I really want to like OpenID, but the more I find out about it, the more I begin to hope it fails, so that something better can emerge.
The idea, as I originally came upon it, appealed: “you already have identities you can prove are yours, in the form of URLs – why not use them as a universal sign-on?” And obviously, the main URL I control is this one – https://rwec.co.uk – and OpenID allows me to use that identity without having to run my own identity server. This is called delegation, and lets you “delegate” your own URL to another identity (that is, another URL), on a server that’s set up to do the OpenID negotiation.
To me, delegation is the single most appealing feature of OpenID – if this is to be my “one identity to rule them all”, I don’t want it vulnerable to supplier lock-in, and the fact that https://rwec.co.uk is my property guarantees me continued control. But when I started looking into the details earlier, I was confused, then dismayed, at how much of a poor relation delegation has become in the OpenID world.