Google Joins OpenID Providers in Race Toward Federated Login
The race for an internet-wide single sign on continues. Google follows Microsoft as the latest to throw its hat into the ring by adding developer APIs and OpenID standards compliance to Google Accounts. The change to Google Accounts grants secure logins anywhere without necessitating a password
The change is invisible to Google users, but lets you use your Google account on any site accepting OpenID in lieu of creating a new account. Google also released an API and documentation for developers eager to allow Google Account logins on their own sites.
Google is the latest company to embrace OpenID, a fledgling standard we’ve written about before. Now, like Yahoo, Microsoft and AOL, you can use your account to login to any site accepting OpenID authorization. Google potentially benefits from the change by adding interoperability to its accounts, making them more usable (and users more reliant). The benefit for sites accepting OpenID accounts, like Google’s, is the ability to attract more users by no longer requiring the user to create yet another account on the internet.
There are downsides too. The OpenID standard typically only requires a URL (such as http://www.google.com/accounts) to login to other sites. Many potential sites would prefer the ability to collect an email address in order to contact a user regarding their activity on the site.
Google’s implementation takes this demand into account by allowing sites to exchange an email address in the login authorization process. Now, when visiting sites like Plaxo or Buxfer, you can log in using your Google account and you can authorize the site to obtain your email address through the login process. It also makes the login process more flexible by requiring either an email address or a URL.
There is a trade-off; by admitting sites to obtain your e-mail (or Gmail) address, the sites now have the ability to sell it to spammers or add you to mailing lists at its discretion. However, from an end-user’s perspective, this process isn’t any different between the current method of setting up an account directly with the site, other than bypassing password creation.
With Google’s inclusion, all of today’s most influential internet companies are now signed-up and committed to OpenID. It also means most internet users probably already have an OpenID account, but, according to studies, don’t know how to use it.
For good reason too. The OpenID user experience attempts to change over ten years of user behavior training by replacing a login and password with a URL and a couple of authorization buttons. While Google, Microsoft, Yahoo and AOL all support using its own account to log in using OpenID, none of them allow logins from each other’s OpenID accounts.
In other words, if the most used sites on the internet support providing OpenID accounts and none of them allow users to log in with them, what’s the point?
See Also:
