Imagine visiting a store, showing a plastic card with a few numbers on it to the store employee, and leaving 10 minutes later with a thousand dollars worth of goods. Best of all, you and the store can be fairly certain that neither of you were cheated.
Prior to the invention of the credit card, this sounded too good to be true. But it isn’t: Visa reports to have facilitated 37 billion transactions of this type in the last year.
Let’s change a few words, and read this paragraph again.
Imagine visiting a website, showing the URL of your homepage to the site, and leaving 10 minutes later with a thousand dollars worth of goods. Best of all, you and the store can be fairly certain that neither of you were cheated. [Of course there are a lot more things you might to at a website other than buying something.]
Visa cards are issued by banks, co-branded with Visa. OpenIDs are issued by "identity provider" websites, co-branded with OpenID.
Visa cards are accepted by merchants that display the Visa logo at their front door. OpenIDs are accepted by websites that display the OpenID logo on their front page.
Neither the banks for the merchants could do what they are doing without the common framework provided by Visa, which mostly consists of a well-managed brand, technical standards, payment processing and legal agreements.
It is my belief that the OpenID Foundation could, and should play the same role in the internet identity ecosystem that Visa plays in the payment ecosystem:
- Developing and setting technical standards: something the OpenID Foundation (OIDF) has done for some time.
- Clearly defining and managing the OpenID brand: something OIDF should have been doing since my company (NetMesh) transferred the OpenID trademark to the OIDF.
- Developing and encouraging the use of common legal agreements for OpenID providers and acceptors: the OIDF has not done this so far, but we have been asked many times and may start work on in 2009.
- Because OpenID is built on the open internet architecture, there is no need that I can see to operate the equivalent of Visa’s payment processing organization.
In my view, somebody needs to play that role for internet identity that Visa plays for payments; otherwise it’s fairly clear internet identity can never scale to the ubiquity of Visa — but OpenID has the same opportunity to become a factor of life for everybody as Visa had back then, and it should go after it. By way of comparison, I think most internet users log into web applications at least as often as they use their Visa card, so the opportunity is even larger than the 37 billion Visa transactions last year.
Given that this is the 21st century, a Visa for internet identity needs to be structured ifferently that Visa is, but we have already done this with the OpenID Foundation:
- non-profit, rather than for-profit;
- democractic membership organization with a low price of entry, instead of a shareholder corporation;
- being a market facilitator rather than a market participant.
Of course, wanting to be of such global significance as Visa would require us to start behaving like it. I hope that the to-be-elected new board is up to the challenge. If elected, that’s the direction in which I’d like to drive the organization and the board.