[simonw]

"one of the worst executed visions of all times"

What could have been done better?

I spent a couple of years advocating for OpenID adoption, because I believed that the alternative (one or two companies controlling login for the entire Web, ala Microsoft Passport or Facebook Connect) would be a massive blow to the decentralised nature of the internet. I believed that OpenID's usability issues could be resolved if enough smart people got involved in figuring them out.

Clearly I was wrong on that last point.

And yes, my latest project (lanyrd.com) uses Twitter rather than OpenID for authentication. From a developer point of view, that gets me the benefits I hoped for with OpenID (SSO, portable identities, instant contact lists) without having to wait for the world to agree on the standards. I just wish we could have figured out a decentralised solution.

[jdp23]

For most users I talk to, an email address (rather than a URL) is how they think of identifying themself in a cross-system way. Orienting the spec around that would have made a huge difference.

Were there HCI experts a big part of the community that put together the vision and architecture? How diverse (tech background, language, age) was the original community? Both of those are areas that could have made a big difference.

It remains a great vision, so hopefully people will continue to work on it.

[zmmmmm]

> For most users I talk to, an email address (rather than a URL)

Hits nail on head. It's unbelievable how dumb geeks who try to design UX experiences can be (and I say this as one of them). The first day I saw OpenID I was amazed that anybody would try and use a URL as an identifier.

Why would anybody put something that no normal person understands front and center of their UX? This is like opening a shoe shop and putting a quiz about 2nd order differential equations on the front door. Guess what - nobody is going into your store!!!

It was already a huge challenge to get people to understand the concept of using a login from one site to login to another. But it was doomed from the start the minute someone said you should have "http:// in front of your username.

[mckoss]

Why haven't more people migrated to WebFinger for identity?

http://www.readwriteweb.com/archives/google_enables_webfinge...

It uses your email address, and seems to offer a good way to get access to an OpenID-like sign in (maybe this is using OpenID or OAuth under the covers?)

[Corrado]

It looks like WebFinger is not really an authentication system but functions more like a user profile. It lets someone know what music you listen too, or what programming language(s) you know but it doesn't prove that you are you.

[sloak]

Simon, I know the work you and others have done and continue to do in the OpenID world, and it's commendable work.

The problem with OpenID and other Open Web work IMO is the sheer number of half-baked specs brought forward. Much more than any other standards group. I don't know why. “The nicest thing about standards is that there are so many of them to choose from,” like Tannenbaum said. Perhaps there is a general lack of attention span, a ohh-shiny problem, a not-invented-here problem that is particularly rampant in this community.

[alain94040]

"one of the worst executed visions of all times" What could have been done better?

I'll tell you what it should look like (the fact that it's impossible is not the point): whenever I land on a site that asks me to login, I get a menu of all my possible accounts, I pick one, and I'm in. End of the story.

Kind of like Dropbox being simple and intuitive when everyone else was building overly complex stuff.

[jacquesm]

Ok, it's impossible. Now tell me how you're going to do it anyway and laugh all the way to the bank.

The fact that you can conceive of it means that it likely isn't impossible, merely very difficult and possibly non-obvious. But that's how pretty much every real success story starts. You really may be on to something here.

[mbrubeck]

This could be possible if web browsers (not just web sites) were aware of the standard and participated in the UI flow. Mozilla Labs prototyped something along these lines (not targeted for inclusion in Firefox 4, but possibly for the next release):

http://hacks.mozilla.org/2010/04/account-manager-coming-to-f...

[brlewis]

Can't be impossible since it was done: http://www.clickpass.com/

Nice implementation, poor sales/marketing.

[petenixey]

It's kind of you to say but the reason our sales and marketing was poor was that we couldn't figure out what we were selling or marketing. Try as we might we couldn't figure out who really wanted it and where to make money.

Most websites simply can't see enough of a bang for an engineering buck they could be spending on something else (i.e. they don't even want to install it, never mind pay for it) and if it's done well consumers don't even see it so there's no money to be had from them either.

I'm sure we could have made it all slicker still but even Facebook login takes some justification and Clickpass didn't deliver anything like the value that that does.

[brlewis]

For early adopters who try out lots of different sites, Clickpass would be a big win for both the users and the sites. Once the early adopters are doing it, everybody else will see the convenience.

[kenjackson]

The potential problem with this solution, although I do like it, is that your accounts can be attacked by someone who has any one of your login/pw combinations. You must treat them all as equally valuable. I'm not sure people on the web are at that point yet.

With that said... isn't that really like OpenId?

[jokermatt999]

Isn't this kind of what Blogspot does? I'm not very firm on the background, but generally when I go to post a comment on a Blogspot/Blooger site, I'm given a choice of either my Google account or OpenID, with openID being a choice of several favicons (Yahoo, Google again, etc).

[coliveira]

The real answer is that for the web to continue as it is, no such system must exist. If you require a single authentication, the web stops being a loosely couple system and becomes dependent on a single entity.

[SoftwareMaven]

But the value of OpenID is that it isn't a single system. Anybody can be an OpenID provider, including me with the box sitting in my basement.

[uptown]

I believe that part of that design is what's so confusing to non-technical users. If somebody were to tell them that 'the box in your basement' could be used to verify access to their banking website, you'd completely lose them. Granted, its an implementation they'd likely never encounter, but the fact that its possible just contributes to the noise around OpenID.

[jarek]

If you were to tell people in 1985 that they would be able to see their credit card balance on an LCD of a mobile phone while jogging, you'd completely lose them too.

[davidchua]

I would think that you would lose them on 'mobile phone' instead.

[silverlake]

> What could have been done better?

I'd have tested the UI on my mom.

[stumm]

Wasn't web finger supposed to fix some of the usability issues with openID? I don't think I ever saw that added, but I could be wrong.

[bane]

As a user, logging in with OpenID is a huge PIA compared to normal login procedures.