404 Do We Need Another Open ID Provider? | Kevin William Pang

Do We Need Another Open ID Provider?

As many of you have undoubtedly have heard by now, Microsoft officially announced during PDC 2008 that Windows Live ID will become an Open ID provider.  From the Live Services blog:

"You will soon be able to use your Windows Live ID account to sign in to any OpenID Web site!"

That's right!  Soon you will be able to use your Windows Live ID account to log in to the 5 sites on the internet that suport Open ID!

All sarcasm aside, it does not appear that Microsoft will be joining those 5 sites and accepting Open ID logins.  Color me unimpressed.

The success of Open ID has always, and continues to, hinge on there being websites that accept Open IDs.  It's great and all that Microsoft has decided to join the Open ID party, but what they're doing doesn't really increase its utility.  The whole point of Open ID is to make it so that users do not have to memorize a bunch of usernames and passwords to log into their accounts.  Microsoft's latest move does little to further that cause since I still have to remember the same number of usernames and passwords as I did before.

At this point, the only sites that I use that accept Open ID are StackOverflow and … I can't even think of another one.  When you consider how many big names have now thrown their weight behind the Open ID movement — Yahoo, AOL, and now Microsoft — it should be shocking that when you mention Open ID to the average internet user all you get is a blank stare.  That tells me that there is something systematically wrong with the way it is being promoted.

Update 10/29/2009 3:05 PM

It appears that Google has joined the list of Open ID providers who don't accept Open ID as well.  Only they went one step further — in the wrong direction — by forking Open ID and implementing it in a way that isn't compatible with any other Open ID providers.  Are you kidding me?

I think this Slashdot comment summarizes it quite well:

OpenID's vision statement:

OpenID eliminates the need for multiple usernames across different websites, simplifying your online experience.

Everyone else's vision statement:

Fuck OpenID, I'm in control now.


Kevin Pang

Kevin is a software engineer at Google whose programming interests revolve around web development, software architecture, and design. When he's not writing software, he enjoys watching Jeopardy!, playing Magic the Gathering, and wandering around Disneyland.


7 thoughts on “Do We Need Another Open ID Provider?

  1. You’re right, too many providers will only slow down a wider acceptance of OpenID.

    However, as more and more websites are implementing OpenID, it doesn’t matter with which account you sign in. As long as it’s an OpenID account, the system will recognize who you are. No matter what the actual provider of the OpenID is.

    While it’s not the smartest thing for Microsoft to do (from an OpenID-supporter perspective), it still means a great deal for the project. If you remember your Microsoft OpenID username/password, you can log in, so all-in-all, you still only need to remember 1 combination.

    Which opens up a totally different point on "how safe is it to trust OpenID?". What if someone gets hold of your OpenID account, and gains access to all your websites? But that’s something entirely different …

  2. I think the big advantage of OpenID is for people who are creating sites but don’t want to have to build all the user infrastructure. You don’t need to write pages to register the user, change their password, retrieve their password or anything like that. This definitely isn’t for everyone, but I bet some people building a smallish site will find that useful.

    Whether it’ll take off in a big way or not, I guess that’s anyone’s guess. I think it’s too early to write it off now just because Microsoft and Google aren’t sure whether they’ll play nice or not yet. :)

  3. Well once enough blogs and forums support OpenID, it will take help. Most notably WordPress and vBulletin. Although other news sites should use this, but probably won’t. Too many sites what your information to send you newsletters or get marketing information from you.

  4. I can understand the sarcasm, but like I tell a lot of folks: you asked for Microsoft to open up. Now they’re opening up and you’re complaining about it? That’s not going to help anything.

  5. @Rob Conery

    I like the fact that Microsoft has opened up. I appreciate all the work that Scott Guthrie, yourself, and the other folks at Microsoft have done to change the Microsoft culture. I don’t think that Microsoft got it right with their Open ID support. Just because they’ve opened up, doesn’t mean there isn’t room for improvement. If you notice, I’m not too happy with Google’s implementation either. In fact, it’s worse in my opinion.

    As for whether this helps or not, obviously it doesn’t do much other than raise awareness of the situation. Silence is construed as approval however, so I would like to think that the more vocal people are about their complaints, the better chance we have at seeing some change enacted because of it. After all, isn’t that how the current move towards opening up got started in the first place?

  6. I remember getting excited when Microsoft first created Passport. I thought, "Great! Now I can develop web-apps that are part of a larger community, and worry about all that sign in crapola." Then I found out how much Microsoft wanted to charge for it. …What a joke.

    Open ID is a great idea, and it will succeed. But it won’t be big companies like Microsoft and Google that test the waters. It will be implemented by small sites like StackOverflow, and any other ASP.NET developer that use development platforms like DotNetNuke which inherently supports it. As with all things web security related, everyone wants it, but eveyone’s scared to rely on it. There’s been a need for this for a while. But no one knows how much you can trust it.

    Maybe for now people prefer a Facebook ID, with the structure and interface that kind of ID provides. That seems for now to be open enough, and importantly, interactive and visual. Open ID is a little too raw and conceptual for most web users. ..Eventually, there probably will be some kind of an Open ID community, much like Facebook. But that will only happen when development support is much much better for PHP, Ruby, and ASP.NET. And it will only happen when Facebook, or similar online communities try to be more restrictive than developers and users want. …It may be a while before Open ID goes mainstream.

Comments are closed.