OpenID Archive

DandyID is a new Rhode Island-based startup that the founders say is, "a one-stop shop for data collection and portability." They provide a suite of tools to manage your online identity. They support over 300 sites and developers can pull data from their service via the API. It’s almost like a social OpenID as you can use your DandyID to register on services that are setup as partners.

The partner sites can also use the DandyID API to find other friends on each network based on their DandyID profile. Certainly sounds more interesting than say the "defaults" on Twitter.

I had a chance to meet with DandyID co-founders Sara Czyzewicz and Arron Kallenberg — check out our video below. They also discuss the API contest where developers can win a bunch of prizes by creating an interesting build on top of DandyID.

Twitter API lead Alex Payne has announced that the company is looking for people to be part of a beta test of the OAuth support for Twitter. OAuth is described as, "An open protocol to allow secure API authorization in a simple and standard method from desktop and web applications."

The real benefit is that users would no longer need to give third-party apps their username and password. Issues like we saw with TWPLY wouldn’t happen again.

Payne notes, "In the closed beta period, participants will be able to create and manage an unlimited number of OAuth applications. Any user will able  to access these applications, but only participants will be able to create them. More documentation forthcoming."

There has been a lot of talk from developers who want to see Twitter support the protocol. No word has been provided on how long the beta period will last or how many beta participants will be accepted.

Update: Well that was quick. The beta application period is closed due to overwhelming response.

The OpenID Foundation named the winners in the community board elections. Marshall Kirkpatrick has a good post on the issues that voters had to think about as they cast their votes.

Elected to serve two-year terms: Snorri Giorgetti, Nat Sakimura, Chris Messina, David Recordon. Elected to serve a one-year term: Eric Sachs, Scott Kveton, Brian Kissel. All positions will begin on January 1, 2009.

OpenID has a tough road ahead. I’ve written about the need for better marketing and more usability in the past and my concern stands today. OpenID now faces the mega-monster of Facebook Connect. Facebook Connect offers something OpenID doesn’t: traffic. Facebook Connect provides bloggers and application developers a way to get more visibility and potentially more traffic for their stories and applications. It’s more likely that the average Internet user will understand the Facebook Connect process than the OpenID process. This is why OpenID must focus on marketing and usability more than technical standards at this time. 

(note, due to massive spam hitting this story, I’ve had to close the comment form. If you have a comment, send it in via the feedback link above and I will add it. Apologies in advance.)

Just a month after the public launch of the Flock 2.0 browser, Flock has announced the addition of OpenID to the Flock 2.0 browser today. I’ve been saying for a long time that if OpenID wants to succeed, they have to get it into the browser so when you hit a site that offers OpenID login, it could be as close to seamless as possible.

MySpace, Flock and Vidoop jointly developed OpenID for Flock which should help the Flock browser gain additional user adoption. OpenID for Flock is now available to all Flock 2.0 users as an alpha extension — my hope is that it becomes part of the default install over time. The companies note, "The MySpace, Flock and Vidoop (OpenID) implementation is a reference design released as open source under GPL, and as such, modifications by developers will be brought together and shared with the wider open source developer community."

Perhaps today’s announcement will push the other major browsers (IE, FF, Safari, Opera, etc.) to start looking at implementing OpenID into the browser as well. I am not talking about an extension or plugin, but rather a full integrated environment. If OpenID is going to gain in popularity and usability, it’s critical that using an OpenID login as easy as possible.

With all of the talk over the last few days about Facebook Connect, it sure does look like eventually we will have an old-style Western duel setup. Facebook Connect vs. OpenID - let’s get it on!

A couple of weeks ago Thomas Huhn and I discussed OpenID with regards to online merchants. We noticed that hardly any merchants have adopted the OpenID technology yet. Actually I don’t know of any at all. However we noticed that many online retailers in Germany don’t require customers to register for a permanent account if they don’t intend to return to the site later. Creating an account is just a matter of convenience.

From my own experience I am hesistant to create accounts at every online merchant. If I have the option to purchase products without the account creation step, I typically go for it. I would rather type in the required information again in the future. There is no specific reason why I don’t want to create accounts all over the place — maybe I just want to keep the number of accounts I have low.

What about OpenID?

