Skip to content

Why Your Social Website Should Support OpenID

On Twitter I bitched about GitHub not supporting OpenID, and both Chris Wanstrath and Giles Bowkett chided me for not making an better argument for it than “it makes my life easier”.  The benefits of OpenID seem self-evident to me; but if I have to spell it out, here goes.

When I go to a site that supports OpenID:

 
  • I don’t have to spend even a millisecond wondering about how good their password security protocols are. With OpenID, they will never see my password.
  • I don’t have to weigh whether to use one of my standard web passwords.
  • I don’t have to make up a new password and remember to write it down somewhere.
  • I don’t have to use some 3rd-party program or Firefox extension to generate and manage random password, only to be locked out when I have to access the site from a public terminal and my thumbdrive is in my other pants.
  • On many sites, I don’t have to type in my name, email address, and zip code for the hojillionth time, because they are automatically fetched via OpenID.
  • Lastly, if I ever decide that I made the wrong decision about my password policy, I don’t have to remember and revisit the site in order to change my credentials.
In short, OpenID makes my life easier, and therefore I am more inclined to use web apps that support it than those that don’t.

This was written by avdi. Posted on Saturday, April 12, 2008, at 3:35 pm. Filed under Uncategorized. Bookmark the permalink. Follow comments here with the RSS feed. Post a comment or leave a trackback.

Viewing 6 Comments

    • ^
    • v
    OK. So now I have to respond. I had to make a whole gigantic presentation to answer your last spate of flame-war provocation. So let's see.

    OK, so the blog post, "Do Users Really Even Exist?"

    http://gilesbowkett.blogspot.com/2008/03/do-use...

    The answer is no. Users are a convenient fiction. What actually exists are logins. OpenID assumes users map directly to logins. Because of this it is only useful to Web developers. In real life people share logins with each other or have more than one login. That's my point in the blog post. You dissed it on Twitter saying it was an interesting theory, but that was silly. It's not an interesting theory. It's an observation of the disconnect between how Web developers like to imagine people act and how you can actually see people acting in the real world.

    OpenID is Web-developer-centric and based on an assumption that is wrong. It would be cool, IN THEORY, like Communism, but in reality, it's just ridiculous BS. Theories based on ideas which are repeatedly shown to be factually incorrect are theories which will not get you anywhere no matter how pretty they turn out to be.

    Also, Microsoft tried to do an OpenID style thing years ago, and failed. Here's the pattern with OpenID and Passport: developers decide it should exist, they build it, and nothing happens. Whenever you have a pattern like that, it means that the real world displays characteristics that people are repeatedly failing to recognize. This is similar to micropayments. Several attempts at micropayments failed in a row before developers decided to give in gracefully and stop providing a technology that the world clearly didn't want. After a while Clay Shirky figured out why:

    http://shirky.com/writings/fame_vs_fortune.html

    One day Clay Shirky will figure out why OpenID never happened either. And it'll be really freaking interesting to read. But until then OpenID really isn't worth taking very seriously, and when it becomes taking very seriously, it'll only be as a way of leveraging Clay Shirky's remarkable brain. OpenID in and of itself is really not worth taking very seriously.

    QED.
    • ^
    • v
    Giles, I'm a user. I'm speaking as a user, and nothing else. OpenID is of genuine value to me as a user. It is convenient and makes my life easier. Perhaps every other user in the world maps to your model and finds no use at all in it. But for me it has real utility. Chris was looking for how it was useful, and so (I thought) were you, and now I've explained it.
    • ^
    • v
    OpenID may be convenient, but it's also a security nightmare:

    http://idcorner.org/2007/08/22/the-problems-wit...
    • ^
    • v
    Ryan, thanks for that link. I am open to the idea that there are security problems with OpenID, and I have to say some of the cases put forward in that article are compelling (although the intro is a little off-putting - "our innovative technology for user-centric identity management" - conflict of interest much?). What I was responding to was the assertion that there was no apparent utility in OpenID, something I find provably false.

    I'm not concerned so much about the issue of centralization - I am my own OpenID provider. (And yes, I realize that I am in the minority in that). The fact that I *can* be my own provider, though, makes OpenID less centralized than previous attempts at single sign-on.

    I could probably be convinced that OpenID is not the best solution, although it would take concrete examples of better solutions. What I am not interested in is people telling me that it serves no purpose. It serves me well, and if it is flawed I want to hear about improvements, not hand-waving about how nobody needs it anyway.
    • ^
    • v
    Replying to the post Giles links to (since he doesn't have commenting enabled):

    "The idea that I would want the same login at LiveJournal, where I post my personal soap operas semi-privately to very old friends with too much time on their hands, and Digg, where I post my own blog entries to promote them to the worldwide professional developer community, is flawed at best."

    This is why a good OpenID provider (such as MyOpenID, who I use) will allow you to create personas. You can share as much or as little as you like between your various online accounts. Please don't rag on something until you're aware of all its aspects.
    • ^
    • v
    Whether OpenID in the form that you see it today becomes the same thing that people see a few years from now in terms of online identity or not, is a bit beyond the point. As Avdi said, there is true value to him as a user of not having to create yet another account or being able to now have a sense of reputation that you can carry with you. If it doesn't happen to be OpenID, but just the notion of identity that people own, control, and can take with them on a global scale develops because of OpenID then isn't that success too?

    While I certainly respect Stefan Brands, I don't agree with many of the points he made as I later blogged. http://daveman692.livejournal.com/310578.html
blog comments powered by Disqus