized identity a little bit easier on the Internet.
Let’s See, What Do We Have In The Metaphor Box…
Looking around us, there are a few things we carry around that help us function on the actual (not virtual) world. A driver’s license. Some credit cards. A bank card. A passport. Our house keys. Our car keys. All of these have a bit of our identity implicit in them. They help you get into places nobody else is supposed to get into: your house. Your bank account. Your car.
People are comfortable with walking around with something that helps them get to their stuff and stops others from getting to their stuff. The lock & key metaphor is a powerful and pervasive one.
Now If We Only Had The Internet’s Version Of A Lock & Key…
What you need is a way to easily walk up to any computer and identify yourself quickly and easily. No logins. No nothing. We need a simple easy way to identify ourselves. At ATM machines we just swipe a card. When we get home we just insert a key and turn. Why not for computers and the Internet? What would it require? To start, it would require a key and lock be build into every machine. Well it turns out we do and it’s called USB. Let’s walk through an imaginary use case:
- Jane heads over to her friend Sally’s house to hang out for awhile.
- She kindly asks Sally to user her PC to check her mail and see what’s going on at Facebook.
- Jane takes out her USB key dangling off her key chain and plugs it into Sally’s computer.
- Immediately, Jane is asked to put in her password just once.
- As soon as Jane puts in her password, the status bar in Internet Explorer identifies Jane as the current user.
- Everywhere Jane goes on the Internet, the various applications know its her. Even when she signs up to new destinations, her data is ready to go.
- Once Jane is done, she yanks out her USB key. As soon as she does so, she’s immediately no longer logged in anywhere.
That’s it. It’s pretty simple…and I actually think my mom can get it. No offense to mom, but she’s a great measuring stick here. USB drives are damn cheap and every desktop and laptop on earth has the "keyholes" to receive all the keys out there. No more signing onto comment threads in blogs. No more hassles with 35 accounts we have floating around. It’s the promise of unified authentication packaged in a way that actually makes sense to the masses.
I’m not going to get into implementation in this post. I’m sure the technologists can get their wheels spinning pretty quickly around an approach like this. The browser (or desktop) would obviously need to be smarter (Firefox plugin?). And OpenID? This can all still happen with OpenID. In fact, that little USB drive could carry a mini OpenID server just for you…or link up to one in the cloud.
Now where the hell did I leave my keys…