All posts tagged ‘OpenID’

File Under: Identity, Web Standards

OpenID: The Web’s Most Successful Failure

First 37Signals announced it would drop support for OpenID. Then Microsoft’s Dare Obasanjo called OpenID a failure (along with XML and AtomPub). Former Facebooker Yishan Wong’s scathing (and sometimes wrong) rant calling OpenID a failure is one of the more popular answers on Quora.

But if OpenID is a failure, it’s one of the web’s most successful failures.

OpenID is available on more than 50,000 websites. There are over a billion OpenID enabled URLs on the web thanks to providers like Google, Yahoo and AOL. Yet, for most people, trying to log in to every website using OpenID remains a difficult task, which means that while thousands of websites support it, hardly anyone uses OpenID.

OpenID promised to solve two problems. First, it would offer an easy way to log in to any website without needing to create a new account. And, second, it would enable you to have a consistant identity across the entire web. This worked well with the limited audience of bloggers and tech-savvy users that were part of the original vision.

But then as the vision of OpenID grew to encompass, well, everything, it became bogged down in the details. Despite widespread support, there is no uniform user experience. Every site that supports OpenID does it slightly differently, which only further confuses the majority of people.

The main reason no one uses OpenID is because Facebook Connect does the same thing and does it better. Everyone knows what Facebook is and it’s much easier to understand that Facebook is handling your identity than some vague, unrecognized thing called OpenID. That’s why, despite the impressive sounding billion URLs and 50,000 sites supporting OpenID, it pales next to Facebook Connect. Facebook Connect has been around less than half the time of OpenID and yet it’s been adopted by some 250,000 websites, is available to the hundreds of millions of Facebook users and has the advantage of Facebook’s brand familiarity.

Facebook also added a key ingredient that helped drive other sites to adopt Facebook Connect — sharing user data. One of the reasons more sites support Facebook Connect is that they get a piece of the user pie.

Web publishers never warmed to OpenID since it allows a user to log in to a website and leave a comment on a story, a blog post or a photo while essentially remaining anonymous to the publisher. That anonymous aspect has made OpenID less attractive to publishers who want to collect more data about their readers or interact with them — whether that means following them on Twitter, connecting with them on Facebook or sending them e-mail.

The OpenID Connect proposal aims to solve this shortcoming by using OAuth to allow publishers to request more information from a user when they log in using OpenID. But so far there has been very little support for OpenID Connect. Facebook Connect is still far more popular.

However, not everyone wants to tie their website’s login structure to a single company like Facebook. If 37Signals is the poster child for OpenID failure, Stack Overflow is the poster child for its success. The popular programming Q&A site abandoned traditional username/password based accounts in favor of OpenID and declared the experience a resounding success.

Government sites are also looking to use OpenID rather than tie themselves to Facebook. And the Obama administration has announced plans for an Internet identity system that sounds a lot like OpenID, though the exact details have yet to be revealed.

Eventually OpenID will likely disappear from the web, not because it was a failure, but because identity will be managed in other ways. Mozilla is hard at work putting identity in the browser. It’s not hard to envision Firefox managing your OpenID credentials for you, just as it does today with your passwords. In that sense OpenID may end up like RSS (another tool routinely declared dead), invisibly powering features behind the scenes, essential, but unnoticed. Eventually online identity may even come full circle and move back into the real world — chips in your phone, tokens that generate random codes or biometric devices.

The legacy of OpenID may well be that it was ahead of its time, but that hardly makes it a failure.

See Also:

File Under: Identity

Flickr Adds Limited OpenID Support

Large web services from the likes of Google, Yahoo and others love to tout their OpenID support. But when these companies say “support,” sometimes what they mean is that you can use them as an OpenID provider — and store all of your precious personal information on their servers.

What’s much less common from the big companies are sites that let you sign in with OpenID. Today the popular photo sharing site Flickr has taken a small step in that direction.

