OpenID Archive

The OpenID Foundation is announcing that today Google, IBM, Microsoft, VeriSign and Yahoo! are joining the Foundation as the first corporate board members. This is a great step forward in the adoption of OpenID across the Web.

The OpenID Foundation was formed in June 2007 to support and promote the technology developed by the OpenID community. Members includes individuals, students, non-profits, startups and industry giants that have come together to develop and promote open identity management on the Web.

The OpenID Foundation also released some stats related to adoption and usage. More than 10,000 Web sites support OpenID log-ins, and an estimated 350 million OpenID enabled URLs currently exist.

I continue to stand firm that what OpenID needs is marketing more than technology. Yahoo’s implementation of YahooID last week is a good move towards adoption of OpenID across the Web.

Update: Mike Arrington notes that everyone wants to be a provider to "own" the user. This is a good point and certainly a reason why these big names are joining up quickly. First one in the pool wins!

So who will be next to signup? Facebook? MySpace? Fox Interactive? IAC? I am guessing this will now move as the DataPortability group is moving forward in terms of corporate registrations.

Check out all of our video coverage of the Internet Identity Workshop last year.

Yahoo has rolled out a beta of their Yahoo ID program which is basically a version of OpenID. Currently 920 applications are set to use the Yahoo ID program.

This could help to lead rapid adoption of the OpenID initiative as average Internet users have no idea how to setup or use an OpenID, but using their Yahoo ID is nice and easy. Mr. Ostrow agrees with my take.

I still believe that if OpenID is going to work, it’s going to take better marketing and adoption strategy rather than more technical rollouts. It’s a great idea, but without marketing force and education behind it, OpenID won’t go anywhere.

There is a flip-side to using a company as your OpenID provider versus creating your own. What happens if the provider (Yahoo in this case) goes out of business, changes policies that you don’t agree with or you just want to switch? How easy will this be?

Technorati has announced that the account you setup on Technorati can now be used as an OpenID provider. Ian demonstrates how to use your Technorati profile to authenticate a blog on Google’s Blogger service.

I am pretty sure I would never use my Technorati profile to authenticate as an OpenID provider, but it’s a good marketing bit. It’s a good way to show that your profile could be used in this manner — something many might not know about (I didn’t). Technorati also began supporting OpenID for profile creation in October 2007.

Another update they have made over the past day which I do find beneficial is the addition of a URL link on the authority pages. In the past, some of the headlines linked directly to a site, but the majority of the time, the story linked to the site’s Technorati profile. This was a huge frustration factor for me as I want to see what the site says about me or a client, not the site’s profile page. Now (as shown below) they have the link to the profile and directly below it the full URL linked to the actual site. Bravo!

We covered the launch of OpenID 2.0 last week along a massive video recap from the Internet Identity Workshop. This morning, Chris Messina, one of the loudest about OpenID has created his list of sh**, hit and wish for 2008.

• For Sh** he calls out: Digg, Netvibes, Last.fm, PBWiki, MyBlogLog, Technorati and Wikipedia.
• For Hit he calls out: Satisfaction, Twitter, Drupal, Plazes, Pounce, Ning, LinkedIn, SlideShare, TripIt, Blip.TV, Viddler, YouTube, Wordpress and Pandora.
• For Wish he calls out: Facebook, Yahoo, Microsoft, Google, Mozilla, MySpace, Hi5, Bebo, Orkut, and Adobe.

Basically any internet company that has more than 100 users he has put in one of three categories. Just a thought but will companies start supporting OpenID when there’s a reason for them to? Sure Janrain told me that it’s easier to implement OpenID than create an authentication scheme but what startup today would go OpenID only? Are there any? I certainly haven’t come across any hard reasons yet. This is not to say I don’t like OpenID, I do. Having one authentication for every startup I review would save me hours per week and frustration as well.

OpenID needs marketing first, outside of the tight MessinaCircle®, I don’t hear OpenID discussed on a regular basis. We need to get the conversation moving past the circle and then it might have a chance. That or Google says only OpenID from now on. That’d do it too.

Editor’s note: I met the guys from BeenVerified at the NYC MatchupCamp last month. We discussed identity and they mentioned they would be attending the IIW. I asked if they would be interested in writing a recap post for all of the awesome CN readers and they agreed. Never did I expect so much awesome video coverage. I will be meeting them next week to learn more about BeenVerified. Thanks guys!

After a fascinating, information overloading, three days at The IIW (Internet Identity Workshop) in Mountain View, California, we are finally back in NYC. The workshop was a conglomerate, a who’s who; of some the brightest minds in Internet Identity Technology from across the globe. There were representatives from every end of the digital spectrum; from non-profits to some of the largest corporations in the world, all collaborating in synergy to discuss how to advance online identity. Ultimately with everyone sharing the same common goal; to try and make online identity easy to understand and manage for every Internet user. One of the most important features of this conference is that there is no predefined agenda. All topics and seminars are created on the fly and can be initiated by anyone in attendance. This unique formula allows for one discussion topic in one seminar to lead to an entirely new seminar on any of the evolving relative issues.

The BeenVerified.com team was in attendance to attain and exchange knowledge and see if there was anyway for us to educate the general public on some of the various protocols, projects, and companies involved. So we figured what better way then to hear explanations from the leaders of these initiatives themselves. Here is our video diary of a number of really exceptional forward thinking individuals.

Phil Windley and Kaliya Hamlin, Internet Identity Workshop 2007b

Phil Windley and Kaliya Hamlin discuss online identity and what the Internet Identity Workshop is all about.

David Recordon – Six Apart, OpenID

David Recordon from Six Apart and Vice Chair of OpenID foundation discusses OpenID.

