The OpenID app could work – I just discovered that myOpenID allows multiple account specifications (something I was calling ‘personae.’) That’s one of the issues I saw as an easy fix.

I like OpenID, particularly their rate of adoption.

Here’s where I think they’re lacking: anyone can host an OpenID account. I could host my own fake/psycho/whatever ID on a closed server and still gain access and leave threatening comments without leaving a trace back to me. In other words, we lose the verification aspect.

But that’s fixable. Allowing openid accounts from only those servers that are verified could probably get past the issue.

I think that OpenID is perfect in every way. I don’t think they need to rethink their rationale in anyway. Distributed authentication/authorization is the future.

Blog comment spam is a pain in the ass, no question. When you consider any irrelevant information to be spam it changes things. In Kathy’s case, the spam was life threatening, that is the worst case scenario.

I might be wrong here, but I don’t see how blog span is drastically different from email spam. As we start to standardize on OpenID, we will see businesses form around verifying those OpenID servers. White lists and Black lists a like. I don’t know if they will “take” as viable businesses, but I guarantee, as OpenID takes off so will, for profit, services surrounding it.

Now, admittedly, there are problems with the email black and white list services, I don’t want to recreate that racket. But one person’s trusted source is another person’s ENRON. I mean, if we wanted to let one company control single signon we would all have microsoft Passport accounts.

Nicholas

P.S. I love this blog, I rarely disagree with it, thanks for all the hard work.