You’ve probably already heard of OpenID. For those of you who haven’t, it’s a new and upcoming standard for user authentication (and fellow Gizbuzz blogger Huw gave a nice introduction here).
I personally think OpenID is a great idea, and I’m a proponent of the idea and the standard. For a web development project I’m working on at the moment, we’re going to be using OpenID as the sole authentication system for users. That is to say, you will need an OpenID to actually sign up for the service and it will be the single system controlling your sign in.
There’s a problem though. The average computer user has never heard of OpenID, doesn’t really understand it and might be turned away from using this new service if they don’t very quickly ‘get’ how to sign up. We could have just shunned OpenID, built another proprietary username/password system and be done with it.
As a web service provider, though, I feel we have a responsibility to be pushing for new standards and helping spread OpenID. After all, it’s only through the widespread adoption of standards that the web is what it is today.
So we want to push OpenID and bring it to the forefront. What do we need to do?
Service adoption
I’m doing my bit here. New services (and existing ones) need to either support OpenID or use it as their single authentication solution. Until services force people to get OpenIDs, people simply won’t bother.
Huw mentioned in a follow-up comment on our previous OpenID post:
“I initially got an OpenID because Zooomr required me to have one. Now I use it on other services.”
If that’s the case for techies, it will be the same, if not more difficult, to convince the average user to get an OpenID. Which means new services need to push.
User education
Users need to be shown the benefits of OpenID to them - the fact that they don’t need to remember millions of passwords, maintain separate accounts on different services.
Privacy. Interoperability. Time saving.
We need to sell OpenID to them on the benefits to the end user (and leave the techie stuff where it belongs).
Interoperability with other credential systems
AOL have already done an excellent job at this by giving everyone with an AOL/AIM Screen Name an OpenID, in the form of openid.aol.com/screenname.
Now we need everyone else to join in. Google, Yahoo, Microsoft, I’m looking at you. Maybe we have to do something to sweeten the deal for them, I don’t know. Without the support of the big players, OpenID will be in for a tough fight.
Advertising
This sort of ties in with user education, but still, we need OpenID to get advertised and publicised. Again, stress the benefits for the end user and where appropriate, also show the technical advantages.
The more people who know what OpenID is, the more people might use it.
I personally am very keen to see OpenID becoming a success and I hope that with enough effort, it can become a part of the future of the web.
I think that it’s a great idea, and surely it would help other companies who use it as well, as they wouldn’t have to be as concerned about security of information in their databases, although I think the problem with having just the one service is what if. If their servers get attacked then that could be your details for all websites gone, if the company disappears in a few years then we could be left with hundreds of user-based websites, but no user accounts. Although I don’t actually know how it works, I’m just assuming that on your website you use some kind of API to interact with Open ID.
I actually think the same about RSS to some extent, it is wonderful, up until a couple of months ago I ignored it thinking it was just a passing thing, although now it is brilliant, I can have all the information I want on one page, without needing to open up loads of tabs to see it. Now if you look at most people, they wouldn’t know where to start, for example, the BBC weather site, there is the ability to subscribe to an RSS feed for your area, a useful feature, the “average” computer user sees this, and using IE6 (yes, I’m sterotypicalising a lot here) clicks that link, they see a lot of meaningless XML and ignore it, there is no indication of what to do with it. So the same as Open ID, it’s there, it’s great, but as you mentioned, hardly anyone knows about it.
The thing about OpenID is that it’s decentralised. There is no one OpenID server, anyone can set one up by downloading the server software or even writing their own code which implements the standard properly.
If one person or company’s OID server gets cracked, that will only affect users who use them as their OpenID provider. People can just switch OpenID provider if they decide they don’t like one.
That’s part of the whole point of OpenID, no one person or company owns the system.
My concern with OpenID is that it might actually harm adoption in the short term - not something I had thought of when I wrote my last post.
The ID system is actually very different from the user/pass auth that most people are used to and expect to go through when they sign up to a new service. OpenID is arguably quite tricky to understand, and is certainly very different. It might actually dissuade people from signing up to a new service if they are required to use OpenID.
This problem doesn’t exist, however, if a user already has an OpenID and, crucially, knows that they have it. So AOL is doing a lot of good here, so long as they tell everyone that they now have OpenID.
I personally love the idea behind OpenID, but the execution and implementation of it is not what anyone could hope for at this time. What needs to and is starting to happen is a large movement to adopt OpenID in Web 2.0 services, as well as companies that you mention. Google, Yahoo, Ebay, Microsoft, all have account systems that could be replaced by OpenID accounts. I doubt however, that a company like Google, which tries to gather as much information on its users as it can in order to target its ads more accurately, would easily comply to such a radical change.
If OpenID is to succeed, it will take more than just bloggers using the wordpress openid plugin. The movement will have to catch on with the big guys or it will fail.