Large web services from the likes of Google, Yahoo and others love to tout their OpenID support. But when these companies say “support,” sometimes what they mean is that you can use them as an OpenID provider — and store all of your precious personal information on their servers.

What’s much less common from the big companies are sites that let you sign in with OpenID. Today the popular photo sharing site Flickr has taken a small step in that direction.

The site has stopped short of true OpenID support, though that appears to be the end goal. For now its offering a way to sign in with your Google OpenID. Yahoo, which owns Flickr, is using Google’s authentication APIs to power the sign-in experience. Sadly, the new feature is only available for those signing up for Flickr. If you’ve already got a Flickr account, you have to authenticate using your original login.

Given that most of you probably already have Flickr accounts, today’s news isn’t all that exciting. But hopefully, it means the wheels are turning at Flickr and one day you’ll be able to sign in with any OpenID account.

See Also:

• Flickr Hooks Up With Facebook for Photo-Sharing Love
• New Flickr Is Bigger, Wider and Uncut
• Flickr Adds People-Tagging for Finding Friends in Photos

Six Apart is shutting down its Vox blogging service. Users have until Sept. 30 to export their data to other services, including Six Apart’s TypePad blogging service. After that, Vox will be gone.

If you’ve got a Vox blog, there are several export options — Six Apart has instructions for moving to TypePad, Posterous and WordPress. There’s also an option to move your photos and videos over to Flickr.

Of course none of those services quite combine the privacy and small social network features that endeared Vox to users, but at least you can retrieve your content in some form.

The export options also make no mention of the fact that Vox is an OpenID provider, which means that, presumably, when your Vox URL is gone, your OpenID is gone with it. That means any site you’ve signed into using your Vox account will no longer let you sign in. In some cases that could mean a total loss of access to the third-party site — exactly the sort of thing OpenID is supposed to help prevent.

UPDATE: Six Apart vice president Michael Sippey responds to this issue in the comments. We’ve added it here:

Quick note. Vox will continue to serve as an OpenID provider through September 30. If a Vox user chooses to migrate their blog to TypePad, OpenID requests at the original Vox address will delegate to TypePad for authentication.

We know that shuttering a service is never easy on users; We’ve invested a lot of time and effort in making sure that there are tools in place to migrate content off of Vox, and that if folks are using Vox as their OpenID provider that there’s a solution in place for them.

If there’s a moral to Vox shutting down, it’s pretty simple: choose your OpenID provider with care. It would seem that the bigger the provider, the safer you are. Alternately you could be your own OpenID provider, ensuring that you retain control over your identity.

Six Apart’s blog does not give any reason for the shutdown, and the company did not respond to requests to comment on this story. However, it seems likely that Vox was simply supplanted by Facebook, Twitter and other, more popular means of sharing content with your web friends.

The social network landscape has also changed considerably since Vox launched in 2006. Much of the initial appeal of Vox — namely, its tightly controlled privacy — is less of a concern for many of today’s users.

See Also:

• New ‘OpenID Connect’ Proposal Could Solve Many of the Social Web’s Woes
• To See How OpenID Can Work Well, Look at Stack Overflow
• Be Your Own Open ID Provider

David Recordon, one of the key architects of OpenID and other identity technologies that have emerged over the past five years, has envisioned a new direction for OpenID.

His proposal, which was drafted with input from several people in the OpenID community, is called OpenID Connect. At the highest level, it essentially rebuilds OpenID on top of OAuth 2.0, combining the two popular open source systems for authenticating users and letting them share data with social websites and applications.

“OpenID Connect is an attempt to pull the best pieces of two separate technologies together, to create a single technology stack that’s simpler for everyone to use,” Recordon tells Webmonkey.

The proposed approach combines several interactions around logging in and sharing data with a website or application into one simple step. It also lets a user log in using either a profile URL, a blog URL or an e-mail address. Support for e-mail addresses as identifiers is a big step for OpenID, which currently requires you to type a URL — something that’s confusing to people who are used to typing a user name. Asking somebody to enter an e-mail address requires less of a psychological jump.

OpenID Connect hopes to broaden the technology’s reach as well. Unlike OpenID, it’s been designed to work equally well on every platform in your home: on the web, on the desktop and in mobile apps. “It could even work on your XBox,” Recordon says.

