[OpenID] My answers to the nominee questions

Luke Shepard lshepard at facebook.com
Thu Dec 11 23:24:17 PST 2008


First off, I'm really stoked to be running for the OpenID board. I'm impressed by the nominees, and even just the discussion that's been going on the list the past day or two has been amazing. I'll try to answer the questions that have been posed. Feel free to check my blog and nomination statement for further thoughts.

Q. What is the best way to increase OpenID adoption?

A. Provide more value. We are in a free market. Sites will adopt what gives them a good return on investment. How many of the top 100 websites out there would accept OpenID today, or even know what that means? Websites in general only care about a few things:

- Distribution
- Getting information about their users
- Making their site more engaging
- Ultimately, making money.

That's it. They generally don't care about feeling guilty because they aren't using "open" technology. They mostly don't care that some OpenID providers don't use SSL identifiers. But they do care if you can increase their pageviews. They care when you can drive traffic to their site. And they care when they have more useful users because they have more profile data. And they care when they can do that without spending too much money (read: developer time).

I strongly believe in the "Top 100 Sites" strategy advocated by Eric Sachs, in which we focus on the needs of the top 100 sites. As an example of what I think it means, let's pick one of the top 100 sites: Monster.com. Currently, Monster.com doesn't use any federated login system. What would it take for them to do so? Well, they are primarily interested in matching employers and employees, so they probably want their users' location, industry, and education level. They also like to get distribution for their listings, so they'd like to be able to distribute new job postings. Friend referrals are a powerful part of recruiting, so a friend graph through which they can mine connections is probably nice. If a system can provide that for them, then I'm guessing they would go for it. (Note: I have no idea whether they are currently pursuing Facebook Connect or OpenID, although I hope they are).

But OpenID will never offer that value by itself. It will only do so when coupled with other pieces of the open stack, like OAuth, PortableContacts, and yet-to-be-finalized standards for distribution. And when it's offered by companies that have the data that relying parties want. It's critical to recognize that OpenID is just one piece of a larger value proposition. Yes, it's important to figure out the standard way of providing it, but it's even more important to nurture companies that provide the value we need. Facebook, MySpace, and to some degree Google, Yahoo, and Microsoft have hordes of this valuable data, and other sites offer the means of distributing it.

Reduce the cost of implementation. Easy tutorials, developer examples, and videos are great. Fantastic, up-to-date, and usable libraries are even better. Easy-install plugins (like MovableType) and full-scale solutions like RPX are the best. Providing support in discussion forums, and fixing bugs in libraries promptly are also important to providing a high quality experience that's easy to develop for. This is where the community and companies both can really shine.

Get the message out. Okay, let's assume we get there. Once a product exists that uses OpenID and provides that value, then it is time to market it. I think a company that has a vested interest in promoting their own products will be in the best position to market those products. So the goal of OpenID should be to be a part of the marketing campaigns already underway by big companies.

To prevent the message from being entirely dominated by companies, I also support the hiring of an executive director, whose primary purpose would be to put a face to OpenID. He or she would be a spokesperson and market the value proposition to both providers and relying parties.

Things that don't matter: OpenID as a brand. As Scott put, who cares about the brand of SMTP? Or HTTP?. Also, some stuff is pretty minor. Like end-to-end support of HTTPS identifiers. If it gets in the way of usability and adoption, then it sucks. The real question is, is an HTTP identifier more secure and usable than using an email and password. If so, then move on.

===

Who am I? I have long been passionate about privacy on the internet. I'd love to see a world in which I can go anywhere and perfectly control the information that comes with me. I joined Facebook, and the Connect team, because I saw that as the best chance of making that happen. I don't have a religious faith in openness; rather, a pragmatic belief that ultimately the web will naturally open up, and I want to do what I can to help it be a unified, easy, social, private place to be. My biggest fear is of a world in which information flows too freely, and we lose control of it entirely.

I am an engineer on the Facebook Connect team. I've worked a lot on both the developer and the user interfaces, and I have some ideas about how to improve the OpenID experience for both users AND developers. Improve for users increases value, and improving for developers lowers costs- both of these increase the return on investment and make adoption more likely. I hope to help the community work on this. I also plan to listen a lot, figure out what the real use cases are out there, and when appropriate, use the experience on the board to evangelize open standards back within Facebook. There's certainly a potential for conflict of interest, but like all the other board nominees who work for corporations, I would maintain my independence, and when necessary, avoid conversations that put my in a direct conflict.

The fact is, the open stack isn't done, which is why we are having this conversation. Berating people or companies for not supporting technologies is not an effective way to get them to do it. Instead, focus on providing value, and telling the story about that value. If the story isn't there, then listen and then build it.

My blog? http://www.sociallipstick.com. I have two identity plugins installed - OpenID and Facebook Connect. Try them both and let me know which one you think is a better, friendlier user experience. You can also find some more concrete thoughts on what I think Facebook Connect has done well, and how I think it can apply to OpenID.

Who would I work with? Frankly, most of the reason I'm running for the board is the opportunity to work on solving big problems with some of the great folks who are also running.  If asked to pick, Scott Kveton and Joseph Smarr at least have my vote.

Did I miss a question? Probably, but I didn't mean to. Please reply and ask me again.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://openid.net/pipermail/general/attachments/20081211/f6eeb20e/attachment-0001.htm 


More information about the general mailing list