I’m reading a lot about OpenID. I’m trying to determine whether or not it seems viable or likely to be adopted by the larger, non-technical audience of Internet users.
These recent blog post, OpenID: Great idea, bewildering consumer experience, captures better than I can how confusing OpenID can be if you set out to use it. It is worth reading the whole thing, but I want to highlight three points from the post:
The process of selecting an OpenID provider will stump the average consumer. They’re being asked to pick an ID that they will, in theory, use everywhere and forevermore to gain access to everything they own. They’re supposed to obtain this ID by making an effectively random selection from a group of providers they have never heard of.
This is where I get stuck every time. I’ve selected my web site host, domain, and email address based on longevity. Trying to decide which OpenID provider will be around in a couple of years is a difficult task. I’m not certain what other criteria you would use to make a decision.
Various OpenID sites also promote the notion that users should set up their own OpenID provider.
We’ve looked into creating an OpenID provider service from our applications. Yesterday, I saw someone asking for development of a plugin for Jive Software that would ideally make Jive’s Clearspace product an OpenID provider. It seems like every additional OpenID provider will be contributing to the confusion instead of helping.
[UPDATE: See the note below from Matt Tucker, CTO at Jive Software. In re-reading what I wrote above, I wasn’t very clear. Until Matt’s comment below, I didn’t know Jive intended to do anything with OpenID. I just saw someone asking for a plugin that would make Jive’s Clearspace profiles provide OpenID URIs. It more of a comment on desiring more OpenID providers rather than a comment on adding OpenID to any particular application. As I noted in the comments, I’d like to see more applications accept OpenID and fewer provide their own OpenIDs so that it is easier to get over the indecision about choosing an OpenID provider. Sometimes less choice is a good thing. Thanks again Matt for taking the time to clarify.]
And all this is for—what, exactly? To save me from having to pick a user name and password? As annoying as that can be, it’s just not that hard! Remembering an arbitrary user name does cause real trouble, but simply allowing email addresses to be used as IDs can solve almost all of that problem. As more and more sites allow email addresses as IDs, the need for OpenID becomes less compelling to a consumer.
This final point is a key for me. It seems like OpenID is asking people to establish a new, long term identity. However, for those who can establish a long term identity, they’ve already done so using their email address. Asking someone to replace their email address, the address that they have been trained to believe is where they can be found online, is going to be a tough sell.
I understand the desire for single sign-on. I’ve certainly heard the desire for single sign-on from a lot of customers and have spent a fair amount of time building authentication integration.
And yet, when I look at OpenID and all of the obstacles it needs to overcome, never mind the competition from Yahoo BBAuth and Microsoft Live ID, I question whether OpenID will ever receive widespread adoption. The real shame is that there is a true desire, if not need, for a simple, open system to simplify logins for web applications and right now, I don’t see any of the systems solving that problem for the majority of people.