Both OpenID and OAuth have seen wide adoption across social sites and applications over the last couple of years, but both still suffer from various problems of usability (for people trying to log in) and complexity (for publishers who are trying to implement them). This is mostly due to the fact that the two technologies weren’t developed concurrently, and that they were developed for different use cases.

Many of the complexity problems in OAuth were solved by the creation of OAuth 2.0 earlier this year. OAuth 2.0 hasn’t been finalized, but it’s already been adopted by Facebook in its Open Graph API, and by Twitter in @anywhere. OpenID, however, hasn’t been updated since 2007. Three years is an eternity on the web, especially in the mobile space, which has seen the massive growth of the mobile web and the quick proliferation of mobile apps with social networking built in.

Also, the technologies serve two different purposes. OpenID is a way of proving to a server that you are who you say you are, and OAuth is a way of providing an application access to information such as your photos or your address book through web APIs.

“Instead of saying identity and APIs were different things, we wanted to build them together and make them work together,” Recordon says. “This is a smart combination of OpenID and OAuth pieces.”

The idea of OpenID Connect evolved naturally from the work being done by Recordon and his colleagues in the OpenID Foundation, the non-profit that develops and popularizes the technology. Others involved in the creation of this new proposal include Chris Messina, who works at Google and drafted a similar idea earlier this year, and Eran Hammer-Lahav from Yahoo, who recently posted an overview of the improvements in OAuth 2.0. Recordon, who is an engineer at Facebook, just stitched together the pieces and drafted the proposal.

Chris Messina is quick to point out that OpenID Connect is just an idea at this point, not a spec or a complete draft.

“David’s document is a strawman in a very intentional way,” he says. “It is not complete. It’s a starting point. The goal is to start a conversation versus saying, ‘this is a solution.’”

Update: Be sure to read Messina’s follow-up post on his blog.

Recordon plans to give a presentation about OpenID Connect on Monday at the Internet Identity Workshop, a quarterly meeting of social web engineers and deep thinkers taking place this week at the Computer History Museum in Mountain View, California.

One of the larger problems OpenID Connect is hoping to solve is one of adoption. Web publishers in particular haven’t warmed to OpenID, since it allows a user to log in to a website and leave a comment on a story, a blog post or a photo while essentially remaining anonymous to the publisher.

“In order to seed the adoption of OpenID, we need to make OpenID accounts more valuable,” Messina says.

That anonymous aspect has made OpenID less attractive to publishers who want to collect more data about their readers or interact with them — whether that means following them on Twitter, connecting with them on Facebook or sending them e-mail.

“Because of that, we haven’t had a really juicy carrot to provide to publishers to get them to adopt OpenID,” Messina says. “Why would they ditch the data access they have using traditional logins and move to OpenID when they get nothing in return? It’s a step backwards.”

OpenID Connect’s OAuth components would allow publishers to request more information from a user when they log in using OpenID, but do so in a way that lets the user maintain control and only grant access to the specific pieces of data they are comfortable sharing.

Another key problem OpenID Connect aims to solve is one of singular adoption across multiple platforms — the web, the desktop, and mobile phones.

“OAuth 1.0 was originally created because OpenID didn’t work for desktop apps or dashboard widgets,” Messina says. “Increasingly, we’re seeing a need to make these things work in mobile and on the desktop.”

Most social client applications on mobile phones and on the desktop — like those that post status updates and photos to Twitter or Facebook — use OAuth to log you in. But it’s very tricky to for them to add support for OpenID because OpenID was primarily designed for use on websites. The new proposal would allow apps on all platforms to use the same protocol to handle logins and access web APIs.

All of these developments tie into the main goal of OpenID Connect — to make adopting and using decentralized identity systems simpler.

Recordon points to the motivation behind creating OAuth 2.0 as providing the spark to innovate further on social protocols.

“There was a huge push in making OAuth 2.0 so much easier to use,” he says. “We then asked ourselves, ‘How do we make the rest of these technologies easier to use on the open web?’”

To get involved, you can join the public mailing list at specs@openid.net, or sign up for and attend the next Internet Identity Workshop, which runs from May 17 through 19, 2010 in Mountain View, California. There’s a fee for registration, and it varies between $75 for students and $450 for a last minute 3-day pass. The date was recently moved so the IIW wouldn’t conflict with Google I/O.

