This presentation does a very good job of laying out the problem, but we've been talking about this problem for years. What is the solution? It doesn't seem we're going to get one out of Sxip. They have a Firefox plug that fills out website forms for you and the speaker here has gone to work for Microsoft. I'm pretty sure there were Windows apps that did what the Sxip plugin does 8 years ago.
Why hasn't identity 2.0 happened? Nobody with the money and the userbase has been willing to create a platform that solves this problem, because they don't care about part of the problem, or because they think that controlling some aspect of the architecture will make them rich. The best architecture has the following characteristics:
1. Anyone can host identities. (Passport didn't work because Microsoft was the only identity provider and no one trusted them.)
2. Anyone can accept identities. (This is why the federated identity stuff is solving a different problem.)
3. The identities mean something. (This is the problem with OpenID.)
The two most interesting developments in this space right now are:
1. RealID. Governments have traditionally been the identity providers. They handle 3 and 2 quite well. Traditionally, they've gotten around 1 by forcing people to work with them. I think its interesting and surprising that RealID hasn't happened, but I'm not going to bet against the state. At some point soon some government will issue smart cards that can be used as online credentials with a USB smart card reader. One could imagine child predator hysteria being leveraged by an enterprising group to create a social networking site that can only be accessed with government issued credentials - an environment that is "safe for children." Its a natural evolution of current laws prohibiting sex offenders from using social network sites. Providing those sites with a way to check secure government issued credentials from every user is the only way to enforce that sort of requirement.
2. Facebook. They've created an application platform that is centered around user identities. They also handle 2 and 3 well. They share problem 1, but they are attempting to overcome Microsoft's trust problems by creating an environment where privacy is carefully managed. The day when someone asks us if MemeStreams will accept Facebook credentials is fast approaching.
I'd love to be able to create a system that solves all three problems. I really don't think there are any outstanding technical barriers to doing so. The problem is that its a big project and it has no patron.
It is the unfortunate consequence of our economy that:
1. Its expensive to develop a good platform.
2. Platforms only work if they become pervasive.
3. Charging for things creates a barrier to adoption.
4. Barriers to adoption prevent platforms from becoming pervasive.