JanRain, leaders in the OpenID movement, put on a PR push this week to promote what they say is the imminent approval of OpenID 2.0's final draft. Specifically, they say that they expect the final signatures to be penned on Monday at the upcoming Internet Identity Workshop.Portland, Oregon's
General consensus is that it's the finalization of 2.0 that many big players have been waiting on. Remember when Digg said they would support OpenID, for example? In theory, this is what they and many others are waiting on.
Here's how I explain OpenID. Once you register an OpenID with any of a number of vendors (like JanRain's MyOpenID.com) then you can login with it anywhere that supports OpenID login. You can also use your existing accounts from a growing number of services as an OpenID login, like AIM, Bloglines, WordPress, etc.
What's the value for the user?
- You can remember one username/password and log in to many different accounts.
- In some cases you don't have to do anything but provide an OpenID in order to start a new account. That means you can start personalizing a new service really fast.
- You don't have to trust random new sites with your info, your OpenID authenticator will hold and confirm everything for you.
- In theory, you should be able to choose how much of your full profile to expose to different sites you log into.
Those are some of the high level benefits, I believe. I'm excited about OpenID, I want it to proliferate and any time I find a new service that supports it - I am happy. For more detailed and informed enthusiasm, check out Sean Ammirati's post here on Read/WriteWeb yesterday. If you're interested in core critiques of OpenID, check out Wendy Boswell's excellent post on the subject at Lifehacker.
And Now for the Bad News...
After a long, long time of political infighting over either semi-relevant minutea or deal-breaking technical details (depending on your perspective) it sounds like the 2.0 spec is finally here. It's stronger, smarter and better looking. Allen Stern has done a good job spelling out the improvements that JanRain says are in 2.0.
I'm here to bring the bad news, though. It's not a pretty picture but I hope I'm wrong and everything turns out great. That said...
Big Players are Dragging Their Feet.
Google's release last night of OpenID login support for commenting in the experimental verison of Blogger is...an interesting start. It's great news that they accept inbound OpenID (you can login to leave a comment with your AIM username), that they make using it relatively clear with a drop down menu of options and that they are doing it at all. But could there have been a more marginal use case than commenting in this version of Blogger?
Meanwhile everyone else among the big players is offering to authenticate their users elsewhere, at most. Big deal. AOL, who made this move first, is great for headlines but how much have they actually done to get the millions of people with AIM usernames to know about and use OpenID? Darned near nothing.
I asked JanRain who was going to be announcing support for OpenID with them on Monday and who among the big players was going to support inbound OpenID - the truth is, they don't have anything. I asked what the biggest site I could login to with my AIM username was and you know what they said? Plaxo and Zooomr. Cool, I love Zooomr.
Growth in general seems down, in fact. In a good presentation on the topic in February of this year, now former JanRain CEO Scott Kveton cited a 7% weekly growth in websites adopting OpenID. JanRain now claims a 5% weekly growth rate. Something exciting needs to happen to get more players on board, big and small. Hopefully 2.0 will be that exciting event.
Sharing User Info is a Whole Other Matter
One of the important new directions for OpenID 2.0 is what's called Attribute Exchange. It's a means of passing more than just an authenticated username on to sites where you login with your OpenID. Engagement with Attribute Exchange is not a big part of the 2.0 marketing push, though. JanRain is not talking to vendors about it and it's unclear when if ever anyone will implement it. They are focusing on the single sign on factor only.
Why would a big vendor want an inferior user profile without any info but a user name? In theory, those profiles are better than no profiles at all - but that's not a realistic position for OpenID advocates to approach big vendors.
While Facebook is busy shooting my Yelp and Overstock.com actions over to my profile page newsfeed, and then reversing position again after a huge PR event/backlash, what's JanRain doing about user control over data? They don't want to talk about it yet. Well, those conversations are happening - everyone else is engaging with relevant issues beyond mere single single sign-on.
Public Facing Profiles are Anemic
Do you use your OpenID login to leave blog comments around the web? I do sometimes, but I cringe when I think about people clicking through to my OpenID user page. There's almost nothing there about me. It's nearly a dead end. I want people to come here or to my personal blog. In a time when lifestreaming apps aggregating all my data from across every place I act online are becoming a dime a dozen - why aren't OpenID vendors doing something to spice up my profile page?
This is more than just cosmetic. Let me display data in my profile and let me chose to share it with some of the places I login to with OpenID.
I've seen the forthcoming "personalized profile pages" for MyOpenID and they are hardly a sneeze more rich than the existing profiles. It's really disappointing. I'd rather use MyBlogLog, let Yahoo! data-mine my life online and horde all the data for themselves - at least I've got a functional profile page with them. ClaimID appears much better about this than MyOpenID.
Ease of Use and Marketing Clarity Remain Low Priorities
These are huge problems and I think everyone knows it. OpenID is too hard to add to your site, it's too unfriendly to login to as a user and while messaging is improving - thank goodness - for a world-changing phenomenon whose advocates say it's a no-miss sure-win, it sure does lack a message with zing. Single sign-on is ok, but isn't a good poem one that communicates both simple and complex meaning in the same words?
I asked JanRain about this and you know what they said? They said that's what the OpenID Foundation is for. The provider of the code libraries used by 90% of the OpenID relying parties on the web said that ease of use and communication with users is someone else's problem. The OpenID Foundation, bless their hearts, is a group with no web page of its own (look at this awful URL), leadership that's busy with their day jobs and a claim on its page that it's "currently working on creating a funding and sustainability model for the organization."
No one here has any money. JanRain is in fund raising mode and has been for a long time. They say their cash cow will be Pibb - a beautiful, full featured, OpenID-centric, souped-up chat/IRC type service. Now if you're Meebo, with heavyweight VCs making introductions for you, then maybe you're going to be able to monetize a chat platform. But if the organization leading the charge on OpenID is hanging its hopes of viability on monetizing a chat platform for which the primary use cases are BarCamp and Ron Paul fans - we're in trouble.
I Want This to Work
Next week is going to be important. I wish I was going to be at the Identity Workshop. I'm cheering for this stuff to fly. I want it to rock. I'm not holding my breath, though.