I have been using OpenID more often to sign up for new web services. It seems to me that you should be able to build up an OpenID identity, but I’m not sure how to go about this. There still would need to be some sort of centralized reputation arbiter. Sites like Slashdot let you build up karma with posting, commenting, and moderating activity. How can I capture the “good reputation” or karma built up on sites like Slashdot? One thought is that if I could tie an OpenID identity to some of these sites, a consumer application (someone who accepts OpenID for authentication) could query the other sites I specify to see that I have built up karma already.

There are some problems to solve. First, I imagine that a consumer application couldn’t take any old site or I could just build a bunch of meaningless sites and grant myself a high reputation. There would probably have to be a list put together by a consumer application. Secondly, I don’t expect that a consumer application should be able to grab my identity and run with it on all of these sites on its list. OpenID doesn’t actually give that ability to consumer applications. The only way I could see it happening is giving my OpenID password to the consumer application. No thanks. OpenID currently lets you specify additional information that can be provided to a consumer application that requests it. Currently, I don’t know that it is possible to provide access to secondary sites like this, but it seems like a reasonable extension to OpenID.

Of course, OpenID has its detractors, but a many of these objections have been addressed in a recent Security Now podcast (#111).

You definitely have your choice of providers, which brings up another potential problem. Anybody can register an OpenID identity claiming that they are you, at least superficially. There’s nothing to stop me from claiming to be John Smith. However, the extended reputation system would take care of both the false identity, and abandoning old identities that gain a bad reputation. The karma or reputation number functions as a form of currency. People will want to keep at least one identity with a higher reputation. This could be abused by sites requiring a certain level of karma to post comments for instance, but it would also address the concerns of creating throwaway ID’s much like throwaway email addresses are created today.

For some additional introductory material on OpenID, see these lifehacker and intertwingly articles.

As I continue to integrate my “real life” with my online life, I have been thinking a lot about reputation. How can I prove (to some extent) that I am me? How can I prove that I am trustworthy? What does it mean to be trustworthy? I like to use analogies, and the closest one I can think of right now is my FICO (credit score) number. There are three companies that collect and analyze information about my financial history and activities (very rarely with any sort of permission from me). They then sell this information to a third party who is trying to decide if I am worth the risk of doing business with.

Of course, there are other things besides financial risk that affect my online reputation; no analogy is perfect. I have often wondered what would happen if the three credit report companies went away overnight and we all had to start over tomorrow. I assume that costs of doing business would go up slightly, as with less information to go on, it is more risky for someone to decide to do business with me. On the other hand, if my credit score was low enough, a business might go off of an “average” credit score. Even with a slightly increased cost due to uncertainty, I might come out ahead.

There are a couple places I can think of online, like eBay, where a reputation system has been in place long enough to build up some history, but most online “locations” have not had a system in place, or have not had enough time to build up this history. Even on eBay, if I have built up an account with a negative reputation, there is little incentive to keep that account rather than abandoning it and starting with a new one. In addition, how do I go about building up a general online reputation without having to start over for each new website or online community? I continue to ponder this, but haven’t figured out a lot of answers yet. What do you think about online reputations?