Online Shopping with OpenID

A couple of weeks ago Thomas Huhn and I discussed OpenID and online shops. We noticed that hardly any of them have adopted the technology yet. Well, actually I don’t know any at all. Maybe Thomas knows some. However we noticed that more and more shops – at least in Germany – don’t require customers to register an account permanently if they don’t intend to return to the site later. Creating accounts is just a matter of convenience. No need to provide details once again if customers return.

Though from my own experience I can say that I am hesistant creating accounts at online shops. If I have the option to purchase products without that step, I go for it. I rather type in the required information once again if I return to a certain shop later. There is no specific reason why I don’t want to create accounts all over the place. Maybe I just want to keep the number low.

What about OpenID?

Online shops should implement OpenID. That changed things for me. I had to provide necessary details like my address just once. Not to any shop but only to my OpenID provider. There are cool extensions to the OpenID protocol which support this: Simple Registration and Attribute Exchange (also see Dennis Blöte’s excellent article on the topic). Both extensions allow transfer of profile data from an OpenID provider to a relying party, e.g. a shop. The first time I confirm my OpenID to a shop, it (=the shop) asks for that data. If I allow it to always fetch that data all future authentication requests work without me interferring.

So what happens if my address changes? Now you might argue that I still had to update all my accounts at online shops. I think that’s unnecessary. Shops don’t even have to store that data. Thanks to Simple Registration and Attribute Exchange. Assuming my address changes I will update it at my provider. When returning to a shop it simply asks my provider for the necessary details again and gets updated information. It’s really that simple: the shop will always have updated data but doesn’t have to store it and doesn’t even have to ask me for it. When the products are delivered and paid, it can delete my data.


Can online shopping be even more convenient? APML comes to mind. It collects users’ attention data and their interests, e.g. their favourite music or movies. Just think of Amazon’s recommendation system. The data is stored in a file which can be shared and parsed by services that support the standard.

The APML file can be stored everywhere. Why not at my OpenID provider? A shop could ask for that file and it would be transferred to it from my provider and I could get recommendations based on my attention profile even if it’s the first time I visit the shop. That’s not suitable for every kind of shop, of course, but for CD shops it worked if my APML file contained all the music I listened to on for example. And that’s the difference to Amazon. Amazon can only recommend products to me if I already purchased products there or surfed the site intensively. A shop supporting APML can do that right away.

As far as I know there is no discovery specification for APML files yet. I had to tell the shop where it is. But I think that problem could be solved someday. I am not a developer, though. So maybe it can’t!? Update May 3: Actually there is discovery already implemented. I just should have had a look at the source of my blog. It looks like this:
<link rel="meta" type="application/xml+apml" title="APML" href=""/>

Well, it was even a greater shopping experience if the online shop could update my APML file based on the products I purchased there and wrote it back to my OpenID provider. Once again I don’t know how this could work. Maybe OAuth is a solution or even Attribute Exchange as it is capable of storing data at the OpenID provider. Maybe some clever minds know. I just write stupid articles. 😉


Maybe those ideas are really just plain stupid but I think OpenID could really help making online shopping more user friendly. There are benefits for both customers and shops. Customers don’t have to deal with registration processes anymore and get better recommendations for products they might be interested in. On the other hand, shops will always have more accurate data of their customers and with APML support they could even boost sales because customers are only shown relevant products. Also they can save on data management.

Maybe there is even some revenue for OpenID providers. Since they provide user data and even valuable attention profiles they could get a fixed percentage of sales made by their users. Think of credit card companies’ business model.

12 thoughts on “Online Shopping with OpenID”

  1. Hey Carsten,

    thanks for the reference to my article. I guess SReg with its limited set of properties cannot be a real solution, but AX can solve this problem: There are already some experimental types defined, that are targeted at exacly the use case of ecommerce.

    I guess I wouldn’t choose OpenID to transfer my credit card data, though 😉

    See you at IDCamp Bremen,

  2. Currently I also don’t want OpenID to transfer my credit card details. I should have mentioned that in the article. Thanks for mentioning it. 🙂

  3. Once again a great article, Carsten. Gave me a couple of good ideas I should look into. I’m really sorry I couldn’t make it to the pl0gbar last tuesday, maybe next time.

Comments are closed.