“My problem: I have multiple OpenID IDs. I had an account with Yahoo, an account with AOL, an account with Livejournal, and so on. So now I have several “single” sign-ons. There’s no obvious way to consolidate all of them together into the mystical single sign-on.”
That’s because all of them are talking the talk but not walking the walk. As users we should accept nothing short of full a href="http://wiki.openid.net//Relying_Party_Best_Practices"Relying Party/a status. It’s particularly sad in LiveJournal’s case, given that the technology originated there.
For a user, this is no more or less secure than using e-mail authentication. I don’t think it would be any more onerous to set up another fake identity with an OpenID provider than it is to create another Hotmail/Yahoo/Google account.
In terms of being monitored by third parties, this is a little more explicit than the information that could be gleaned from having your account scanned by your mail provider, but the information it is possible to gather is the same.
One downside is that (at least) two servers are involved in authentication - which may lead to difficulty for users signing in at peak load. The OpenID servers become points of failure during login too, though this would affect a low number of users at any one time.
I think the biggest hurdle is perception - people don’t know what OpenID is (I didn’t), how to get one or how it is different to MS Passport. The biggest hurdle will be in developing a really good FAQ. Maybe get Joel to write an essay on it.
What if an existing popular sites made its accounts OpenID? Bam, your Google/Youtube account is now an OpenID. Sites can list that they accept “OpenID/Google account”.
It’d be much more straightforward if e-mail addresses were automatically parsed as potential OpenID accounts. Suppose for example that the site checked barry@example.com for an OpenID server at example.com.
I’m willing to bet though that most people already DO use the same e-e-mail address and password across multiple sites. It’s not centralized (and not perfect in terms of security), but it’s simple for the user. Ultimately I think if the user experience is to be improved it needs to make OpenID a lot more straightforward and transparent to the user.
I’ve been getting quite heaviy in to openId recently as I see it as a fundamental forward step in consolidating online identity. I’ve written a few posts on the topic over on my blog (…davidwhitney.co.uk/content/blog/index.php/2008/03/26/fractured-online-identities/ , /2008/05/06/stop-holding-my-data-hostage-data-ownership-and-web-30/ and /2008/05/20/web-30-data-silos-and-identity-portals-overthrowing-social-networks/ - mangled to avoid looking like link spam!) and I’m in the first few stages of trying to design an identity controlling platform to centralise personal data and feeds hinged on open id.
I really hope that open id will turn into something that users control on their own (perhaps some kind of physical home device that controls your identity that you plug in to the internet) allowing a user to have complete control, whilst the value proposition for consumer websites is that they don’t have to worry about user data, just add the value and the services they perform best. If this becomes as easy as setting up a facebook profile then it’s a huge victory for users. Obviously this isn’t appealing to data warehousing entities, but perhaps it’s a power they shouldn’t have over their users anyway.
It really just seems like handing the user control of their identity back is the first step to letting users define what data regarding them the internet has access to, and that’s nothing but a good thing. There’s a little bit of setup involved, but really it’s no harder than setting up webmail, and most people got the hang of that pretty quickly. It’s almost an easy sell when you tell people that they only need to maintain profile and contact data in one location- people like ease of use because repitition is boring.
I personally believe people should control the feeds of all data related to them, but that kind of integration is probably a long way off.
I’ve tried it, and its a freaking pain in the arse. Never tried it again. Too complicated. At least MSN Passport (live id now, or whatever MS has rebranded it to this day) at least worked seemlessly.
And btw, doesn’t this seem EXACTLY like using the same password for every site.
OpenId lets you choose who you trust to authenticate you. Sites implementig OpenId simply do not care who you trust - that’s your responsibility (kiinda like your password is!). That’s why OpenId is a good idea.
Personally, I like to control things as much as possible. Obviously, having to rely on an external provider to identify takes that control from me. This is why I was thrilled to find that I can be my own provider very easily:
I long for the day when I can log into everywhere using my email address, and all chat networks are linked together allowing me to speak to friends on MSN through Skype, or GoogleTalk, etc.
I want a single online identity that can be mine, and used everywhere - rather than having to sign up to everyone’s blog to post replies, host photos or whatever.
Jeff, after watching Dick Hardt Identity 2.0 presentation I see OpenID as a mere step for a more sane Identity Management Paradigm…also, their mozilla plugin Sxipper (http://www.sxipper.com/) do tend to make things easier.