OpenID, a distributed single sign on solution that allows people to sign into different services with the same login credentials, gained significant momentum over the last year as Google, Microsoft, Yahoo and AOL all pledged their support for the initiative.
There are two ways companies/websites can participate in the OpenID framework – as “issuing parties” or as “relying parties.” Issuing parties make their user accounts OpenID compatible. Relying parties are websites that allow users to sign into their sites with credentials from Issuing parties. Of course, sites can also be both. In fact, if they aren’t both it can be confusing and isn’t a good user experience.
The problem, though, is that the Big Four Internet companies that I mentioned above have made big press announcements about their support for OpenID, but haven’t done enough to actually implement it. Microsoft has done absolutely nothing, even though Bill Gates announced their support over a year ago. Google has limited its support to Blogger, where it is both an Issuing and Relying party. Yahoo and AOL are Issuing parties only.
This isn’t just toe dipping in the OpenID pool to see how things go before jumping in. Putting my conspiracy theory hat on, it looks to me like these companies want all the positive press that comes from adopting this open standard, but none of the downside. By becoming Issuing parties, AOL and Yahoo hope to see their users logging in all over the Internet with those credentials. But they don’t accept IDs from anywhere else, so anyone that uses their services has to create new credentials with them. It’s all gain, no pain.
I spoke to Bill Washburn (the Executive Director of OpenID and only paid employee) and David Recordon (Vice Chair of OpenID) today about the hesitation of the big guys to fully implement OpenID. Both were careful not to criticize, noting that the support of these companies has been an important driver of OpenID awareness. But both also said that they would really like to see full implementation happen sooner rather than later.
Recordan says that at least 11,000 sites now take OpenID credentials for sign on (see image to right). Among them are some large services like 37Signals and LiveJournal. And the open source community has been great about building OpenID support into their software, Recordan says, so that others building on that software can launch Relying party services. Among the projects that support it are Drupal, Movable Type, WordPress.org, Ruby on Rails and MediaWiki. But all of those services put together have nowhere near the user footprint of any of the Big Four.
I’ll say what the OpenID Foundation cannot, for political reasons – It’s time for these companies to do what’s right for the users and fully adopt OpenID as relying parties. That doesn’t fit in with their strategy of owning the identity of as many Internet users as possible, but it certainly fits in with the Internet’s very serious need for an open, distributed and secure single log in system (OpenID is all three).
If and when the Big Four become relying parties, the floodgates will truly open and there will be no looking back. And until they do that, I’m not buying that they really support what OpenID is trying to accomplish.