After listening to the Gilmore Gang podcast, in which identity system standards were discussed, I began wondering about how the typical web application provides authentication for users.

Nearly everyone I know despises the plethora of usernames and password they have to remember, for discussion forums, shopping sites, mailing lists and the growing number of online applications people rely on daily.

When I started developing with Ruby on Rails. I found the concept of subdomain authentication and using a subdomain as a username liberating and powerful.

Having built a subdomain authentication system which used, POP3, IMAP, LDAP or MySQL, got me thinking.

Why can’t users define the authentication system they prefer?

Yes. There are logical security considerations.

What makes an applications authentication mechanism more secure than a users own POP3 account login? Or any other source for that matter?