I am hearing a lot from @avsa that sounds identical to OpenID. I think we need to learn from previous web2 attempts & evolve / change things. This Wired article has some OpenID failure background https://t.co/WHXyrbYeqM #walletconf
— Boris Mann (@bmann) May 6, 2018
I need to break through the forming wall of posts I need to write and just blog to get things rolling. And, at least for me, sometimes the easiest way at that is a quick post completely unrelated (or at least seemingly so) to what I should be writing. While at the Edcon conference, Boris Mann tweeted a link to a Wired article from 2011 chronicling Open ID “the webs most successful failure.” The title struck me, and I was interested to find out what happened to this open standard for identity management. A couple of points jumped out from the article which I will include below, but before that what is OpenID?
OpenID promised to solve two problems. First, it would offer an easy way to log in to any website without needing to create a new account. And, second, it would enable you to have a consistant identity across the entire web. This worked well with the limited audience of bloggers and tech-savvy users that were part of the original vision.
Ok, so why didn’t it take off?
The main reason no one uses OpenID is because Facebook Connect does the same thing and does it better. Everyone knows what Facebook is and it’s much easier to understand that Facebook is handling your identity than some vague, unrecognized thing called OpenID. That’s why, despite the impressive sounding billion URLs and 50,000 sites supporting OpenID, it pales next to Facebook Connect. Facebook Connect has been around less than half the time of OpenID and yet it’s been adopted by some 250,000 websites, is available to the hundreds of millions of Facebook users and has the advantage of Facebook’s brand familiarity.
And the kicker:
Facebook also added a key ingredient that helped drive other sites to adopt Facebook Connect – sharing user data. One of the reasons more sites support Facebook Connect is that they get a piece of the user pie.
I thought these bits from the demise of OpenID were interesting given the current uproar around how Facebook is using/abusing personal data, and a good reminder that there were options a decade ago that did not collect and freely distribute the user pie. But brand recognition and the difficulty—as with RSS—for certain open standard technologies to become more accessible and widely adopted has had real implications on the current state of the web, even if both OpenID and RSS continue to drive the often hidden, underlying logic of these information ecosystems.
I felt like one of the cool things, beauties of OpenID was that all you needed was an OpenID provider that could verify your identity. In my case it was WordPress.com, they built one right in shortly after it was fully codified and standardized. And literally my openID credential was the path of my mapped domain on WordPress.com: http://carpetbomberz.com, That was it. They would pass the keys/hashes back and forth and say, yep, this person owns this domain, has logged into and is currently logged in as the admin/owner, therefore this person is who they say they are, let them through. All anyone had to do was get the files together to become an OpenID provider and go through whatever verification required to be a provider. It seemed easy, quick, lightweight as an end-user/consumer of the service.
Yup. I used the OpenID plugin on my self-hosted WordPress site, and it worked great. But Facebook smothered it by being gross about sharing data (which was kind of the point of OpenID in the first place – only sharing “yup. that’s D’Arcy alright” rather than “yup. that’s D’Arcy. and here’s a list of 100 contacts, and his verified email address, and a bunch of other stuff just in case you find it handy.” I miss tools that were built for humans, and not marketing divisions of companies.