Quick, answer this: How many times have you typed your name into a form on a webpage? Dozens? Hundreds? How about your e-mail address? Home address?
The madness is gradually—very, very gradually—waning as more and more sites implement OpenID and/or Facebook Connect for their login systems. But a universal authentication system doesn’t go far enough. I’m not just tired of having 1,000 different sets of credentials for 1,000 different sites; I’m tired of having 1,000 different sets of information on 1,000 different sites. We need an extension of OpenID that acts as a total information repository. You should enter your personal data once, and store it securely on the OpenID server. When you log in to a website with your OpenID, it would request whatever personal data it thinks it needs, and the OpenID server would prompt you to allow or deny access to any individual piece of information, on a one-time or recurring basis. The key here is that you have total control over how your information is collected and used. Nothing leaves the OpenID information vault without you expressly authorizing it, and just like OAuth implementations, you’d be able to see all sites you’ve given any level of permission to and modify or revoke that permission at any time.
Some people would worry about a server devoted purely to storing personal data; what if it’s breached? Yet, I’d point out that this is much better than having that data scattered across the whole Internet, on many different sites with widely varying levels of security. Hell, this very minute, someone could be hacking into a site I don’t even remember I ever signed up for, harvesting my e-mail address to feed to a spam botnet.
Ultimately, I would say that the solution should be an open standard, complementary to OpenID. Screw Facebook Connect and their “walled garden”. Ahem.
