Single Sign-On for the Web - Part 1: What For?

I've been thinking a lot lately about different ways to authenticate
users on the Web without requiring them to maintain another username and
password set for each site.  Before the Internet can really become a
cohesive social network (and especially before we can start integrating it with the enterprise), some kind of authentication authority will need
to be developed--right now everything is way too fragmented.

All the new Web 2.0 apps are great, but most of them only done one thing.  Sell something.  Blog something.  Read something.  Tag something.  Write something.  They're all great, but how many logins can one person reasonably be expected to keep track of?

If you think about the real innovation happening with Web 2.0, most of
it revolves around the ability to connect people and let them
collaborate--easily. This works great when you're dealing with a closed system
where people need to log in and create an account.  You make them pick
a username and password, or use their email address as their username
and then choose a password. However, the account you're making
them create isn't the same account they use to post blog entries, buy
things, or comment about your pictures on Flickr. Because of this, all
the data that the user generates is fragmented and it's pretty near
impossible to aggregate it and look at the person as a person instead of just a collection of logins.  The closest we can get right now to viewing somebody as a "person" is to run a Google search on their name
and see what pops up.

Eventually, this will HAVE to change for the next evolutionary leap of the Internet--technology in general, even--to occur.  It's pretty evident that the "identity repository" can't be controlled by any one company or organization, or Microsoft probably would have been more successful with Passport.  It's going to have to be a decentralized way to find out who somebody is, that THEY have control over, not a corporation that they don't fully trust.  There are a couple of new technologies that seem to be going in this direction, most notably OpenID and Infocards.
OpenID basically tries to authenticate people using their blog account,
which is a good start. However, I don't think a Blog account is the
definitive identity that people want to use to authenticate themselves
around the Web.  Infocards use the WS-Trust Web service extension and
signed client certificates.  Maybe I'm just lazy, but I don't really
want to have to keep track of a certificate on every device that I need
to access the Web on.  I don't even know if my Blackberry knows how to
read a certificate (I would assume so, but the point is that it's not
common knowledge and installing a certificate is one more step that
people don't want to deal with).

In my next post I'll follow up on this with an idea I have that may be a nice simple yet elegant solution to this problem.