The OpenID Foundation announced yesterday, in what it seems will push their decentralized login system further as a standard, that five big players of web and technology world — Google, IBM, Microsoft, Verisign and Yahoo! — have joined their corporate board. For those of us tired of having to remember and maintain several online logins and passwords, this could be very good news. With a catch.
A Brief History
OpenID started out as a project in 2005 by LiveJournal creator Brad Fitzpatrick as a way to maintain a common login between websites, and grew, with support from groups LightWeight Identity (responsible for the Yadis protocol, which is an integral part of OpenID), NetMesh, Six Apart, and Sxip among others. The concept received enough support and attention that it made its way towards becoming a” portable web indentity standard”, leading to the formation of The OpenID Foundation in June 2007.
Websites may play any of a number of roles available in the OpenID ecosystem: an ‘OpenID provider‘ that allows you to create your OpenID login with them, a ‘server-agent‘ responsible for verifying a user’s login and a ‘relying party’ that supports and allows users to login with their OpenIDs. The thing is that a lot, over half, of those ten thousand OpenID sites, including AOL, Orange and Yahoo!, fall in just that first category as providers. A July 2007 ‘State of OpenID’ keynote by Scott Kveton, a board member of the Foundation, listed just short of 4,500 OpenID-relying websites – the ones that actually accept the these portable Web indentities. So while yesterday’s announcement of five big players joining the corporate board helps the standard to well, gain ground as a standard, there’s understandably quite a while to go before OpenID is able to truly achieve its goal.
The Decentralized Solution
Because the system aims to be “centralized” in a decentralized way, the Foundation, according to its website, “does not dictate the technical direction” of the standard, existing only to “help enable and protect whatever is created by the community” by managing legal issues, helping in promotion and marketing and generally tying the knots an open standard is bound to have. What it all comes down to is a group of web companies agreeing to support a single login standard and to not be inclined to commandeer the project to their own benefits. To the end user — you, me and everyone else wondering how this will help make our Web lives better — the implications are intriuging: especially since yours may already be one of the over 300 million existing OpenID logins without your knowing it!
The fact that, over the years, websites with enormous user bases and following — AOL, LiveJournal, Vox, WordPress.com, Blogger, Basecamp, Highrise — have come to support OpenID means that if you have an account with any of them, you already have OpenID. So, in that ideal world that OpenID hopes to create, you’ll be able to use just one of these in all of the around ten thousand other websites that support the standard. And now that the most powerful Web giants Google and Yahoo! have joined in, it would appear that this vision is only coming closer to realization. That, however, will depend on the level of commitment these websites choose to make to cement this standard (or not).
The Decentralized Problem
Part of the problem is perhaps OpenID’s most basic and noble virtue of being “decentralized” and as open and liberal as possible; this also means that the goal of maintaining a single easy-to-remember login is hampered because we are given so many options. At this very moment, you could have several OpenIDs already – which one do you use where and how do you manage them? I use Google extensively, but am also a Yahoo! user thanks to Flickr and have an account with AOL to use with iChat. I know some websites now accept OpenID login, but where do I go from here?
And that’s the other problem. Since OpenID is still, even with support from so many huge companies, in its infancy, it hasn’t caught on quite as yet. The logo isn’t very prominent (as Passport.net was at one point, when MSN and Hotmail ruled supreme) and, as a growing standard still being shaped in the hands of geeks for the most part, which means it isn’t nearly as visible or easy to use as it ought to be. Users don’t want to know what Identifiers are, or what XRIs mean or what the server-agent does; I doubt a lot of web users would even be impressed with a login that looks like openid.aol.com/username42, which, although it makes sense in a strictly technical point of view, will most likely not appeal much to “end users”.
If there’s anything to be learned from the meteoric growth of Web 2.0, it’s that users like and gravitate towards products and services that are easy to use, are beautiful and don’t make them work too much. OpenID’s recent announcement and its past accomplishments signal a rapidly strengthening and upcoming standard; however, it seems there’s still quite a fair bit of work left before it can truly reach people and make it easier for them to manage their online identity.