Possible Cons of the Implementation
It is unusual starting with the negative aspects of a service but it makes sense here, I think. As I have mentioned earlier on this blog, Yahoo! is currently only an OpenID provider, so users can’t log in with other providers’ OpenIDs to Yahoo! yet. Also it is just supporting the new OpenID 2.0 standard. That might be a letdown for some users as they probably can’t log in with a Yahoo! OpenID to their favourite OpenID-enabled websites.
On the other hand, adoption of OpenID 2.0 will certainly grow over the next few months, because it provides more (security) features and as paradoxical as it may sound, Yahoo! will be a driving force of this as well. Companies won’t miss the chance to allow Yahoo! users a simple login method to their sites. However it is misleading that Yahoo! links to a list of OpenID consuming sites, disregarding that many of them don’t support OpenID 2.0 yet, and therefore users might become frustrated. It was better if Yahoo! just linked to some selected consumers which are supporting OpenID 2.0 already.
I am missing some kind of audit log where I am able to view my activities and can revoke approvals of relying parties. Would be cool to have this someday.
The implementation is very user friendly and provides understandable explanations of all steps involved with setting up and using an OpenID with Yahoo! I think a lot of effort went into this, making it graphically appealing and even providing a short tutorial on OpenID. Many providers could learn from this.
Setting up the OpenID is easy. First, users have to opt-in to using OpenID with their Yahoo! IDs. That should resolve some people’s concerns that they were “forced” to use OpenID with Yahoo! They can still use Yahoo! IDs the same way as they did before if they don’t like OpenID.
Yahoo! OpenIDs are actually some anonymous, auto-generated URLs which look like this: https://me.yahoo.com/a/SGnF5axjseY4xrv.BKKYF3Xp4v– However users can also customize the OpenID. There are some suggestions provided – including a Flickr URL if users have an account there – but it can be defined by users the way they like. So when signing in to a consumer users can choose from two OpenIDs, the auto-generated one or the customized one (see example below). Though they don’t need to sign in with those URLs; yahoo.com is all people have to remember.
Despite the lack of support for OpenID 1.1 I like Yahoo!’s implementation a lot. The explanations and ease of use make it perfect for especially non-techie users who just want an easy way to sign in to more sites than just Yahoo!’s. There is no need to remember long OpenIDs or to read about OpenID before starting to use it. All necessary information is provided. This implementation is certainly a blueprint for many more services that want to adopt OpenID.
Yahoo! just needs to add consumer support as well. That would be important. Hopefully today’s news won’t be an excuse that there were not enough resources available to do this anymore.
There is an interview and demo with Yahoo!’s OpenID architect Allen Tom available which runs you through all the features of the implementation.
Johannes Ernst has an excellent article on the business aspects of it as well.