Oh no, not another post on OpenID already, you might think. Well, the new year is only a few days old and there are already three posts and tweets respectively that got me thinking about it again. But if you don’t want to read about OpenID again, just ditch this post.
The Idea of OpenID Connect
Let’s start with Chris Messina’s proposal of OpenID Connect that got some attention in the blogosphere over the last few days. According to Chris OpenID Connect should be a concept similar to Facebook Connect and Twitter Connect:
OpenID Connect is a technology that lets you use an account that you already have to sign up, sign in, and bring your profile, contacts, data, and activities with you to any compatible site on the web.
Sounds good? At long last, a product based on OpenID that could be marketed and is similar to its rival Facebook Connect? Maybe. But we could have that product for a long time already. Isn’t there an OpenID/OAuth Hybrid protocol? Isn’t it possible to perform discovery of a service catalogue containing contacts, photos, and much more via XRDS-Simple?
I cannot comment on the technical differences of both approaches or their shortcomings. I simply don’t know them and never really had a look at OAuth WRAP so far. I’m just a dumb enduser. But from what I can tell it was possible to build something similar to Facebook Connect that wasn’t a product but a combination of a few protocols that could work almost the same way. However, no one cared to think about a reference implementation and documented it. So at least Chris’s idea of OpenID Connect could start a new discussion – and actually much needed work – about establishing a product based on open standards. I just hope marketing efforts will follow.
Yes, it is as simple as this: Hutch just wants an email transferred while signing up to a new service. Those of you familiar with OpenID know that it’s possible. There is the Simple Registration Extension (SREG) and there is Attribute Exchange (AX). Both protocol extensions allow transferring an email address – among other data – from the OpenID provider to the consuming website, the relying party. Though both parties – the provider and the relying party – need to support them. However this great feature is mostly unknown to even tech savvy guys like Hutch.
How come? Back in the days of the old OpenID version 1.1 most providers and relying parties supported SREG. Unfortunately, when big providers like Google and Yahoo! jumped on board of OpenID this fine extension got forgotten by most people, simply because the big vendors didn’t support it. When Yahoo! started supporting some SREG values in November 2008 it was applauded and reading some of the blog posts about it, it sounded like Yahoo! re-invented the wheel. Hey, the current SREG specification is final since June, 2006! Yes, since the summer of 2006. So no real invention in the winter of 2008.
Confusion about the OpenID Name
The next blog post suprised me a little bit and I thought the blogger was probably an exception for getting some aspects of OpenID wrong. Basically, she thought she had to pay $25 for getting an OpenID when visiting OpenID.net. As it turned out, she was confused with the membership fee of the OpenID Foundation. Actually, I thought this would never happen. But it did and what if she was not the only one as she pointed out in the comments? Also she already had an OpenID from MyOpenID but thought it was something different, just because of the name.
OpenID Needs Marketing
Those three examples show one thing: OpenID needs more marketing! Though any marketing needs a product. So OpenID Connect or whatever it will be called in the end is a step in the right direction. Marketing should be done by those who know their job: marketers. Not developers as is the case mostly these days.
Also it’s probably a good idea to get more in touch with big tech blogs like Techcrunch, Mashable, and Read Write Web. They have turned mostly into news sites that need a story to write about. They hardly do intense research, so no one can expect them to find out the subtle technical details of something like OpenID, its extensions and related protocols. So in the end OpenID might get better press and won’t look like the inferior identity protocol to Facebook Connect.