Too many Chiefs…
Not enough Indians… in a nutshell, that’s the problem with OpenID today. Everybody and their mother wants to be an OpenID provider. Technorati, LiveJournal, TypeKey, and plenty of others. And that’s fine. Variety is good; decentralized is good. But… and this is a big one (no pun intended 
)… having a dozen different OpenID’s doesn’t do me a damned bit of good if there are no places to log into with them.
Now I can understand someone like Yahoo not getting on the bandwagon just yet. They’re a huge entity and they need lots of time and manpower to make that big of a leap. While having them onboard would be a huge boost, I don’t expect them to hop on just yet. However, one of the things that I do expect is that all of these sites that are offering me an OpenID allow me to actually… oh I don’t know… maybe log in with one?!?!
I have an OpenID. I want to go to Technorati and log in with my OpenID. That’s the whole point, right? To make things easier for the end user?! I’d like to go to LiveJournal and tell them which OpenID I want to have associated with my journal so that I can log in with it. “No sorry, we can’t do that for you… but… would you like an OpenID?” No! I don’t want another stinking OpenID!
I’m extremely thankful that there are great sites like Zooomr out there where I can actually use my OpenID and get on with my business. And there are lots of great contributions to the community in the form of plugins. Evan Prodromou has written an excellent MediaWiki extension, Hans Granqvist wrote an excellent WordPress plugin (that I personally use here at The Love Shack), and there are plenty of others contributing to the community as well. Not to mention all of the people who are using the above projects to allow people to more easily log in to sites; using OpenID the way it was intended.
But I’m genuinely concerned that if this trend of companies only being providers doesn’t change, OpenID will end up just being another one of those great ideas that never quite caught on. Thankfully, other people are noticing this as well. Conor over at Argolon put up a great entry about this problem.
So what can we actually do to change this? Honestly, I don’t know. I’m open to suggestions. I’m hoping that my little commentary on it in this little obscure corner of the web will maybe help. I’ve expressed my disappointment to all of the aforementioned Chiefs whenever possible. I’ve also done what little I can to not support them by intentionally not linking to them. Not that that’s going to help that much, but hey. It’s my little form of passive resistance.
I was about to comment that I must enable that plugin for Wordpress but it’s just rejected both my ClaimID and VerisignLabs URLs. I was only able to login using a MyOpenID URL!
February 13th, 2007 at 2:10 amHmm. Not sure about Verisign, but I have had a few users register using claimid URL’s with no problem. I’ll check the logs to see if there’s anything useful in there.
February 13th, 2007 at 2:13 amWell, it is much easier and more lucrative to be a provider of any identity system, thus making it much easier to explain the benefits of openID to the business folks in the company with the Use Case of being a provider and less easy to sell the idea to “give away” the control over the login to another, maybe rival vendor.
February 13th, 2007 at 5:37 amThis is pretty common with any new technology. We saw the same thing with the explosion of ISP’s back in the 90’s when the “Internet” became the big thing. We’ll see lots of OpenID providers come on-line but then there will be a period of consolidation.
I know we (JanRain) have seen over 1100 unique sites that are supporting OpenID right now (we see them as visits to MyOpenID.com). We’re seeing 10 - 15 new sites a day coming on-line.
I think what people are going to realize is that running an OpenID provider is a non-trivial thing. Do you, as a blogging, wiki or file sharing site, want to manage someone’s identity and the liability that goes along with that? Really, that takes away from your “main thing” which is blogging, building a wiki or sharing files.
February 13th, 2007 at 8:44 amAny existing web site will find it hard to add OpenID alongside the bespoke solution they put together when the site was first built. How hard depends on how modular their code is.
Someone designing a new web application has the option of committing to OpenID from the start and not bothering to have a bespoke authentication database altogether. That’s the approach I took when I was tinkering with a web game (which I alas! have never finished, so it’s of no use to you).
February 13th, 2007 at 9:16 amIt does require a little change of perspective, as far as “control” over user account information goes. But I think we’ll start seeing more and more sites realizing the benefits of allowing OpenID as an authentication mechanism. Outsourcing authentication removes a lot of liability. And you still get to collect the information that you really need locally (important for sites that need all of those aggregated demographic statistics and whatnot).
February 13th, 2007 at 9:28 amThere is Jyte and ma.gnolia and not forget the large number of small blogs that support OpenID logins. I’d say the problem is, that many sites are
February 13th, 2007 at 10:52 ama) Built on their own user database, making it difficult to introduce OpenID.
b) It doesn’t make too much sense for them while OpenID is login-only, and many people don’t know about it yet. If it grows from login-only to a data exchange platform with additional specs, they will see the advantage that OpenID offers.
I agree that this not ideal, especially since we currently offer no standard way to consolidate your identity to a canonical identifier.
I’m hoping to improve the situation at LiveJournal while working to prepare it for OpenID 2 when the time comes. I’m hoping to get it to the point where whether you have a journal is independent of how you log in, and where people can “upgrade” their comment-only accounts to fully-fledged LiveJournal accounts by agreeing to the terms of service and passing a CAPTCHA. There are a few issues that need to be fixed first, though.
February 13th, 2007 at 12:42 pm[…] IdP and doesn’t yet act as an OpenID relying party. Going back to the concerns I (and a few others) have raised earlier that there is a lot more to loose for the relying party. It will be […]
February 20th, 2007 at 9:02 amI agree with the other commenters who point out that it’s hard to add OpenID alongside whatever solution exists from when the site was first built. I also agree that “control” over user account information is an issue.
Seems to me that the answer is to take seriously the idea of “outsourced authentication” as mentioned above. I followed these ideas up in a post here.
March 6th, 2007 at 5:29 pm[…] servers than sites: A strong theme across the OpenID eco-system is that so many sites are coming up as just providers and not consumers. So […]
April 2nd, 2007 at 4:36 pmThe disparity is fairly simple to explain. It’s pretty easy to take an existing set of data and expose it via a new protocol, since that doesn’t require much change. It’s a more significant task to take an authentication system that was never designed to be modular, and re-work it to consume different authentication credentials and handle all the possible state transitions.
It certainly helps that there are existing free-software implementations of OpenID consumer libraries, but the authentication system of most of the applications people are interested in were not designed to change in this manner, thus it’s more work for the application developers, thus it’s slower to come about.
April 2nd, 2007 at 9:50 pmThat’s certainly true, but as Nik Cubrilovic points out, sites shouldn’t announce that they’re using OpenID until they’ve integrated both.
April 3rd, 2007 at 12:53 am[…] I too would like to go to LiveJournal and tell them which OpenID I want to have associated with my j…, but nooh… that would be just too simple and elegant, wouldn’t it? […]
December 8th, 2007 at 3:32 am