The site has stopped short of true OpenID support, though that appears to be the end goal. For now its offering a way to sign in with your Google OpenID. Yahoo, which owns Flickr, is using Google’s authentication APIs to power the sign-in experience. Sadly, the new feature is only available for those signing up for Flickr. If you’ve already got a Flickr account, you have to authenticate using your original login.

Given that most of you probably already have Flickr accounts, today’s news isn’t all that exciting. But hopefully, it means the wheels are turning at Flickr and one day you’ll be able to sign in with any OpenID account.

See Also:

File Under: Identity, Social

Yahoo Users Can Now Open a Google Account With OpenID

Google is now letting any Yahoo users sign in to Google using OpenID, the company announced Tuesday.

When you’re signing up for a Google account, there’s now a new button you can click on that says “Verify by signing in at” Click it, and you’re sent to Yahoo, where you’re asked to allow Google and Yahoo to link up your accounts.

Tuesday’s development marks Google’s first attempt to be an OpenID relying party — a website that accepts OpenID logins from third-party providers. Also, this only works for Yahoo users for now, but Google says it’s going to start offering support for other OpenID providers soon.

On the surface, this may look like an attempt by Google to poach users away from Yahoo by making it even easier for them to switch. In fact, it’s a real-world example of the type of interoperability that OpenID has been promising to bring to the open web for some time.

Continue Reading “Yahoo Users Can Now Open a Google Account With OpenID” »

File Under: Blog Publishing, Identity

Six Apart Shuts Down Vox

Six Apart is shutting down its Vox blogging service. Users have until Sept. 30 to export their data to other services, including Six Apart’s TypePad blogging service. After that, Vox will be gone.

If you’ve got a Vox blog, there are several export options — Six Apart has instructions for moving to TypePad, Posterous and WordPress. There’s also an option to move your photos and videos over to Flickr.

Of course none of those services quite combine the privacy and small social network features that endeared Vox to users, but at least you can retrieve your content in some form.

The export options also make no mention of the fact that Vox is an OpenID provider, which means that, presumably, when your Vox URL is gone, your OpenID is gone with it. That means any site you’ve signed into using your Vox account will no longer let you sign in. In some cases that could mean a total loss of access to the third-party site — exactly the sort of thing OpenID is supposed to help prevent.

UPDATE: Six Apart vice president Michael Sippey responds to this issue in the comments. We’ve added it here:

Quick note. Vox will continue to serve as an OpenID provider through September 30. If a Vox user chooses to migrate their blog to TypePad, OpenID requests at the original Vox address will delegate to TypePad for authentication.

We know that shuttering a service is never easy on users; We’ve invested a lot of time and effort in making sure that there are tools in place to migrate content off of Vox, and that if folks are using Vox as their OpenID provider that there’s a solution in place for them.

If there’s a moral to Vox shutting down, it’s pretty simple: choose your OpenID provider with care. It would seem that the bigger the provider, the safer you are. Alternately you could be your own OpenID provider, ensuring that you retain control over your identity.

Six Apart’s blog does not give any reason for the shutdown, and the company did not respond to requests to comment on this story. However, it seems likely that Vox was simply supplanted by Facebook, Twitter and other, more popular means of sharing content with your web friends.

The social network landscape has also changed considerably since Vox launched in 2006. Much of the initial appeal of Vox — namely, its tightly controlled privacy — is less of a concern for many of today’s users.

See Also:

File Under: Social

Video: The Open and Social Web Explained

Embedded below is a video of the presentation Chris Messina gave at the 2010 Google I/O developer’s conference a couple of weeks ago.

Chris has been instrumental in birthing and evangelizing many of the social web’s protocols for sharing data across sites and applications (, OpenID, OAuth), and he recently went to work on these technologies at Google. Chris is a designer, not necessarily a programmer, so his presentation is light on code. But it very clearly presents the concepts behind social sharing protocols — how they work, why they’re important and how they are currently implemented across the web.

Plus, he apes Lost, and it’s funny.

See Also: