Memo to OpenID: Keep it simple, please

With all the buzz about Facebook Connect this week, it's worth asking the question: Whatever happened to OpenID?

The universal log-in standard was created in 2005 by Brad Fitzpatrick, founder of LiveJournal, while he was working at blog software company Six Apart. (Fitzpatrick now works at Google; Six Apart has since sold LiveJournal.) It has the support of Yahoo, MySpace (which just helped build an OpenID extension for the Flock browser), and President-elect Barack Obama's Change.gov. Even Google has dipped its proverbial toe in the pool.

But it wasn't until Facebook Connect started making headlines that the concept of data portability--a single log-in across multiple sites--made the jump from the tech press to the mainstream media. OpenID, some speculated, had been left behind in the dust.

Hardly. But Wired's Michael Calore hit the nail on the head on Monday: "Presenting a dialog that asks a user to log in to one Web site using a name and password from another Web site is jarring, but Facebook has managed to keep Facebook Connect simple enough for everyday users to understand. Such ease of use virtually guarantees it will win support quickly."

The truth is, the future of the "social Web" is in expansion. And expansion invariably involves dealing with a crowd beyond the Twittering, FriendFeeding, WordPressing geeks who actually understand the concept behind data portability.

And that's not made any easier by the fact that OpenID calls itself "an open, decentralized, free framework for user-centric digital identity." Try bringing that up in the boardroom of a non-tech company looking to ride the social-networking wave. Then tell them that the most buzzed-about social network on the planet will power your site's social features. The decision will probably fall in the Facebook camp, unfortunately for the open-standards crowd and its admirable dedication to all things balanced and democratic.

"Nobody should own this. Nobody's planning on making any money from this," Fitzpatrick has said about OpenID. "The goal is to release every part of this under the most liberal licenses possible, so there's no money or licensing or registering required to play. It benefits the community as a whole if something like this exists, and we're all a part of the community."

"The most scary part of this, is that while Facebook is quietly and methodically building out this vision with massive partners, the standards community is busy squabbling about naming the open alternative."

--Chris Saad, DataPortability Workgroup

But your average company is probably going to care more about profit margins than OpenID's decentralized ideal, and the possibility of having its user activity broadcast across Facebook members' news feeds is tantalizing. Especially during tough financial times, strategy will likely trump idealism.

That said, there are some good signs for OpenID. It has a ton of support in the tech world, and if Facebook Connect's impending expansion goes awry for any reason--think Beacon--it could open up a whole new set of doors for OpenID. What it (and other open Web standards) needs either way is some image repair.

"Facebook is trying to replace all log-ins with their own, and control the creation, distribution, and application of the social graph using their proprietary platform," Chris Saad, whose DataPortability Workgroup has put its support behind OpenID and other open Web standards, wrote in a blog post. "The most scary part of this, is that while Facebook is quietly and methodically building out this vision with massive partners, the standards community is busy squabbling about naming the open alternative."

OpenID and its brethren could use a good, simplified marketing pitch, not to mention some announcements and partnerships that are more prominent than an extension for a niche Web browser. They need to use the resources that the likes of MySpace and Yahoo can provide to get more deals going and start making headlines outside of ReadWriteWeb and TechCrunch.

And most importantly, in a recession, "it's good for the Web, so it's good for everyone" just isn't concrete enough. One last tip for OpenID: Start talking business benefits.

[Orion Blastar]

OpenID is confusing some web sites all I need enter is "yahoo.com" but others I have to put in "www.yahoo.com/orion_blastar" or some other cryptic code to make it work or my email address instead of the URL.

I hope Facebook makes it easier and that will force OpenID to make it easier as well.

[toresteen]

While it is true that Facebook has done a lot of great pioneering work with user experience and data management, the open source community has been systematically working to enhance and extend the functionality and intuitiveness of OpenID, Open Social, OAuth, Portable Contacts, hCards, etc. Google's work with the LSO user interface and JanRain's work with the RPX (http://rpxnow.com) user interface are examples of approaches aimed at improving the ease of use of OpenID.

Also, concerning the business benefits, we are starting to see some good case studies being documented by website owners on the positive impact of accepting OpenIDs on their site. To learn more, see http://www.janrain.com/openid/casestudies.

