OpenID

A couple of weeks ago Thomas Huhn and I discussed OpenID with regards to online merchants. We noticed that hardly any merchants have adopted the OpenID technology yet. Actually I don’t know of any at all. However we noticed that many online retailers in Germany don’t require customers to register for a permanent account if they don’t intend to return to the site later. Creating an account is just a matter of convenience.

From my own experience I am hesistant to create accounts at every online merchant. If I have the option to purchase products without the account creation step, I typically go for it. I would rather type in the required information again in the future. There is no specific reason why I don’t want to create accounts all over the place -- maybe I just want to keep the number of accounts I have low.

What about OpenID?

Online merchants should implement OpenID. I could then provide my details like my address, phone, etc. only to my OpenID provider. There are a number of extensions to the OpenID protocol which support this type of account: Simple Registration and Attribute Exchange (also see Dennis Blöte’s excellent article on the topic). Both extensions allow transfer of profile data from an OpenID provider to a relying party, e.g. a merchant. The first time I confirm my OpenID to a merchant, the merchant will ask for ask to retrieve the data. If I accept, all future authentication requests will be made automatically. continue reading »

On Monday, JanRain, a leader in the OpenID community will introduce a new "strong authentication" option to it's myOpenID.com users. This new strong authentication is named CallVerifID and could replace access keys and keycard devices over time. CallVerifID uses the PhoneFactor service from Positive Networks.

Janrain explains how this new verification service works, "This phone-based authentication service can use any phone (mobile or landline) as a second authentication factor. The user enters a myOpenID username and password as usual, then simply answers an automated instant telephone call and presses #. This completes the authentication process. Complete two-factor authentication and identity protection is instantly enabled with no need for tokens, smart cards or certificates. CallVerifID is currently available for free to myOpenID users and as an additional service for business clients provisioning OpenIDs to both customers and employees."

This works with myOpenID as the OpenID provider and can work with other OpenID providers as well. myOpenID always runs in SSL secure mode which keeps the security level on high. Audit trail that will alert users to unauthorized access to their account. To signup, go to myOpenID and select CallVerifID as the authentication provider.

Last month JanRain launched the OpenID selector which is a way to easily login without having to remember the OpenID username string.

The OpenID group will announce today at the Web 2.0 Expo some new functionality for the login option. I've written many times before that OpenID has the technology down but the usability and marketing is lacking. Today's launch is the OpenID Selector (pictured below) which allows a user to click the box to enter their name and be presented with a variety of services that support OpenID. Once a user has successfully logged in once using a service in the selector, the selector will be pre-filled in for future login needs on any OpenID enabled site.

I spoke at length with the group leading the OpenID charge, Janrain's Brian Kissel and Tore Steen last week. I enjoyed chatting with them as I find OpenID to be a powerful vehicle and it's interesting to learn what's going on from their side. From my side, I am starting to believe that we don't need to market the term 'OpenID' to consumers. No one cares about the technology, they only want to login to their favorite service using their AOL or Google id. It's like TCP/IP, no one cares how it works, just that our email shows up in the inbox and Twitter loads when we want to tell our friends we just saw Britney at CVS. I'd still like to see a browser plugin that allows me to login once and passes the info around as needed - that'd be super hot.

With that said, this OpenID Selector is a great first step towards mainstream adoption. Rafe Needleman at Webware has some additional commentary on the release.

The OpenID Foundation is announcing that today Google, IBM, Microsoft, VeriSign and Yahoo! are joining the Foundation as the first corporate board members. This is a great step forward in the adoption of OpenID across the Web.

The OpenID Foundation was formed in June 2007 to support and promote the technology developed by the OpenID community. Members includes individuals, students, non-profits, startups and industry giants that have come together to develop and promote open identity management on the Web.

The OpenID Foundation also released some stats related to adoption and usage. More than 10,000 Web sites support OpenID log-ins, and an estimated 350 million OpenID enabled URLs currently exist.

I continue to stand firm that what OpenID needs is marketing more than technology. Yahoo's implementation of YahooID last week is a good move towards adoption of OpenID across the Web.

So who will be next to signup? Facebook? MySpace? Fox Interactive? IAC? I am guessing this will now move as the DataPortability group is moving forward in terms of corporate registrations.

Check out all of our video coverage of the Internet Identity Workshop last year.

Yahoo has rolled out a beta of their Yahoo ID program which is basically a version of OpenID. Currently 920 applications are set to use the Yahoo ID program.

This could help to lead rapid adoption of the OpenID initiative as average Internet users have no idea how to setup or use an OpenID, but using their Yahoo ID is nice and easy. Mr. Ostrow agrees with my take.

I still believe that if OpenID is going to work, it's going to take better marketing and adoption strategy rather than more technical rollouts. It's a great idea, but without marketing force and education behind it, OpenID won't go anywhere.

There is a flip-side to using a company as your OpenID provider versus creating your own. What happens if the provider (Yahoo in this case) goes out of business, changes policies that you don't agree with or you just want to switch? How easy will this be?

Technorati has announced that the account you setup on Technorati can now be used as an OpenID provider. Ian demonstrates how to use your Technorati profile to authenticate a blog on Google's Blogger service.

I am pretty sure I would never use my Technorati profile to authenticate as an OpenID provider, but it's a good marketing bit. It's a good way to show that your profile could be used in this manner -- something many might not know about (I didn't). Technorati also began supporting OpenID for profile creation in October 2007.

