Yesterday, the OpenID Foundation (OIDF) published its review of 2009. The numbers mentioned in the blog post look great. Having over 1 billion OpenID enabled accounts worldwide and over 9 million sites that let users log in with an OpenID are truly impressive numbers. Also it is a great list of companies providing or consuming OpenID.
I also applaud the OIDF for cooperating with the US government and initiating a strategy where OpenID logins on federal government websites become reality. It is a great way to help citizens engage with government agencies because they don’t need to register again just to gather some information, making an appointment and what not. Hopefully, this will become a blueprint for other governments as well.
However, having a closer look at the blog post, it becomes apparent that all that glitters is not gold. At least in my opinion.
- Some of the mentioned OpenID providers like German GMX and Web.de are hardly recognizable as providers. Users can only use credentials of those email providers on Facebook. Well, actually (automatic) login only works if users are already logged in to those providers and Facebbok makes a checkid_immediate call. Having login credentials that only work for one website? Interesting concept.
- Many big and small companies are mentioned that accept OpenID. However quite a lot of them rely on JanRain’s RPX. There is nothing wrong with it. JanRain is about the only small, independent OpenID company that established a viable business model with RPX.
But RPX is not only featuring OpenID as a login option but also Facebook Connect and Twitter among others. And some of the companies listed in the blog post don’t even allow logins with custom OpenIDs. Just have a look at the Wetpaint and Qype login screens. Yes, Yahoo!, MySpace, and Google logins are based on OpenID but users cannot use a custom OpenID:
- And some of the mentioned companies have not even deployed OpenID yet, e.g. German Scout24, a subsidiary of Deutsche Telekom. If I got things right, Scout24 will also use RPX.
Yes, OpenID progressed in 2009. Though the technology has become more hidden, either behind obscure provider implementations like at GMX or behind buttons and logos of big vendors like Yahoo! and Google. Actually, it is not bad that technology becomes less obvious for users but the original idea of OpenID is gone as well: Having a URL
To empower individuals to define and offer and enforce their own terms in their interactions with others. To not merely be somebody’s user or consumer, but to be a first-class citizen of the net. To not be at the mercy of any government or organization.