I’m reading a lot about OpenID. I’m trying to determine whether or not it seems viable or likely to be adopted by the larger, non-technical audience of Internet users.
These recent blog post, OpenID: Great idea, bewildering consumer experience, captures better than I can how confusing OpenID can be if you set out to use it. It is worth reading the whole thing, but I want to highlight three points from the post:
The process of selecting an OpenID provider will stump the average consumer. They’re being asked to pick an ID that they will, in theory, use everywhere and forevermore to gain access to everything they own. They’re supposed to obtain this ID by making an effectively random selection from a group of providers they have never heard of.
This is where I get stuck every time. I’ve selected my web site host, domain, and email address based on longevity. Trying to decide which OpenID provider will be around in a couple of years is a difficult task. I’m not certain what other criteria you would use to make a decision.
Various OpenID sites also promote the notion that users should set up their own OpenID provider.
We’ve looked into creating an OpenID provider service from our applications. Yesterday, I saw someone asking for development of a plugin for Jive Software that would ideally make Jive’s Clearspace product an OpenID provider. It seems like every additional OpenID provider will be contributing to the confusion instead of helping.
[UPDATE: See the note below from Matt Tucker, CTO at Jive Software. In re-reading what I wrote above, I wasn’t very clear. Until Matt’s comment below, I didn’t know Jive intended to do anything with OpenID. I just saw someone asking for a plugin that would make Jive’s Clearspace profiles provide OpenID URIs. It more of a comment on desiring more OpenID providers rather than a comment on adding OpenID to any particular application. As I noted in the comments, I’d like to see more applications accept OpenID and fewer provide their own OpenIDs so that it is easier to get over the indecision about choosing an OpenID provider. Sometimes less choice is a good thing. Thanks again Matt for taking the time to clarify.]
And all this is for—what, exactly? To save me from having to pick a user name and password? As annoying as that can be, it’s just not that hard! Remembering an arbitrary user name does cause real trouble, but simply allowing email addresses to be used as IDs can solve almost all of that problem. As more and more sites allow email addresses as IDs, the need for OpenID becomes less compelling to a consumer.
This final point is a key for me. It seems like OpenID is asking people to establish a new, long term identity. However, for those who can establish a long term identity, they’ve already done so using their email address. Asking someone to replace their email address, the address that they have been trained to believe is where they can be found online, is going to be a tough sell.
I understand the desire for single sign-on. I’ve certainly heard the desire for single sign-on from a lot of customers and have spent a fair amount of time building authentication integration.
And yet, when I look at OpenID and all of the obstacles it needs to overcome, never mind the competition from Yahoo BBAuth and Microsoft Live ID, I question whether OpenID will ever receive widespread adoption. The real shame is that there is a true desire, if not need, for a simple, open system to simplify logins for web applications and right now, I don’t see any of the systems solving that problem for the majority of people.
I agree with many of your points about the consumer experience. One thing that might help is that lots of people will get OpenID accounts “automatically” — for example, your company could give you an OpenID account, or AOL, or your email provider. If your email login info is the same as your OpenID login, that seems pretty easy.
The reason we (Jive Software) are most interested in OpenID for Clearspace is that it provides a good open framework for SSO. Inside large organizations there are sometimes dozens of applications that users have to interact with. One could do some messy portal integrations… or use an open standard like OpenID. I think that’s what’s behind people asking for OpenID in Clearspace. It will be interesting to see how often it actually gets used once built…
Hi Matt,
Thanks for the response. I didn’t realize that Jive was also developing OpenID for Clearspace. I had seen a customer requesting it as an idea for your developer plugin bounty program. BTW, I’m a HUGE fan of Jive.
To your point about getting an OpenID for free with your AOL account, email provider, etc., that is what I was trying, somewhat inelegantly, to illustrate. The more options you have for what you can use as your OpenID provider, the more confusing it is to make a decision.
I’d like to see more companies accept OpenID in lieu of passwords, but chose not to provide OpenID URIs themselves. To accomplish SSO, my suspicion is that there is higher demand for accepting OpenIDs that would be provided by the existing infrastructure at the customer site than for the new system—whether it is Clearspace or any other application—to provide the OpenID URIs because the second scenario requires the existing infrastructure to be changed.
That said, I’ll freely admit that I’m still just beginning to grok OpenID. I appreciate the response and clarification on what Jive is doing. It’s pretty amazing for a random thought on a small blog like mine to get a response from the CTO. I’m stunned.
-Jason