Another update they have made over the past day which I do find beneficial is the addition of a URL link on the authority pages. In the past, some of the headlines linked directly to a site, but the majority of the time, the story linked to the site's Technorati profile. This was a huge frustration factor for me as I want to see what the site says about me or a client, not the site's profile page. Now (as shown below) they have the link to the profile and directly below it the full URL linked to the actual site. Bravo!

We covered the launch of OpenID 2.0 last week along a massive video recap from the Internet Identity Workshop. This morning, Chris Messina, one of the loudest about OpenID has created his list of sh**, hit and wish for 2008.

• For Sh** he calls out: Digg, Netvibes, Last.fm, PBWiki, MyBlogLog, Technorati and Wikipedia.
• For Hit he calls out: Satisfaction, Twitter, Drupal, Plazes, Pounce, Ning, LinkedIn, SlideShare, TripIt, Blip.TV, Viddler, YouTube, Wordpress and Pandora.
• For Wish he calls out: Facebook, Yahoo, Microsoft, Google, Mozilla, MySpace, Hi5, Bebo, Orkut, and Adobe.

Basically any internet company that has more than 100 users he has put in one of three categories. Just a thought but will companies start supporting OpenID when there's a reason for them to? Sure Janrain told me that it's easier to implement OpenID than create an authentication scheme but what startup today would go OpenID only? Are there any? I certainly haven't come across any hard reasons yet. This is not to say I don't like OpenID, I do. Having one authentication for every startup I review would save me hours per week and frustration as well.

OpenID needs marketing first, outside of the tight MessinaCircle®, I don't hear OpenID discussed on a regular basis. We need to get the conversation moving past the circle and then it might have a chance. That or Google says only OpenID from now on. That'd do it too.

Editor's note: I met the guys from BeenVerified at the NYC MatchupCamp last month. We discussed identity and they mentioned they would be attending the IIW. I asked if they would be interested in writing a recap post for all of the awesome CN readers and they agreed. Never did I expect so much awesome video coverage. I will be meeting them next week to learn more about BeenVerified. Thanks guys!

After a fascinating, information overloading, three days at The IIW (Internet Identity Workshop) in Mountain View, California, we are finally back in NYC. The workshop was a conglomerate, a who's who; of some the brightest minds in Internet Identity Technology from across the globe. There were representatives from every end of the digital spectrum; from non-profits to some of the largest corporations in the world, all collaborating in synergy to discuss how to advance online identity. Ultimately with everyone sharing the same common goal; to try and make online identity easy to understand and manage for every Internet user. One of the most important features of this conference is that there is no predefined agenda. All topics and seminars are created on the fly and can be initiated by anyone in attendance. This unique formula allows for one discussion topic in one seminar to lead to an entirely new seminar on any of the evolving relative issues.

The BeenVerified.com team was in attendance to attain and exchange knowledge and see if there was anyway for us to educate the general public on some of the various protocols, projects, and companies involved. So we figured what better way then to hear explanations from the leaders of these initiatives themselves. Here is our video diary of a number of really exceptional forward thinking individuals.

Come inside for all the videos! »

At the Internet Identity Workshop today, OpenID 2.0 officially launched. At the NY Tech Meetup last night, someone commented to me that OpenID just isn't worth it in its current form and that he created an OpenID but can't remember what it is or how to use it. I wrote up my thoughts and recap of my conversation with JanRain Founder Larry Drebes. Richard has some additional commentary on the final release today. It's still missing the marketing. I will keep saying this until it's fixed.

Janrain noted today -- OpenID 2.0 offers an improved user experience for consumers and reduces Web application development time by up to 30-40%.

New features for users include:

• Security Improvements – Heightened authentication procedures dramatically reduce the risk of identity theft and phishing attacks.
• Attribute Exchange – Enables OpenIDs to transport detailed profile information including frequent flyer numbers, calendar information and favorite books and movies.
• Directed Identity – Individuals who wish to maintain more than one profile now have access to single sign-on without the using the same OpenID on each site.

New features for developers include:

• Ubiquitous Library Support – Application developers benefit from high-quality library support available from JanRain and other vendors for all popular languages and platforms.
• Extensible Discovery – XML based OpenID discovery. Rich service content available at OpenID service endpoint.
• Extensions – Formalized extensions enable new technologies such as Attribute Exchange.
• Identifier Recycling – Formal policies and procedures now exist to handle expired OpenIDs.

Last week I had the opportunity to speak with Larry Drebes, VP of Engineering and Founder of JanRain. JanRain has a product named Pibb which we reviewed earlier this year and they also are heavy participants into OpenID. It's OpenID 2.0 that we spoke about for well over an hour. I look at OpenID as an interesting challenge, one which I would love to be the head of marketing for. It's a developer product, not a nice, fluffy marketing product which makes it interesting to try to get the mainstream to adopt. There is a huge need for a way to use the same identity credentials at multiple locations. Just yesterday, I had to create logins at 9 new services and each one basically asked me the same things - what a pain.

We spoke about the technology side of OpenID 2.0 for half the call, and the marketing/outreach side for the other half. Here are my notes from the call. And please read Marshall Kirkpatrick's article on making OpenID easy.

Continue reading OpenID 2.0 »