Online merchants should implement OpenID. I could then provide my details like my address, phone, etc. only to my OpenID provider. There are a number of extensions to the OpenID protocol which support this type of account: Simple Registration and Attribute Exchange (also see Dennis Blöte’s excellent article on the topic). Both extensions allow transfer of profile data from an OpenID provider to a relying party, e.g. a merchant. The first time I confirm my OpenID to a merchant, the merchant will ask for ask to retrieve the data. If I accept, all future authentication requests will be made automatically.

So what happens if my address changes? Before OpenID, I have to change my address in every merchant’s database. I think that’s unnecessary. Merchants don’t even have to store that data thanks to Simple Registration and Attribute Exchange. Assuming my address changes I will update it at my OpenID provider. When returning to a merchant it simply asks my provider for the necessary details again and the updated information is provided to the merchant. It’s really that simple: the merchant will always have updated data but doesn’t have to store it and doesn’t even have to ask me for it. When the products are delivered and paid, it can delete my data.

Recommendations

Can online shopping be even more convenient? Yes, and here APML immediately comes to mind. It collects users’ attention data and their interests, e.g. their favorite music or movies. Just think of Amazon’s recommendation system. The data is stored in a file which can be shared and parsed by any services that support the APML standard.

The APML file can be stored anywhere. Why not at my OpenID provider? A merchant could ask for that file and, upon request, it gets transferred. Once the file is transferred, I would get recommendations based on my attention profile even if it’s the first time I visit the shop. For example, A music merchant could access my APML file which contains all the music I have listened to on Last.fm. And that’s the difference with Amazon which can only recommend products to me if I have already purchased products on Amazon.com or have surfed the site in detail. A shop supporting APML can provide the same thing immediately.

After I make a purchase at a merchant who accepts APML, it would be great if they would update my APML file and then send the updated file back to my OpenID provider. I have no idea how to make this work, just seems to make sense. Maybe OAuth is a solution or even Attribute Exchange as it is capable of storing data at the OpenID provider.

Conclusion

I think OpenID could really help make online shopping more user-friendly. There are benefits for both customers and shops. Customers don’t have to deal with registration processes anymore and get better recommendations for products they might be interested in. Shops will always have more accurate customer data and with APML support they could even boost sales because customers are only shown relevant products. Merchants can also save money on data management.

This article was authored by Carsten Pötter. Carsten blogs about OpenID and related topics from an end-user perspective at notsorelevant.com.

On Monday, JanRain, a leader in the OpenID community will introduce a new "strong authentication" option to it’s myOpenID.com users. This new strong authentication is named CallVerifID and could replace access keys and keycard devices over time. CallVerifID uses the PhoneFactor service from Positive Networks.

Janrain explains how this new verification service works, "This phone-based authentication service can use any phone (mobile or landline) as a second authentication factor. The user enters a myOpenID username and password as usual, then simply answers an automated instant telephone call and presses #. This completes the authentication process. Complete two-factor authentication and identity protection is instantly enabled with no need for tokens, smart cards or certificates. CallVerifID is currently available for free to myOpenID users and as an additional service for business clients provisioning OpenIDs to both customers and employees."

This works with myOpenID as the OpenID provider and can work with other OpenID providers as well. myOpenID always runs in SSL secure mode which keeps the security level on high. Audit trail that will alert users to unauthorized access to their account. To signup, go to myOpenID and select CallVerifID as the authentication provider.

Last month JanRain launched the OpenID selector which is a way to easily login without having to remember the OpenID username string.

The OpenID group will announce today at the Web 2.0 Expo some new functionality for the login option. I’ve written many times before that OpenID has the technology down but the usability and marketing is lacking. Today’s launch is the OpenID Selector (pictured below) which allows a user to click the box to enter their name and be presented with a variety of services that support OpenID. Once a user has successfully logged in once using a service in the selector, the selector will be pre-filled in for future login needs on any OpenID enabled site.

I spoke at length with the group leading the OpenID charge, Janrain’s Brian Kissel and Tore Steen last week. I enjoyed chatting with them as I find OpenID to be a powerful vehicle and it’s interesting to learn what’s going on from their side. From my side, I am starting to believe that we don’t need to market the term ‘OpenID’ to consumers. No one cares about the technology, they only want to login to their favorite service using their AOL or Google id. It’s like TCP/IP, no one cares how it works, just that our email shows up in the inbox and Twitter loads when we want to tell our friends we just saw Britney at CVS. I’d still like to see a browser plugin that allows me to login once and passes the info around as needed - that’d be super hot.

With that said, this OpenID Selector is a great first step towards mainstream adoption. Rafe Needleman at Webware has some additional commentary on the release.