So with all the hoopla around OpenID being embraced by Microsoft and AOL, many are asking "what does this mean?" and "what can you do with an OpenID?"

One thing these announcements mean is that the OpenID standard is gaining some serious street cred. But though it has been suggested that OpenID provides a safer way to log in to sites, does this make us safer? On the contrary, adding millions of OpenID users into the pool can actually lower the safety of OpenID users all around, as e.g. phishing attacks actually become easier to pull off while luring the hapless OpenID user into a false sense of security.

At the core of the problems associated with using OpenID for any form of group security is the need for reputation services that can vet users, communities and services as meeting some form of community agreed-upon criteria. The word "community" shows up twice in the previous sentence (and this one!) as community is the building block of trusted services, and trust is created by secure, verifiable, and long-lived reputation. After all, does the mere fact that someone sports an AOL or MSN OpenID identifier make you trust them more?

So, what can you do with an OpenID? Right now, not much. You can use it for Single Sign-on to some sites like Schtuff - which isn't really very exciting. But we have dreams. Some of the longer term possibilities that helped launch the user-centric digital identity movement are described in a July 2003 blog post entitled Identity Value Propositions. With the launch of the first Identity Broker, my partner and I explained a bit about how we intended to make money with a free and open source service in 2idi's Open Source Vision. And some people wondered But What Are They Good For?

Coming back to the present, what's becoming increasingly important is the need for trusted services - and people - in the brave new OpenID world. This is where community-based peer-to-peer reputation services come in to the picture. In a world where anyone can get an OpenID, community standards will develop to vet some and reject others, enabling online communities to act as trust boundaries for their users.

We all exist in a multitude of overlapping communities, and OpenID can help create trust within and across communities through persistent user-centric identity - which can foster trustworthy services as relationships between communities are forged. This all starts by having a trusted identity broker that acts as the foundation upon which communities can grow. This is a good time to be in the community creation service.