I’ve offi­cially sub­mit­ted my Search Explorer project to Rhizome’s 2009 com­mis­sions process! Watch the demo, and if you like what you see, I’d appre­ci­ate your vote!

Now that we often spend more hours each day inter­fac­ing with our “dig­i­tal hubs” than actual peo­ple, and our lives are lived (or, at least, acted out) more dig­i­tally every day, who are we? Are we cutecuddles909@aol.com, or CoolDude on Match, an account num­ber used for online bank­ing, or a MySpace URL? What hap­pened to Scott, the neigh­bor, the friend, the classmate?

Today, he could be all of the above, and likely many more. With so many online ser­vices, the sheer num­ber of login iden­ti­ties we man­age is over­whelm­ing. I main­tain a list of all my login names and pass­words (since I use a dif­fer­ent pass­word for every ser­vice), which today con­tains 110 dif­fer­ent iden­ti­ties. Clearly, it’s nei­ther con­ve­nient, effi­cient, nor rea­son­able to expect peo­ple to keep track of so many logins. Hence, some new tech­no­log­i­cal solu­tions that allow you to have one sin­gle login used on mul­ti­ple sites.

OpenID, Yadis, and LID all enable you to use a URL (or, tech­ni­cally, a URI) as your login iden­ti­fier. This is huge because it means that, on any web­site or online ser­vice that sup­ports these open stan­dards, you can login with yourblogurl.com instead of an arbi­trary user­name or -- even worse -- your email address (which inevitably will change, mean­ing you have to go update it for all of your 110 accounts).

As of today, this web­site is fully OpenID-enabled. Meaning, I can use its URI to ver­ify my iden­tity when I login to other sites, and you can use your OpenID to ver­ify your iden­tity when post­ing com­ments on this blog. Go ahead -- give it a shot, and let me know what you think. It’s easy enough to get an OpenID with a third-party ser­vice, but I rec­om­mend using some­thing like php­MyID on your own server, so you truly main­tain con­trol of your own iden­tity credentials.

Of course, I’ve been writ­ing as though a username/password combo is a dig­i­tal iden­tity, but there are some larger ques­tions here. What does con­sti­tute one’s dig­i­tal iden­tity, and is it some­thing that should be pro­tected? If so, how can it be pro­tected, from what does it need pro­tect­ing, and why? With OpenID, I can ver­ify that you “own” a cer­tain URI, but just because you own johndoe.com doesn’t mean you are actu­ally named “John Doe” in real life. Nor does it mean that you’re nec­es­sar­ily the John Doe that I know from work. Even with a valid OpenID, you could be any­one. I have no idea who you are. All I know for sure is that the per­son who logged in as johndoe.com on site A is the same per­son who logged in as johndoe.com on site B. So, taken together, I can observe rela­tion­ships between this one vir­tual iden­tity, and start to build a pro­file about who I think the real per­son behind the key­strokes is. The OpenID project is explicit about the fact that it does not even attempt to resolve issues of trust and hon­esty online -- it is only used to ensure con­sis­tent “iden­ti­ties,” although now I’m not even sure what that means.