Wired on Friday:If you use the web for any length of time, you'll recognise the registration tango. This is the little dance of reassurance you and a new site have to give each other before it will let you in and you will trust it with personal data, writes Danny O'Brien
Here's how it goes. You type some details and hand over a user name and password you'd like, along with an e-mail address. It sends you a confirmation mail. You open up your mail client, wait for a mail to arrive, then click on the link (if it wasn't eaten by your anti-spam software).
Grudgingly, it lets you in. You, grudgingly, accept the obligation to remember yet another password - or more scandalously, use the same one you always do.
At some point, to drag out negotiations, the site will probably ask you to re-enter the same personal details you always end up entering on websites: phone number, address, perhaps a credit card, perhaps a birthday.
Both sides would ultimately rather that this shimmy would go away. Websites and the commercial companies that are behind them don't like it, because it scares off new customers. Users don't like it, because it's a pain in the rear.
Perhaps the biggest indicator of whether this inconvenience gets whisked away in the next few years is what net geeks think about the problem. Is it undesirable? Is it soluble? Is it "interestingly" soluble? To this matter, the geeks are conflicted.
The problem is certainly soluble. You could leave all your personal details on some publicly accessible location online. You log in there, once, and whenever these other websites need to get your personal information, they'd just ask you for your log-on and password, and visit this public store of personal information for the rest.
But this solution, and variants of it, leaves technologists and consumers uncomfortable. Who would run this vast repository of private information? Could they be trusted?
Microsoft proposed a version of this centralised single log-in system a few years ago, called Microsoft Passport, and it didn't get very far.
At the time, most analysts put this down to Microsoft's somewhat tarnished reputation in the market (the company was in the middle of its anti-trust litigation in the US).
But this was more than just simple mistrust by consumers with providing Microsoft with personal data: other organisations were reticent to hand over details of their interactions with their users.
Why would Google let Microsoft know who was using its services, even if they received the convenience of only logging in once to both Microsoft and Google's sites? (Indeed, when a few years later, Google offered a similar service, companies were just as reticent.)
Instead, the industry began to scout around for other, more general ways of logging everyone in everywhere - a universal ID standard for the Web.
To pass muster with the privacy- conscious geeks, the competition- paranoid corporations and the inconvenience-sensitive users, this standard had to be secure, decentralised (so that no one company could control it) and easy to use.
Now, this was an interesting problem. So interesting, that in the last few years, dozens of standards groups, start-ups and passing academics had a go, and the web quickly started drowning in any number of attempts to create a universal log-on. And this is an area where being spoilt for choice meant having no choice at all.
What, after all, is the point in having many different competing log-in systems, when the whole advantage is that you're supposed to have just one?
But in the last few months, the competing groups have begun to coalesce on one standard. Or rather, because Microsoft is still interested in the market, two.
The first is Microsoft's CardSpace, and the second, OpenID. CardSpace is arguably the more powerful of the two, but gains very little from being touted by Microsoft.
It may well also lose something from being powerful. At this stage, all anybody wants is something that works - and OpenID does that. You can use it now on many sites - mostly for adding comments to blogs - and set it up on your own site with a minimum of fuss.
It's a simple idea: to log into a site, you give that site a web address. The site goes to that web address and asks that computer about you, and at the same time redirects your computer to go to the same web address. The page asks you whether you want to hand over your information (and demands a password if necessary).
When you say yes, the inquiring site gets your details from the same web page. That web page could be anywhere, run by anyone. Ideally, it could be owned and edited by you, but if you can't be bothered, there will be others who could offer the service for you - just as others provide mail and webspace services now.
Currently, OpenID lacks one important element of the big identity picture - authentication. Which is, when I say "go to this web page to find out more about me", that page could confidently tell you I'm the queen of England.
There's nothing in OpenID (yet) that will let you trust what an OpenID server is saying.
That really is a hard problem - and one, I suspect where money and perhaps even governments may play a role. Certainly, reputation systems have enough rough edges and real world problems to keep geeks busy for decades.
But in the meantime, OpenID solves the little irritations of logging in and avoids the larger irritation of having Microsoft or Google controlling your private data.