I posted the following at EnThinnai blog. Please post your comments there.
In one of today’s post, Michael Arrington takes issue with the big Internet companies for their lack of support for accepting OpenID credentials from others. He argues that “… [they] have made big press announcements about their support for OpenID, but haven’t done enough to actually implement it.” He goes on to say, “Putting my conspiracy theory hat on, it looks to me like these companies want all the positive press that comes from adopting this open standard, but none of the downside. … It’s all gain, no pain.” Even though he quotes Bill Washburn, the Executive Director of OpenID Foundation and David Recordan, the Vice Chair of OpenID Foundation, he uses their equivocal remarks on this matter to admonish these companies “to do what’s right for the users and fully adopt OpenID as relying parties.” I, as an interested person in being a Relying Party, don’t agree with his analysis and for that matter do not share the general perception of the benefits of OpenID.
First a cheap shot: Michael, there are no downsides in being a Relying party and there are no pain points. If anything, OpenID simplifies the lives of Relying Parties. More seriously, the confusion is created by OpenID proponents themselves because they highlight unrealistic benefits.
A relying party that has decided to accept OpenID has no obligation to accept ID issued by one and all ID providers. For example one of the stated reasons for Sun to issue OpenID to its employees is that retailers who would like to give discount to Sun employees can use Sun issued OpenIDs as verification of employment. So it is conceivable that a retailer may decide to accept OpenIDs issued by Sun and nobody else. OpenID is a “Passport” and not a “Visa”. One of the implied casualties is the possibility of Single-Sign-On.
Secondly, there is a general perception that registration procedure is simplified because the Relying Parties could collect profile information from the ID providers. Even though the protocol allows for this exchange of information, there could be external reasons for Relying Parties to explicitly collect them from their users.
These are the top two claimed benefits of OpenID. But many of the OpenID proponents do not emphasize the real benefit of OpenID. We all the time joke that “in Internet, nobody will know you are a dog”. So if a Relying Party is interested in serving senior citizens, then it can look for an opened issued by AARP. If a social network meant for middle schoolers, then it can look for an OpenID issued by school districts. This is the benefit of OpenID. So as a proponent of OpenID, I would like to lobby AARP, AAA and school districts to issue OpenID to its members/students. Then as a Relying Party I will be able to target services to the appropriate audience.
Now let me defend the actions taken by the big Internet companies. As I reasoned earlier, it is not against the protocol for a company to only issue OpenIDs and not accept from others. It is not even detrimental to wider adoption of OpenID. Just this morning Alec Saunders (most assuredly a friend and a well wisher) discussed Michael’s post in his daily Sqwakbox. There he mentioned EnThinnai and laments that one of the reasons he is not trying it out is that none of his friends have OpenID. This suggests that as a Relying Party, I will benefit enormously if the Big Internet companies issue OpenID to their members and raise general awareness. What will be my benefit that they also accept OpenIDs from others? I am afraid not much. On the other hand if they talk up OpenID and people have general exposure to it then Alec will not have his reservation. So I would rather advocate the big Internet companies to educate their members of OpenID rather than expend my goodwill on them accepting OpenIDs issued by third parties.
I am passionate about the objectives of EnThinnai and it is not viable without the services of OpenID. I do not care so much as whether other sites accept OpenID or not; but it is imperative that there are enough OpenID issuers and that Internet users have pocketful of OpenIDs so that any two Internet citizens will have a mutually acceptable ID providers.
So if you are an OpenID proponent then i urge you to do the following:
