Authentication is an essential part of any web application. But why are web service providers so secretive about their authentication protocols and procedures? Why they are not disclosing any information about how users’ credentials are communicated, verified and stored?

In the last months OpenID definitely gained momentum. Everyone is running to provide support and integration. But what about OpenID phishing risks?

Kaliya, the Identity Woman, says that pass.net is “a new identity protocol”. To me it seems more a smart idea for implementing an effective single sign-on solution. With Pass.net the trick is to delegate identification and authentication to a third party: your email domain. Hence this SSO method is as secure as the mail server handling your email account.

Sxore is disappointing not in itself, but mainly because it comes from Sxip, the very company whose mantra is “user-centric identity, decentralized identity”. We are looking forward to take a look at the very promising and upcoming release of Sxip 2.0, but with Sxore they missed the opportunity to test Identity 2.0 against a real-world problem.

I’m afraid we’ve been involved in a much larger topic than the one we intended to address.

Often I struggle to find the right words for my posts … just to discover that someone else already wrote with a brilliant and remarkable style about the very same stuff that I’m mumbling about.

It’s the case of my previous post “Identity is not reputation” confronted with James Kobielus post “imho identity privacy reputation” (November 2005).

Our original proposal was trying to convince identity providers to add reputation management as a built-in application within their systems. That was wrong. As Phil Windley said in a recent post

[…] reputation is computed from identity and transactional data.

Our recent proposal (a schema for handling the reputation of people posting comments to blogs) was based on the assumption that reputation management should be tightly coupled with identity management.

UPDATE - We received lots of brilliant feedbacks about our proposal. A revised version is now available [here][98] with more “philosophical” background [here][99].

In my [previous post][1] I mentioned a [recent article from Dion Hinchcliffe] [2] that is based on the following assumption: anonymity is extremely difficult to handle (look at what happened with the