Open ID is a great idea, and it will succeed. But it won’t be big companies like Microsoft and Google that test the waters. It will be implemented by small sites like StackOverflow, and any other ASP.NET developer that use development platforms like DotNetNuke which inherently supports it. As with all things web security related, everyone wants it, but eveyone’s scared to rely on it. There’s been a need for this for a while. But no one knows how much you can trust it.

Maybe for now people prefer a Facebook ID, with the structure and interface that kind of ID provides. That seems for now to be open enough, and importantly, interactive and visual. Open ID is a little too raw and conceptual for most web users. ..Eventually, there probably will be some kind of an Open ID community, much like Facebook. But that will only happen when development support is much much better for PHP, Ruby, and ASP.NET. And it will only happen when Facebook, or similar online communities try to be more restrictive than developers and users want. …It may be a while before Open ID goes mainstream.

I like the fact that Microsoft has opened up. I appreciate all the work that Scott Guthrie, yourself, and the other folks at Microsoft have done to change the Microsoft culture. I don’t think that Microsoft got it right with their Open ID support. Just because they’ve opened up, doesn’t mean there isn’t room for improvement. If you notice, I’m not too happy with Google’s implementation either. In fact, it’s worse in my opinion.

As for whether this helps or not, obviously it doesn’t do much other than raise awareness of the situation. Silence is construed as approval however, so I would like to think that the more vocal people are about their complaints, the better chance we have at seeing some change enacted because of it. After all, isn’t that how the current move towards opening up got started in the first place?

Whether it’ll take off in a big way or not, I guess that’s anyone’s guess. I think it’s too early to write it off now just because Microsoft and Google aren’t sure whether they’ll play nice or not yet.

However, as more and more websites are implementing OpenID, it doesn’t matter with which account you sign in. As long as it’s an OpenID account, the system will recognize who you are. No matter what the actual provider of the OpenID is.

While it’s not the smartest thing for Microsoft to do (from an OpenID-supporter perspective), it still means a great deal for the project. If you remember your Microsoft OpenID username/password, you can log in, so all-in-all, you still only need to remember 1 combination.

Which opens up a totally different point on "how safe is it to trust OpenID?". What if someone gets hold of your OpenID account, and gains access to all your websites? But that’s something entirely different …