I have been using OpenID more often to sign up for new web services. It seems to me that you should be able to build up an OpenID identity, but I’m not sure how to go about this. There still would need to be some sort of centralized reputation arbiter. Sites like Slashdot let you build up karma with posting, commenting, and moderating activity. How can I capture the “good reputation” or karma built up on sites like Slashdot? One thought is that if I could tie an OpenID identity to some of these sites, a consumer application (someone who accepts OpenID for authentication) could query the other sites I specify to see that I have built up karma already.
There are some problems to solve. First, I imagine that a consumer application couldn’t take any old site or I could just build a bunch of meaningless sites and grant myself a high reputation. There would probably have to be a list put together by a consumer application. Secondly, I don’t expect that a consumer application should be able to grab my identity and run with it on all of these sites on its list. OpenID doesn’t actually give that ability to consumer applications. The only way I could see it happening is giving my OpenID password to the consumer application. No thanks. OpenID currently lets you specify additional information that can be provided to a consumer application that requests it. Currently, I don’t know that it is possible to provide access to secondary sites like this, but it seems like a reasonable extension to OpenID.
Of course, OpenID has its detractors, but a many of these objections have been addressed in a recent Security Now podcast (#111).
You definitely have your choice of providers, which brings up another potential problem. Anybody can register an OpenID identity claiming that they are you, at least superficially. There’s nothing to stop me from claiming to be John Smith. However, the extended reputation system would take care of both the false identity, and abandoning old identities that gain a bad reputation. The karma or reputation number functions as a form of currency. People will want to keep at least one identity with a higher reputation. This could be abused by sites requiring a certain level of karma to post comments for instance, but it would also address the concerns of creating throwaway ID’s much like throwaway email addresses are created today.
For some additional introductory material on OpenID, see these lifehacker and intertwingly articles.