Today, while doing some digital house cleaning on the hundreds of logins I have stored in my 1Password app, I came across an account I have with My OpenID.com. I had originally opened the account a long, long time ago (maybe even in 2006) when there had been some buzz in the blogosphere about the openID standard and its potential to “change the web.” Like many web services I sign-up for, I never actually used it much. However, recently I have kept running across web services touting the fact that they now accept openIDs for login. Perhaps something had changed out there and is might be time for another look at openID.
The first thing I did was Google “openid.” The results of the search simply confused me. There was openid.com, openid.org, openid.net, myopenid, openidenabled, etc. If I were to actually begin to use openid, which provider should I choose. What to do?
Who should we all turn to now when we have a question? Jason Calacanis, of course. Calacanis’ company, Mahalo, has a question and answer service called Mahalo Answers (Side note: Jason Calacanis is one of my favorite internet personalities. There’s nothing better than listening to him and John Dvorak flesh out a topic on the TWiT podcast. They are kind of like the Borg and McEnroe of the Web 2.0 world. Let’s hope they appear more frequently together in 2009).
So I created the following question:
I got a couple answers but nothing that really definitively answered the question.
A user by the name of “thedev” wrote:
“I use Google’s Blogger as my openid provider. Many websites now offer an openid (seehttp://openid.net/get/).
I would suggest that all of the “big” providers are good as their sites probably have good resilience.
Another user “easyeboy” answered:
OpenID seems to be the better one available.
and finally, a user “rslakinski” wrote”
I use myopenid.com and have had no issues at all, they use callverify if you typed in your password incorrectly too many times as well which is nice.
All these answers were helpful opinions but none really explained why one service might be better than another. So I decided to do a little research myself. The following is a blow by blow write-up in real time as I did my research on openid. It’s a bit long but the conclusion I reached both surprised and excited me. I am now a huge believer in the power of the openid concept. Take a read for yourself and let me know what you think.
Some background briefly: Ostensibly, the idea of the openid standard is that people (web users) will create, through a registered Provider, a single domain as their very own unique openid domain and web services (Facebook, Flickr, Twitter, etc.), who choose to participate, will accept that registered openid domain as a valid username for their website. I say ostensibly because there’s much more behind the concept than simply having a universal username, as you will read below.
So, after getting a couple responses on Mahalo Answers, I started by going back and actually checking out the following URLs myself:
****************************************
openid.com – A domain owned by someone sitting on it trying to sell it. Dead end. Forget about it.
openid.net – Looks to be a non-profit organization called the OpenID Foundation. Looks legit. Offers lots of good information.
openid.org – Is a private openid provider. Why they are using the confusing URL openid.org is beyond me but at least they offer the following clarification:
This is not the official OpenID site – we provide OpenID accounts and tools to promote the adoption of OpenID. The official site can be found at OpenID.Net and OpenID.org acknowledges the excellent work of the OpenID community and OpenID Foundation.
Ok, so now we have clarified the openid domain confusion. Over at openid.net (the foundation) they have some great info on the What, Where, and Hows of openid.
http://openid.net/what/
http://openid.net/where/
http://openid.net/get/ (how)
On the “How” page, specifically, there’s some useful info. Apparently, as I understand things, there are two basic types of openid Providers.
Add-on Providers: (my term) who run another web service (e.g. flickr, blogger, wordpress.com, yahoo, aol, etc.) and offer to register your user account URL as your openid domain. Essentially, these guys are closed providers because you don’t control your openid domian, the service provider controls it.
This option seems to kind defeat the purpose of getting an openid domain. Basically, the reason these guys are offering this “add-on” service is because the logic is that if you use your AOL domain, for instance, as your openid domain (i.e. universal username) you will be more likely to remain “loyal” to AOL. The logic is sound but the benefits to me, the user, aren’t. So….. let’s look at the Primary Providers (my term).
openid.net’s “How” page lists 5 Primary Providers:
I should make clear that, as I understand it, openid is a “open standard” which the openID Foundation maintains and develops but anyone can apply to become an openid Provider. Hence, there are now probably dozens of Providers who will issue you a “unique” openid domain.
As will examine each openid Primary Provider, we need to answer the question of whether each is open or closed. Do they “force” you to use a domain which includes their own domain (e.g. http://timothypost.primaryprovider.com or http://primaryprovider.com/timothypost) or can you actually use, as your openid unique domain, a new sub-domain, with openid as the standard prefix, on a existing domain which you already own (e.g. http://openid.timothypost.com).
