I’ve been an outspoken advocate of OpenID implementation for some time. It’s a real joy when I go to a new website and can use an existing account I have with a trusted vendor to start personalizing my experience on the new site immediately. I’m happy to return to the site later because I know I’ll remember my username and password!
The following are some thoughts and opinions on the subject that I’ve been wanting to share publicly. I’ve been sharing them with consulting clients but I want to broaden the conversation and give the real experts in this field a chance to respond. Through casual but consistent observation of the OpenID landscape, things look like a real mess. It’s discouraging and I’ve got some ideas for how it could be made better. Hopefully we’ll get some comments here from Scott Kveton, Chris Messina, Kevin Fox and others. To read some thoughts both pro and con on OpenID, check out this critical post on Lifehacker. Update: Two weeks after this post, OpenID 2.0 is ready to launch and I’ve written a long, very critical post on Read/WriteWeb.
Reducing friction in the account creation process is very important. OpenID support could be a great way accomplish this, but almost no one is doing it right. Most sites you see that offer OpenID support have little more than a field to enter your OpenID URL and maybe a link explaining what it is. This is almost worthless and our standards need to be raised beyond the point that this is all it takes for OpenID advocates to applaud a website.
There are probably hundreds of millions of OpenID ready identities live right now but if there have been one million people who have used an OpenID to login to a webservice in the history of the concept, I’d be surprised.
Why is this so hard? Give me a set of damned radio buttons for the biggest supporting vendors on the market? “Would you like to sign in through AOL, Orange, WordPress or Bloglines?” When I click on one of those vendors and enter my username there – your website needs to send the appropriate URL to the authenticating party. It may be a touch more complicated than this, but come on – don’t just give me a box and hope I recognize the obscure symbol for OpenID and am watching the news to know which vendors are now participating. I love OpenID and I still can’t remember the obscure URL structure I need to use my AIM username as an OpenID login. Just let me give you my username and you can assemble the URL. It’s http://openid.aol.com/youraimscreenname
Next, where are the easy OpenID plug-ins? I’ve heard that there were some in the works if not available just recently but every blog ought to allow OpenID login for commenters. Right now it’s too hard to add this to your own blogging installation.
Finally, when are OpenID authenticating vendors going to soup up my OpenID profile page? Our local trailblazers, JanRain and their project MyOpenID.com, gives users dead-end profile pages with almost zero customization allowed. When I leave comments on a blog, for example, I want the blogger and other readers to be able to click through my name above my comment and find my blog. If I am not able to populate my OpenID page with links to more valuable sites online that I’m associated with, then there’s a tangible disincentive for me to use OpenID in commenting.
There’s a whole lot of potential here and the communication/accessibility challenges don’t look nearly as daunting today as they did just a little while ago. Widespread, meaningful use of OpenID still feels a long way off though and I’d like to see that change.