See Also:

• Facebook Adopts Open Standard for User Logins
• Twitter Switches on @Anywhere
• Gmail Now More Secure With OAuth Support

Mozilla has an answer to site-centric identity systems like Facebook’s — put the browser in charge of your online logins instead.

The Mozilla Labs project called Account Manager has graduated from Labs and will soon be making its way into Firefox proper.

Account Manager allows you to log in and out of websites directly through the browser, rather than relying on a particular site’s login form. Using a new menu item in the main toolbar — a button with a picture of a key that sits next to the address field — Account Manager lets you pick a login to use at any site you visit. It stores logins you’ve already created, suggesting them whenever they can be used. It can also generate (and remember) random passwords to make your logins more secure. It’s a radical step up from Firefox’s current Password Manager feature.

Mozilla’s decision to put this new button directly into Firefox’s toolbar brings us one step closer to realizing a ubiquitous social network on the web, where you’re logged in and connected to your friends wherever you go. All the while, you remain in total control of your own identity since you can tinker with all of your logins and connections through some simple panels in the browser.

There’s no word yet on when this will make it into Firefox, but we may see it as soon as Firefox 4, which is due in early 2011. For now, Account Manager is separate add-on you can grab from the Mozilla website. The add-on is still a beta release and there are some known bugs, but in our testing, it performed as advertised.

At the moment, Account Manager works with Google, Yahoo, Facebook and several Mozilla sites. Mozilla is planning to add support for other authentication systems, including OpenID, in the near future. The post on Mozilla Hacks also has instructions for site owners that let them add support for Account Manager with “only 15 minutes of hacking,” though we suspect it will become easier to implement support once the spec is fully formed.

There are several advantages to letting the browser handle logins. The most obvious is that the login form is always in the same place, with the same user interface regardless of which site you’re on, which would make the login experience easier for less-savvy users. Such a feature is also particularly useful if you have multiple accounts on a single site (all too common with the explosion of social networking) and need an easy way to choose which account to sign in with. It also means that, for example, Firefox could implement a sort of “fast user switching” feature that would let you change Facebook accounts with just a click. Ditto for Gmail, Twitter or any other supported website.

Along with its Contacts and Weave projects, Account Manager is part of a larger effort to make Firefox a central part of your online identity. Mozilla calls this its Online Identity Concept Series. It is being developed at a time when web identity is under renewed scrutiny, with Facebook’s announcement last week of its Open Graph protocol for sharing content across websites, and its adoption of new technologies to let people use their Facebook accounts to log in to other sites on the web. Twitter also launched a web-wide sharing feature called @anywhere, which builds on the some of the same identity technologies adopted by Facebook.

Once Mozilla gets all three of its identity projects working together, you would be able to login, discover friends on new websites and sync all your data across computers, effectively eliminating the need for a centralized system like Facebook’s or Twitter’s by handing the job of making connections off to the browser. You could still use whatever login system you like, but you wouldn’t be reliant on any single provider.

And according to insiders, this path makes total sense.

Chris Messina, an OpenID Foundation board member and a longtime advocate of open web technologies, recently posted a video series outlining the work he did with Mozilla last fall to build identity management into the browser (Messina has since taken a job at Google).

“A browser is usually called a user agent, and the idea is that it’s software or a program that acts on your behalf,” Messina says in his post.

If your browser knows who you are, and who your friends are, it can show you photos or status updates posted by your friends, plus other types of social interactions.

“By layering in concepts like identity, the hope is to upgrade the browser into something that is more personal,” he says.

At Facebook’s F8 developer conference last week, Raffi Krikorian from Twitter was speaking on a panel about identity technologies, and when the conversation turned to whether or not the browser should handle logins and social connections, he agreed that such a development would be “a huge step forward for the web.”

“Since the browser exists in between the web service and the user, it makes perfect sense for the browser to handle those identity-management tasks,” Krikorian said.

Thus far, that is still a ways from reality, but with Account Manager out of Labs and headed into Firefox proper, Mozilla is getting closer to this goal.

If you’d like to add support for Account Manager to your own website, be sure to check out the post on Mozilla Hacks which walks you through the steps. It’s not overly complicated, but you will need to be familiar with JSON.