[saintseminole]

I hope Facebook's idea falls flat. It's a simple idea: no one company should own the means by which we sign in to all our online services. That's why the OpenID idea is basically better. However, like someone commented above, it's not going to work because IN PRACTICE it's confusing and time-consuming.

The simple fact is, I shouldn't have to log in AT ALL. When my computer is turned on each time, it sends a user name and password to my ISP. That should be enough. Hopefully, there is a future where this is possible -- tie OpenID to my initial sign-on and be done with it.

(And keep in mind that most people use the same username and password on many dozens of sites already.)

[Imalittleteapot]

But what if I want more than one Gmail address and don't automatically want to sign into the first one? What if I use two to organize between real world people I know and Internet people that I work on stuff with? What if I want to check my Gmail from a friends house and I automatically get signed into his Gmail? I could never think of a good way to make all that work.

[Mr. Dee]

Microsoft's Hailstorm has finally come to fruition, its amazing what 8 years can do.

[Imalittleteapot]

I'm not against the concept of OpenID, but the reason OpenID has been a failure so far is because while everyone loves to be an identity provider, nobody actually accepts my ID for login. Look at just CNET alone. Can I use my OpenID to log in? Nope . Yahoo gives out OpenIDs but what if I don't have a Yahoo account? Can I log into Yahoo services with my Gmail OpenID? Nope. Many of the news websites I go to take their own user names and passwords but no OpenID. Only one website I actually use takes OpenID and it doesn't even accept all forms of OpenID. I still have to use very specific IDs.

The funniest part of it all is the way OpenID is designed, I don't even need an OpenID provider. I can be my own OpenID provider if I want or a group of me and my friends can set up our own ID provider if we want. So, I don't need a provider yet every service on the net is falling over themselves to provide these OpenIDs I don't need and that can't be used anywhere. The reason is because of marketing basically. If they provide IDs but don't accept them you have to create an account with them still. That's why OpenID won't work because most websites want you to have to create an account with them so they can count up registered users and use that to sway advertisers. OpenID goes against the exact thing that websites are trying to accomplish.

Now, this FaceBook connect. Sounds like a great idea until you try to create a private identity to try and protect some of your privacy online. What did we learn from MySpace and the Lori Drew case? That you probably shouldn't sign up to a social networking site with a fake name or you might be prosecuted on felony charges. Now how does this FaceBook connect stuff work anyway? Will everyone that sees my connect ID be able to follow it back to the profile and see who I am, where I live, and know who all my real life friends are? I don't really know because I don't use facebook.

[Dalkorian]

"What did we learn from MySpace and the Lori Drew case? That you probably shouldn't sign up to a social networking site with a fake name or you might be prosecuted on felony charges."

-------------------------------------------------------------------------

Why is everyone getting this so wrong? A small correction will make that statement clearer ...

What did we learn from MySpace and the Lori Drew case? That you probably shouldn't sign up to a social networking site with a fake name AND THE INTENT OF MENTALLY TORTURING A DEPRESSED 13 YEAR OLD INTO COMMITTING SUICIDE or you might be prosecuted on felony charges.

Everyone seems to be missing that critical piece.

[Imalittleteapot]

Dalkorian: I was under the impression that she was being convicted for accessing MySpace's servers fraudulently with intent to commit a crime or to harass another person. The thing you have to understand is that doesn't help me one bit because I spend a lot of my free time on the net harassing people. Especially 13 year old girls. So, don't you see why I can't create a fake Facebook account now?

No, seriously though, the point isn't if I'll get arrested. The point is what will FB connect do to internet privacy. Regardless of if you get arrested or not.

Also,
"Everyone seems to be missing that critical piece." Is exactly why you shouldn't go around creating fake profiles on MySpace or Facebook. Because everyone thinks that's illegal now. How do you know the prosecutor that comes looking for you or me won't be the next person on the list to miss that critical piece?

[testetstrest]

---That is just lovely

[ArtInvent]

OpenID is a good idea in theory, but in practice it's WAY too complicated and, oh, by the way, it's not accepted on most web sites, and on those that do accept it it often doesn't work. Go to the OpenID website - they don't even explain how exactly the log in process works. If OpenID is to gain any ground, they need to rethink the whole thing. As the FaceBook thing proves, people will go with whatever is simplest. For me the simplest thing is still to have my browser store all my passwords and enter them when I go to a site that needs a login. Why doesn't OpenID shoot for that kind of simplicity?