The blogosphere is abuzz this morning about the great news for OpenID – Yahoo! is now supporting the single user sign-on process. Kinda.
This is a pyrrhic victory for OpenID. Yahoo! is now allowing you to use your Yahoo! ID as an OpenID, but they aren’t ACCEPTING OpenID to log in to their site. Acceptance as a relaying party is where the bottleneck is – something Yahoo! themselves mistakenly aluded to on their own OpenID page:
OpenID is an open technology standard that solves all of these problems. The OpenID technology will allow you to use your Yahoo! account to sign in to hundreds of web sites! And this list is growing every day…
Nice. There were at least 120,000,000 million OpenIDs in existence, including those served up by AOL, MyOpenID, ClaimID etc., and now there are something like 370,000,000 with the inclusion of Yahoo! IDs. And there are hundreds of websites you can use it on? I’d hardly call this “finally reaching critical mass.”
I’ve heard a number of reasons why OpenID has had such a difficult time, but the biggest has surely been technical. It’s justified (coming from experience), and then not.
Getting your website to accept OpenID can be a bit of a chore. If you’re a blogger, your primarily reliant on the work of smart developers in the open source community. They produce the plug-in for, say WordPress, and you download and install. If you are running a platform that isn’t getting much attention, you have to pull source from the libraries and try implementing it yourself – the same goes for any website you are running not using some “preferred platform.” And there are always associated problems to deal with – even though I prodded one outstanding developer to update a plug-in so I could accept OpenID comments on this blog, I’ve got database problems which I’m too busy (aka lazy) to fix so I can.
Conversely, putting up a simple OpenID provider is not too difficult a task. You can install a copy of WordPress MU and add the OpenID plugin. You can grab a copy of Drupal which has most of the components built into the core. Or you can just pick up some free standalone server code and spend a few more hours tweaking it yourself. You don’t yet have a critical mass of users, but you do have a functioning system.
Boiling down misaligned incentives
It seems there is little or no incentive to accept OpenID, or I’m going to have to weigh some risks – and it is difficult to execute. Meanwhile, there are plenty of reasons to hand out IDs, and I can have a server up within hours.
Why aren’t the megaliths tripping over themselves to integrate relaying agents? The answer is simple – data. Offering OpenID on a provider-only basis could be a boon for sites – they have all the information associated with your use of their service, and can grab tidbits on your use of other websites. It presents the perfect opportunity for someone like Yahoo! to gather “social graph” information on its users without the cost associated with building (or buying) another Facebook. If you were allowed to use your third-party (or self-managed) OpenID on their site, you’d have no incentive to maintain your Yahoo! ID and Yahoo! would potentially lose two sources of information.
Acceptance is still the big issue. If millions of sites allowed OpenID, the authentication process could solve a lot of problems – it isn’t happening because there are few if any incentives to accept it. There has to be a tangible benefit for those allowing OpenIDs in (and please don’t say “but you’ll get more comments” – that’s like saying you’ll get more spam). I’m now beginning to believe that OpenID is also going to need choice, in the form of millions of OpenID providers. A dozen or so significant providers controlling hundreds of millions of accounts isn’t going to cut it. Unless of course it’s renamed OligarchyID.
UPDATE: Marshall Kirkpatrick says don’t throw a party just yet. Pay attention to the points about extension of provider brands versus extension of the OpenID brand.
UPDATE 3: Yahoo! could have done much better here for sure. Maybe they should break themselves up before they bring their partners down with them?