See Also:

• Mozilla Contacts Helps Firefox Discover Your Social Web
• Facebook Adopts Open Standard for User Logins
• Mozilla Labs Seeks to Tame Your Address Book With ‘Contacts’
• Warning: This Site May Be Sharing Your Data

SAN FRANCISCO — As we predicted, Facebook is switching to an open standard to handle user authentication across its entire platform of connected websites and applications.

Facebook is ditching its proprietary Facebook Connect system, which lets people use their Facebook username and password to log in to other sites around the web. In its place, the company will implement OAuth 2.0, an open source (and soon to be IETF standard) protocol for user authentication.

Viewed along side the barrage of other major announcements unleashed by Facebook at its F8 developer conference here on Wednesday, the move may only seem like a minor data point. But it is one with the potential to make a broad and deeply significant impact on the social web.

Right now, users expect three choices for logging in to a site with an existing ID: Facebook Connect, Twitter or OpenID. That forces publishers to implement three separate systems — one for OpenID, one for Twitter, which uses OAuth, and one for Facebook, which uses Facebook Connect. But once OAuth 2.0 is up to speed and more sites move over to it, things get simpler for site owners.

Where there used to be three options — Facebook Connect, OAuth and OpenID — there will now only be two. And the two that are left are both open source.

There are still details involving token management, auto-registration and other bits of complex backend plumbing to be sorted out, that Wednesday’s events don’t change.

But the move towards OAuth is a step towards interoperability the social web sorely needs. Most importantly, it will be easier to build pathways connecting OAuth and OpenID, since both are fully transparent, open standards and the proprietary Facebook Connect system has been removed from the equation. The switch paves the way for further integrations between existing technologies.

During a panel discussion about OAuth on Wednesday afternoon, Facebook engineer Luke Shepard said that by adopting OAuth, he hopes Facebook will “help drive it to become such a core part of the web, all the tools will end up supporting it.”

Twitter also recently began supporting OAuth 2.0 with last week’s launch of @anywhere, its suite of social-interaction tools.

But what about OpenID? It was one of the key technologies responsible for pushing the idea of single sign-on forward, so why isn’t Facebook supporting it yet?

“Developers aren’t asking for OpenID,” Shepard said when the question was posed to the panel. “They’re explicitly asking for us to make logins simpler and easier, not for us to implement OpenID. So now we’re doing that by implementing OAuth 2.0, because it’s simple and easy. Adding OpenID on top of it would just add a layer of complexity nobody is asking for.”

OpenID is indeed very complex, and because of that, it suffers from usability problems that have kept it from being widely adopted.

“It’s very easy to do user authentication over OAuth 2.0,” Shepard said.

Panel moderator David Recordon, who develops open technologies at Facebook, asked the audience of about 60 or 70 people: “How many of you here want Facebook and Twitter to adopt OpenID?”

Five people raised their hands (I was one of them).

Another panelist, Raffi Krikorian from Twitter, quipped, “That answers your question right there.”

Krikorian did offer a ray of hope for OpenID, though, noting that browser makers may provide the missing links that solve OpenID’s complexity problem.

“Since the browser exists in between the web service and the user, it makes perfect sense for the browser to handle those identity-management tasks,” he said. “I think that would be a huge step forward for the web.”

Another panelist, Yahoo’s Allen Tom, another long-time OpenID advocate, agreed that browser makers could definitely help fix OpenID’s UI problems.

“If browsers can eliminate the confusion in the whole authorization flow around OpenID, that would be ideal.”

See Also:

• Up Next For Facebook: Expect More Open Interactions
• Facebook Shows Off New Tools to Socialize the Entire Web
• Facebook Tags Everyone at F8 with RFID Chips

Facebook essentially copies a bunch of services that are already available on the open internet — chat, e-mail, media sharing, profiles — for its 400 million active users. But it also provides tools to help those users interact with each other while they’re outside Facebook’s walls, and there are signs the company is ready to make those tools more open and more easily integrated into other websites and applications.

The social network has already seen great success with Facebook Connect, its authentication system other websites can use to let their visitors log in using their Facebook username and password, then leave comments or share items with their Facebook friends with a single click. They can also hop around between websites and apps without creating a new account at each stop.

