Home Google Clarifies Its OpenID Implementation

Google Clarifies Its OpenID Implementation

Update:We’ve been contacted by members of the OpenID community who argue that we’ve mischaracterized the controversy in this post. Additional complications not discussed here include the now-ceased process of whitelisting domains that could use Google OpenID.

After we wrote about Google becoming an OpenID provider yesterday, a number of reports suggested that Google was not following the OpenID guidelines closely and that it was basically forking OpenID to suit its own agenda.
The problem with Google’s implementation of the OpenID protocol was that users could not just use their Gmail accounts to log into any OpenID enabled site and that Google itself did not accept OpenID to let users log into Google’s own services. Now, Google has published a blog post to its Google Code Blog that explains why Google chose this implementation and how it will address these concerns in the future.


Normally, when you use your email address as your OpenID credential, the OpenID enabled site (the ‘relying party’) goes back to your OpenID provider and looks for a specific file (XRDS) on the server. However, Google chose not to implement this part of the OpenID ecosystem when it launched its OpenID implementation yesterday and made developers rely on Google’s own API instead.

Now, however, Google has announced that it will start publishing XRDS files ‘as quickly as possible.’ For the time being, you can use ‘https://www.google.com/accounts/o8/id’ to sign up for OpenID enabled sites.

Why Google Doesn’t Accept OpenID Itself

One other issue many people raised yesterday was that Google itself did not accept OpenID for letting users sign in to its own properties. According to today’s blog post, the reason for this is purely technical, as “all Google rich-client apps would break if we supported federated login for our consumer users.” Google, however, is looking at possible solutions for these problems and is enlisting the help of the OpenID community.

It is good to see Google acknowledge these issues head-on. Despite these growning pains, we still think that Google’s support for OpenID will drive its widespread acceptance, especially once Gmail users can just use their accounts to effortlessly create accounts and log into third-party services.

Note: Yesterday’s espiode of TheSocialWeb.tv has some more in-depth detail about the development of Google’s OpenID implementation and features an interview with the developers.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.