Verisign (https://pip.verisignlabs.com/) Looked promising at first. They have this concept of a PIP – Personal Identity Portal that, like Friend Feed, can serve as a repository for other social services you use on the web (youtube, flickr, delicious, etc). That sounded very cool but there seems to be a catch. Namely, they “give” you a unique sub-domain which uses Verisign’s domain as the root domain (so they are a closed Provider). Oh so close but no cigar. If they let me have http://openid.timothypost.com as my PIP and they hosted it then this might just be the absolute killer service everyone is looking for.
Bottom-line: Large established company trying to offer a cool service and do the right thing by aligning with openid but they fumble the ball when they get greedy and try to lock you in with a verisign root domain.
claimid.com (http://claimid.com/about) seems like a group of straight-forward folks. It offers the universal login feature plus you can create a PIP. I created an account and logged in to see specifically whether claimid is open or closed.
It’s interesting, claimid let’s you use your own domain BUT they don’t give you the option to create a unique sub-domain with the prefix “openid.”. There’s an important distinction between using my primary root domain as the openid domain versus creating a new domain with Openid as the prefix on my root domain. The distinction is relevant because I want to use my root domain (timothypost.com) for other things, like my blog. If I use my root domain as my openid domain, I would be able to use it as a universal username login but I wouldn’t be able to use it as my central social aggregator (i.e. PIP) and my blog at the same time. While universal login is cool it’s not the killer feature that will launch the openid standard into a viral growth spiral.
Bottom-line: claimid is a likable company which would be fine for using if you want your openid domain primarily for universal login. The inability to create a sub-domain means that you don’t want to invest the time and effort of making this your central social aggregator because you can’t never leave (Hotel California). Even if they did offer you the sub-domain option they don’t have the critical mass as a social aggregator, like Friendfeed. So let’s move on.
Update: After publishing this and rereading it I got the idea that perhaps I could actually use claimID to register the sub-domain http://openid.timothypost.com I wondered whether they would even notice if the domain were a root domain or sub-domain. However, after doing a quick review it became apparent that I couldn’t use a sub-domain because claimid only uses a code snippet verification method. In order to use this verification method I would have to create a web page on the sub-domain and then paste the code snippet into the header or footer. If claimid were to offer DNS verification then this might actually make them the winner. Something for claimid to think about. myopenid uses DNS verification so it’s not uncommon.
In general, what we are now learning in this exercise, the killer feature is that you want your openid domain to be your own root domain with the prefix being openid because then you can “attach” it to any social aggregator of your choice (Friendfeed, Plaxo, Profilactic, Social Thing, Lifestream.fm, see this link from Mashable back in 2007 for a list of 20 social aggregators).
If you have a single domain (which you own) where all you online social activity is aggregated then you truly have a central social identity hub. I could get excited about such a service. The key thing is that you own and control the domain so whenever you want to leave for another newer better social aggregator you just change you CNAME and you’re free to go.
Next let’s look at myID.net (http://myid.net/) I created an account and I was immediately given a “unique” openid domain “username.myid.net” So far we’re dealing with a closed Primary Provider here. There was a lot of mention on the front page of myID also aggregating your friends social activities. I’ll be interested to check that out.
I’m back, after poking around a little bit it turns out that myID is run by a Korean group called openmaru (translation: open platform). The Koreans are well known for their huge online communities and for being pretty advanced.
So let’s run through the features. Rather than spend much time on the potential social aggregator possibilities which despite the front page claim were almost non-existant, let’s see if myID is an open or closed provider (i.e. you can use your own sub-domain as your openid domain).
After looking for a couple minutes there’s not much meat on the bones of this service. They give you a closed “captive” myid domain but I can’t see anywhere where you can customize it further. Alright, enough of myID.
Bottom-line: Looks like an after-thought of a larger company that has focused its attention elsewhere.
myVidoop (http://vidoop.com/) kind of hides the whole openid concept behind the idea of a universal password manager. Fair enough, in general, but not a good start for those of us who are beginning to grock that a user controlled root domain with an openid prefix sub-domain might function as our one-stop social aggregator.
There are some smart guys who run this company. That’s obvious. Poking around their Labs tab I see they have some interesting discussions about security issues concerning browsers and another discussion suggesting that people’s email addresses may be the best unique identifier (openid username).
They even take this email idea a step further and discuss the possibility of converting one’s email address into a unique URL. While this approach may hold benefits for better user adoption rates of openid in the short-term, unfortunately, in the long term they are just delaying the inevitable. Services will need to be developed to let people use their domains as their openid unique IDs.
The other point here, which they are glossing over, is that one’s email address, while unique and “comfortable,” is not necessarily permanent. The only true way to guarentee that your email address will NEVER change is to purchase a domain and run your own email server or, if you’re like me, use Google Apps to do it for you. So, while these guys are smart and this discussion is intellectually interesting it is flawed in that it’s taking the openid movement down the wrong fork.
