Verisign chooses OpenID

VeriSign chose OpenID for their new "Personal Identity Provider", aka pip:

I'm a bit confused. OpenID handily does single sign on. But that's it. I can understand not deploying a huge SAML stack -- all of those blogs and web apps that they talk about it in the announcement post have no way of easily interoperating with SAML today, aka lack of scripty language support -- but OpenID is fairly limited today. Be interesting to see if VeriSign will push Simple Registration Protocol and/or extend the OpenID "spec" and/or standardize it in some way as DIX is doing (or merge/interoperate/implement DIX?).

If I were VeriSign, I would follow this up with support for multiple identity protocols -- that is, after all, Canter's Law: work with everything. You could have a single identity hosted by VeriSign and accessible via a variety of protocols, from OpenID to DIX to SAML to InfoCard.

It certainly is great to see experimentation actually starting to happen in this space. At the Mesh conference, which I've just come back from, I heard some rumours about a potential 10M profile installation of DIX. Exciting times...