A role for OpenID in SWITCHaai?
Derived from the SWITCHaai identity, it would be possible to supply users with an OpenID identity. Since it depends on the user account at the users Home Organization, the OpenID identity exists only as long as the user is affiliated with that Home Organization. That limits its usefulness to services directly linked with the study or job in Swiss higher education. One could see OpenID 2.0 as a low-end addition to SWITCHaai, a somewhat simpler to deploy solution for blogs, wikis, portals with low needs. On the other hand, a Shibboleth Service Provider is not that difficult to deploy anymore. Often, the most difficult part seems to be to outfit the web server with a server certificate. That stays the same whether you use Shibboleth or OpenID. SWITCHaai is currently focused on Shibboleth 1.3 and will migrate to SAML 2.0 with the deployment of Shibboleth 2.x. With OpenID, SWITCHaai would become a multi-protocol federation. That would add new complexity and likely confusion.