Bottom-line: see above.
So we are now back to where I started.
myopenid.com (https://www.myopenid.com/) The thing that got me thinking about this whole openid being a sub-domain prefix is that myopenid lets you do it. I had my hosting company create a new CNAME which was generated by myopenid (quick note: my hosting company won’t let me access my domain DNS section myself which is a bit of a drag. GoDaddy let’s one access this DNS section but I only use them as a registrar currently).
As I did the above research I waited for my hosting company to update my domain with the expectation that myopenid was the obvious winner in this contest. Can you imagine how disappointed I am to realize after all this promise that myopenid is only letting me set-up a sub-domain so that I can become a affiliate reseller for them. Are you kidding me? I now have a domain for http://openid.timothypost.com and I can sell to you an openid domain but I can’t use the plain http://openid.timothypost.com as my OWN openid domain. Instead, it must have a username appended to the end. So it would look like, for example, http://openid.timothypost.com/webguy Damn!!! We were so close but so far.
Bottom-line: I don’t want to become an openid affiliate Provider myself.
So, as I now understand it no openid Provider will currently offer me the service which makes the most sense. While this is frustrating I have got to believe that one of the top social aggregators out there will read this and understand that there is a huge first mover opportunity waiting for them to snatch it.
Were I Friendfeed, I would immediately just registered to be an official openID Provider. I can’t imagine it’s that hard. Obviously, they should NOT make the short-sighted mistake al these other companies (except claimID) are making by forcing people to use thier Providers domain as the root. This strategy will make it hard to gain critical mass.
Then Friendfeed should do a quick study to see how Wordpress.com executed their program where a user can use their own domain and mask the original Wordpress.com domain. I’m not a DNS expert but it seems to me that at this point the end user would need to add two CNAMES to their domain account with their registrar. One for the openID usage and the other to mask the original Freindfeed domain.
Actaully, what would be even better for use as users is if GoDaddy.com, itself, became a registered openID Provider. There’s actually a small group of folks who have started a “movement” to get GoDaddy to offer openID (see http://demand.openid.net/site/godaddy.com). Strangely, GoDaddy has put the cart before the horse and tried to become a social aggregator first (see this link)
Forget GoDaddy getting into the social aggregator space. I want them to be my registrar and focus on that. That’s why I want them to be my official openID Provider. Just like it’s best to separate your web hosting company from your domain registrar, so to, is it best to separate your openID Provider from your social aggregator.
The thing is that GoDaddy might not move fast enough so social aggregators like Friendfeed, and let’s not forget Plaxo, to offer openID Provider services. If this is going to truly work then we need to have the option of registering our root domain with the openID prefix as sub-domain as our official openID identifier.
Speaking of Plaxo, they are already deep into the openID world and openid.net recommends a white paper which Plaxo put together encouraging other web services to adopt openid login. It’s called The openID Recipe. Here’s the link.
The last thing I want to mention is the pink elephant in the corner called Google.
Google has just launched Google Friend Connect. This is basically a distributed social network. Interesting but not game changing. Facebook is doing something similar and it actually makes more sense for Facebook. The reason it makes more sense for Facebook is that the program could potentially turn Facebook from a closed social network into an open social aggregator. being a social aggregator on top of the world’s largest social network would turn Facebook into the next web giant. Don’t worry about profitability, that’s a topic for another day (think social profile endorsements).
I have been saying for a while that facebook ought to be offering users the opportunity to create a sub domain on their own root domain with Facebook as the prefix. I have actually done this already myself. See facebook.timothypost.com Such a move would only be an intermediary step for Facebook because it would not be universal.
Google is very well positioned to jump into this space quickly. Don’t forget Google Apps (horrible name I know) which is basically a personal aggregator on your own domain. It lets you aggregate email, calendar, docs, and a site all attached to your root domain. Google Apps also will let you, as I mentioned yesterday, create a custom sub domain such as http://calendar.timothypost.com
It’s really not such a huge leap from a personal aggregator to a social aggregator is it? Google should immediately become a openID officially registered provider who, of course, lets you use your root and openid as the prefix. Rather than try to recreate the wheel they ought to go after one of the established social aggregators, like Friendfeed or Plaxo.
Google + Friendfeed + openID sub domains = big time Facebook challenger.
So, now that I’ve done all this research what am I going to do? The answer is wait. Wait until I can use http://openid.timothypost.com as my true openid domain. I will never again have to change that address and it can be moved to Facebook or Google or Plaxo as I see fit.
This could be one interesting 2009!! Stay tuned.