Josh Levy, CEO and Co-Founder of BeenVerified.com

Josh Levy, one of the co-founders of BeenVerified.com, talking about what BeenVerified does and why IIW is so important.

Eran Hammer-Lahav and Chris Messina, OAuth

Eran Hammer-Lahav and Chris Messina discuss the highly anticipated release of the OAuth 1.0 spec and what OAuth helps to solve.

Mike Jones, Microsoft/Cardspace

Mike Jones discussing the features and benefits of Microsoft’s CardSpace and Information Cards.

Joseph Smarr, Plaxo

Joseph Smarr from Plaxo talks about the open web and what Plaxo is doing to make online identity easier to use across the social graph.

Terrell Russell, ClaimID

Terrell Russell of ClaimID.com talks about what ClaimID does and how it helps people take control of their online identity with respect to search engines.

Michael Graves, CTO, JanRain, Inc.

Michael Graves, CTO of JanRain, Inc., discusses JanRain services and OpenID.

Paul Trevithick – Higgins Project

Paul Trevithick is the co-team leader at the open-source Higgins Project. Here he details how Higgins contributes to the open source information card project.

Drummond Reed, XRI/XDI/iNames

Drummond Reed defines XRI and XDI, a new approach to identity identifiers on the web through the use of i-names.

Pamela Dingle – Pamela Project

Pamela Dingle discusses the efforts the Pamela Project has developed to easily integrate Information Cards into any website or community.

Ashish Jain, Ping Identity

The Director of Technology, Ashish Jain, from Ping Identity discusses what Ping Identity brings to enterprises and the online identity world.

At the Internet Identity Workshop today, OpenID 2.0 officially launched. At the NY Tech Meetup last night, someone commented to me that OpenID just isn’t worth it in its current form and that he created an OpenID but can’t remember what it is or how to use it. I wrote up my thoughts and recap of my conversation with JanRain Founder Larry Drebes. Richard has some additional commentary on the final release today. It’s still missing the marketing. I will keep saying this until it’s fixed.

Janrain noted today – OpenID 2.0 offers an improved user experience for consumers and reduces Web application development time by up to 30-40%.

New features for users include:

• Security Improvements – Heightened authentication procedures dramatically reduce the risk of identity theft and phishing attacks.
• Attribute Exchange – Enables OpenIDs to transport detailed profile information including frequent flyer numbers, calendar information and favorite books and movies.
• Directed Identity – Individuals who wish to maintain more than one profile now have access to single sign-on without the using the same OpenID on each site.

New features for developers include:

• Ubiquitous Library Support – Application developers benefit from high-quality library support available from JanRain and other vendors for all popular languages and platforms.
• Extensible Discovery – XML based OpenID discovery. Rich service content available at OpenID service endpoint.
• Extensions – Formalized extensions enable new technologies such as Attribute Exchange.
• Identifier Recycling – Formal policies and procedures now exist to handle expired OpenIDs.

Last week I had the opportunity to speak with Larry Drebes, VP of Engineering and Founder of JanRain. JanRain has a product named Pibb which we reviewed earlier this year and they also are heavy participants into OpenID. It’s OpenID 2.0 that we spoke about for well over an hour. I look at OpenID as an interesting challenge, one which I would love to be the head of marketing for. It’s a developer product, not a nice, fluffy marketing product which makes it interesting to try to get the mainstream to adopt. There is a huge need for a way to use the same identity credentials at multiple locations. Just yesterday, I had to create logins at 9 new services and each one basically asked me the same things – what a pain.

We spoke about the technology side of OpenID 2.0 for half the call, and the marketing/outreach side for the other half. Here are my notes from the call. And please read Marshall Kirkpatrick’s article on making OpenID easy.

OpenID 2.0 is more secure with better cryptography than the previous releases. Larry kept hitting on the point that the 2.0 release will have actual documentation which is a good thing. I hear there are several hundred pages of documentation. Available on the Kindle?

OpenID 2.0 comes with identifyer recycling – Larry noted that the largest Internet players (msn, aol, etc.) can often run out of logins, and OpenID 2.0 fixes this as it allows the providers to reuse the logins as needed.

Directed Identity is another new feature. Basically what this allows a site to do is to associate a person’s OpenID login with other accounts to build a reputation level. This is pretty cool – could be the reputation system we’ve been speaking about for ten years now.

There are 160 million "enabled" users – this includes any AOL user. Of course this is not the same as "active" users – the 160 million refers to accounts that could be used with OpenID.

Apple’s Leopard operating system comes with built-in OpenID libraries. This is the first time that an OS comes with OpenID built into the core.

We briefly spoke about Pibb and Larry noted, "We believe communication is the killer app of the Internet and the current crop of communication tools has stalled on features and functions." Pibb has 8000 users and they are working towards a 2.0 release early next year. Naturally it will be rich in OpenID functionality.

One of the things I asked about is why there is no browser plugin with OpenID built-in. This way, when I hit a site that uses it, it automatically logs me in and gets everything setup in the background without any work on my part. Larry said there is a plugin in the works for Firefox called "Seatbelt" and it’s created by Verisign.

There is talk that Google and Microsoft will begin supporting OpenID as well. Google announced yesterday that Blogger now supports OpenID for commenting.

Fine, the technical side of OpenID 2.0 is set and ready-to-go. It’s hot. Now, what I’d like to see is marketing staff added to the project. Let’s make this a bit sexier, and way more consumer-friendly. I’d love to see OpenID camps only for marketing. OpenID has to become as common a term as Google is for searches or iPod is for music devices. When we reach this point, the 160 million enabled users will actually become active users. And then instead of focusing our time building "YALS" (yet another login system), we can focus on building great applications and let the login be handled by OpenID.