5 comments

[ 4.7 ms ] story [ 19.9 ms ] thread
OpenID is an excellent case study of a promising technology killed by being incubated in the techy echo chamber. For example, the spec (and the process to create it) spent a mindbending amount of effort on getting delegation right, so that people can port their identity around by the simple expedient of putting references to their delegated openid providers in their user-supplied identifiers, and no visible effort on making the end-user experience less painful than an IRS audit administered during a root canal.

Supporting email addresses is where we should have been several years ago. (Take a look at who actually gets used as OpenID providers: the gigantic free mail folks who hold 50%+ of the market and had the instant scale to make things work. That shouldn't have come as a bolt out of the blue! Now the best OpenID implementations resemble "Pick which of the following you have an email address at"!)

How does email support work? Can I use any email address, or does my provider have to have OpenID support?
Your email provider would need to support WebFinger and/or LRDD.
And that's what we're working on fixing.

Quoting from http://openidconnect.com/:

"It is designed to be modern, removing support for features which haven't seen adoption and adding support for things like using your email address as your identity."

"We've heard loud and clear that sites looking to adopt OpenID want more than just a unique URL; social sites need basic things like your name, photo, and email address."

"We have also heard that people want OpenID to be simple. I've heard story after story from developers implementing OpenID 2.0 who don't understand why it is so complex and inevitably forgot to do something. With OpenID Connect, discovery no longer takes over 3,000 lines of PHP to implement correctly. Because it's built on top of OAuth 2.0, the whole spec is fairly short and technology easy to understand. Building on OAuth provides amazing side benefits such as potentially being the first version of OpenID to work natively with desktop applications and even on mobile phones."

Identity and data access are a key part of simplifying UI on the web but also on the desktop. I should be able to log and access my data on my netbook, desktop computer, and the web through the same identity.

This would also favor open APIs to manage/move the actual data more easily as they would seam so natural then. This would be a shield against people wanting to control our identity on the web (Facebook) and people wanting to disempower us of our data (Google's Chromium OS).