He was explaining OpenID as User-centric ID Management, enabled by logically separating the ID provider from the provider of the service being logged into.
The benefits of Open ID are:
- Easy to remember than multiple passwords
- Not centralised (you may have multiple providers as a fallback)
- User can control what personal information is exposed to which services
- Simple and lightweight
- Easy to use and implement (I can attest to that, it took all of half an hour to implement on this blog!)
Open ID does not specify the authentication mechanism, and enables the OpenID provider to use stronger authentication if they wish. This is where Verisign have applied their technology, with a device that can be used to generate a number that the user must input in addition to their username and password, to give that additional security.
Verisign also provide an OpenID management service, which allows you to monitor all your OpenID providers from one location. I didn't understand how this works, as being a decentralised system, how can Verisign know when I have authenticated against say MyOpenID.com? Sounds like there is more to that story ... anyone?