As the race for an internet-wide single sign-on standard continues, Google has become the latest party to throw its hat into the ring by adding support for OpenID, along with the accompanying developer tools, to Google Accounts. Webmonkey recently had a chance to chat with Eric Sachs, Google’s project manager behind its effort to incorporate OpenID into its users accounts. In a telephone interview, Sachs discusses Google’s involvement in the open-source project and the challenges OpenID faces in the future.
Webmonkey: You participated in a recent UX summit at Yahoo with representatives of OpenID partners from Yahoo, Microsoft, Facebook, MySpace, Plaxo, AOL and others. What was discussed there?
Eric Sachs: Funny enough, that started off being a very small meeting between ourselves and Yahoo and AOL and MySpace because all of us had heard the same feedback from these mainstream websites. In fact, it came out of an OpenID content advisory council that OpenID board had in New York a few weeks earlier.
We had plan on sitting down and saying “OK we’ve heard this feedback, let’s figure out how to meet it,” but then this was done in the community and a lot of other people heard us and said, “Hey can we come and join?” So from Google’s perspective, we’re making this available as an option to relying parties sites, we still support more traditional mechanisms to get just the URL with say our Blogger Identification Provider (IdP) service, this new IdP we’re offering even offers another option where websites can just request an opaque URL identifier from us if they don’t need an email address from us.
We’re going to give these Relying Partners (RPs) a couple different options and we really want to enable them to experiment and find out what approaches work best. We don’t really feel that we as an identity provider can tell these RPs what approach works best. We really want to help them and work with the community to try and figure out which approaches work best for websites in different categories.
Webmonkey: One way Google’s implementation differs from the traditional OpenID model is an authorization dialog allowing Google to share e-mail information when they log in to other sites. Why is allowing relying partner sites access to user e-mail addresses so important?
Sachs: There are a couple reasons for that. The OpenID content advisory council in New York and the OpenID board pulled together a lot of the OpenID content providers, so this is like Forbes and BBC and a lot of other major magazines and online news sites and said “Hey, you all as web sites have told us that your needs to strongly authenticate users are not particularly high. You might have content that people might pan out and send to someone else. You want pretty decent confidence of the user’s identity to give them access to subscription content.”
So they asked if they would all come and meet with us as the OpenID community, and tell us why aren’t you adopting federated login. Why are the problems with it? and there were three primary areas of feedback they gave us at the meeting. The first was that the user interface that the identity providers had was too complex.
Read the full interview.
Continue Reading “OpenID Q&A: Interview with Google’s Eric Sachs” »