Today I have read an article on a Swiss blog which really made me think. The author’s company is offering various courses on research on the internet and also on using Web 2.0 services. He mentions that many participants of those courses have problems registering with Web 2.0 services and setting them up properly because the registration process was too difficult for them.
What’s the big deal about registering with any service? Well, that has been my first thought. I – and probably most readers as well – sign up to sites almost daily. No problem: user name, password, every now and then OpenID, some very basic profile data and you can start using a new website for your own benefit.
So why should there be any problems? According to the author because people are stillstuck in Web 1.0. They didn’t need to register with any sites before and are not used to it. This is raising two questions:
Is there a gap between internet users?
The question deserves an affirmative answer, I think. Ask family members, friends, and colleagues if they have heard about or even use RSS, blogs, Twitter, and Digg. I guess most will negate the question. Sometimes we seem to forget that most people still don’t spend a lot of time on the internet and therefore don’t know much about new trends and services. Recently I have participated in a survey about technology and internet. One question was how many hours I spent on the internet each week; the highest number I could choose was 20 hours. Yes, just 20 hours.
Can OpenID profit from it?
I am not sure. Of course, just a single password was required anymore and most profile data could be stored centrally at the OpenID provider. But wouldn’t users be even more confused if the relying party was forwarding them to the IdP and from there back to the relying party?
While I think that signing in to websites with an OpenID is pretty straight forward already, the process should be even more simpler and as unobtrusive as possible. Most people expect a quick registration process without any hassles. The involvement of a second website (=Idp) will put many off, I guess. So the IdP should be almost invisible to them. I don’t know if that’s possible but it should be considered if OpenID was to be adopted by a large number of users.
I have to agree with Carsten: OpenID is not applicable everywhere, and still in an early stage. There are some changes/extensions that are being made to the protocol, and hopefully they solve some of the issues. The OpenID protocol takes some load from the users and moves it to the server, but I believe it's worth it, with OpenID it's much easier to get new users to "register"/use your site. Time will show if OpenID is good or bad :-)
Carsten Pötter
OK, an email address might be useful. As a relying party you could use the OpenID Simple Registration Extension (see also here) so you can retrieve the user's email address. Though while I favour OpenID I don't think all websites have to implement it; it's their decision. OpenID is still in a rather early stage of development and will improve over time.
Spammers, I hate spammers... In a previous life I worried about email spam and writing anti-spam software, now I'm dealing with link URL spamming for PageRank. I dig into some of the spam accounts that are created and they are using disposable yahoo email addresses to create their accounts.
OpenID vs. InHouseID they really don't prevent or promote spam in any way, the biggest problem is that all a spammer needs to do is set up effectivly a NULL authentication provider -- forget disposable email address, it's disposable providers -- as any OpenID credential is valid. Now, we're off in a land of creating openid credential trust networks, possibly verisign shows up and makes some grand claims.. In general, the OpenID network (aka the whole internet) becomes the weakest link. For InHouseID -- sure I'm not going to claim to have a perfect solution, but at least I can enhance or modify the security measure as I see fit along with a minimum standard...
It's not about our Privacy Policy -- since while I won't sell your name ... I will spam you (oh, notify you about new features). If it wasn't for that I would still need your email address to confirm things, notify you about specific events on your service, try to convince you to come back once in a while...
Carsten Pötter
"...but heck it’s the same everywhere anyway..." :D That's one reason why I really like OpenID. I KNOW that I used just two or three different user name/password combinations because I'm lazy.
Anyway, I see your point. You want control on who is using your website. I can understand this. Though is it really necesary for your (or anyone else's) website to store data like my email address? You can't make much use of it if you have a privacy statement which doesn't allow disclosure of personal identifiable data to a third party. Also it is not really necessary to use captchas or confirmation emails to block spammers. If spammers can sign up with an OpenID they can also sign up with disposable email addresses. I am naive, ain't I?
The problem with OpenID is that it's "difficult" to really share profile data.
As a website I want to have a user register, give me their email address and a bunch of other tidbits (Name, location, etc.,etc.) So here comes OpenID -- great I now can "skip" the one page of please pick a username and password, and trade it for 2 pages of "login with your openid", approve that your openid should share information with my site (typically a horrid page design). Come back to my site and I'll still give you just about every text box that you would have had anyway, plus I'm going to present either a captcha or a confirm email flow just to make sure that i'm not getting spammed.
So as a site builder, there's little value in OpenID ... As a user I don't have to have another username / password, but heck it's the same everywhere anyway...
Carsten Pötter
There is a new Pew study on internet and mobile devices use of US Americans which is pointing in a similar direction.
yeah, there is. And as using rss properly is like driving on the highway whilst not using it is like walking, the gap gets bigger every day.
Carsten Pötter
Yes, people had to register accounts for free email providers like Hotmail and GMX and also to sites like you mention. Maybe it's not just registration but really setting things up, even if it's just digging a story on Digg. I don't know but I guess the author of the article is knowing his clients pretty well.
I agree on your point about big IdP's like AOL. If they really want to push OpenID they better start explaining it to their users now.
I also didn't think registration is a problem. Again, isn't it plain false to say the Web 1.0 didn't require registration!? There were also discussion features on news sites or forums which required registration. And if you take todays social networks (and even 1.0 dating sites and thelike), there are not only tech-aware users on them. Anyway sites should try to make this process as simple as possible, not too confusing. OpenID might really confuse people in the beginning, but I believe they can learn how that works because the concept isn't too complex. It's the job of the OpenID providers, especially big sites who become OpenID providers now (like AOL), to explain their users what OpenID is and how they can use it. And then OpenID lowers the barrier to use a new site which is, what I always say, an advantage for businesses on Web 2.0.
Carsten Pötter
I really hope so because OpenID is simplifying the registration process. Though while I have been aware of the gap between different kinds of people using the internet, I never thought that registration was really an issue. The gap is probably even bigger than I could imagine. Makes me think.
Sometimes the results of OpenID logins look a little bit strange, certainly not as expected by users. Blog comments are a good example. Usually I would expect my real name or username displayed there but occasionally it looks like this:
The provider simply didn’t send my name (Google in this case).
While some providers allow personas, i.e. [...]
Oh no, not another post on OpenID already, you might think. Well, the new year is only a few days old and there are already three posts and tweets respectively that got me thinking about it again. But if you don’t want to read about OpenID again, just ditch this post.
The Idea of [...]
This blog post is a little bit different from the not so relevant open web centric stuff you usually find here. However I think it’s a good story about great customer service. So why not share it with you, although I play the stupid part in this story?
On Sunday I checked my credit card bill [...]
Microformats are really cool. Small snippets of code that semantically describe various information included in any published text on the web. It’s not visible information for end-users but rather metadata that can be crawled and parsed by search engines or extracted by other means, like browser add-ons.
While microformats are rather simple – even I understand [...]