Facebook Connect has certainly fueled the explosive growth of social interaction across hardware and software platforms, as it helps Facebook friends notify each other of their activities on other social websites, the movies they’re renting, or the high score they just got on their favorite iPhone game.

Facebook Connect was first announced in 2008 at F8, Facebook’s developer conference. The next F8 is taking place Wednesday in San Francisco, and Facebook CEO Mark Zuckerberg is expected to announce the next phase of his company’s plans to further extend its sharing platform during his keynote address.

The Facebook Connect system isn’t entirely open — a key reason for its existence is to feed social sharing traffic back into Facebook. But it has much in common with other emerging open standards like OpenID and OAuth. Most social websites use a mix of both Facebook and non-Facebook options to handle user authentication, and Facebook Connect is not fully interoperable with competing technologies.

But several recent events point to Facebook making its own platform work better with open technologies. Last year, the company joined the OpenID Foundation and it began partially supporting the technology by allowing users to log in to Facebook using OpenID credentials. Also last year, the company hired David Recordon, one of the key architects of OpenID and OAuth, and purchased FriendFeed, a website that aggregates people’s social activities. Soon after acquiring FriendFeed, Facebook released its Tornado sharing framework under an open-source license.

Facebook wouldn’t comment on any upcoming announcements when contacted for this story. However, outside developers remain hopeful that the company will continue to grow its sharing platform by making it work in tandem with other open technologies already in place.

Igor Pusenjak has incorporated Facebook Connect into Doodle Jump, the popular mobile game he co-created. Doodle Jump, which has over 3 million users on the iPhone and Android, uses Facebook Connect to allow players to share their high scores with their friends on Facebook. Pusenjak will be speaking on a panel at F8 called “Mobile + Social: Connecting the Dots.”

Pusenjak welcomes the possibility that Facebook could be moving towards open standards for user authentication like OAuth and OpenID by making them work better with Facebook Connect.

“Anything that can help reduce a number of passwords that need to be remembered and info that needs to be typed will both help the end users and small business,” he says in an e-mail. “Many people today are reluctant to create yet another account just to make one purchase.”

As if expecting such a development, the web-based chat site Meebo debuted its own entry into simplified authentication and sharing on Monday. It’s called XAuth, and it allows users to share links with their friends on some pretty large and powerful networks — Google, Microsoft, Yahoo and MySpace were part of the initial launch.

While Meebo says XAuth will eventually be released under an open source license, there are currently several unanswered questions about its design and its privacy implications that may hold it back.

As far as what else to expect from F8, there’s been some speculation that Facebook will provide its users with tools to better share their location. We noted this in March. Others may be anticipating this announcement, too — Google revamped its location-based search and advertising products Tuesday, and Twitter launched a new location-aware feature called “Places of Interest” at its Chirp developer’s conference last week. Both of these rely on users’ location data.

Twitter is actually an exemplar of how open standards can succeed in social sharing. The “Tweet This” buttons currently littering the web use OAuth to let people connect their Twitter accounts to whatever website or app they are using. Also launched at Chirp is @anywhere, a system web publishers can incorporate into their sites to make it easier for readers tweet and add followers directly from a website’s pages. It also uses OAuth.

Raffi Krikorian, the tech lead on the Twitter API team, says his company is active in developing the OpenID and OAuth 2.0 specifications. He thinks the broader adoption of open standards on the social web lead to better interaction between websites and third-party apps.

“We [at Twitter] want to make things more open, and more standard,” he says in an e-mail. “We want to make it easy for application developers to talk to us, and if that has a side effect of talking well with others, then that’s awesome.”

Krikorian is appearing on a panel at F8 that’s billed as a “Fireside chat about open technologies” on the social web. Also appearing on the panel are Allen Tom from Yahoo and Luke Shepard, Naitik Shah and David Recordon from Facebook.

Facebook’s F8 takes place Wednesday in San Francisco. Webmonkey will be at the show bringing you breaking news from Facebook and reactions from developers. Follow us on Twitter, become a fan on Facebook and subscribe to our Events category for real-time coverage.

See Also:

• Facebook Opens Up to OpenID
• Facebook Open Sources ‘Tornado’ the Engine That Drives FriendFeed
• Facebook Joins OpenID in Quest for Universal User Accounts