[OpenID] Three questions for candidates

[Chris Messina]

Answers inline.

On Wed, Dec 10, 2008 at 1:42 PM, kick willemse <k.willemse at diginotar.nl>wrote:

> Dear candidates, I have three questions:
>
> 1. Responsible for a 300K user insurance portal, give me three main
> business reasons to go for openid and convince my board.


I, too, would need to know more about your circumstances and goals, but I
could offer you at least a few questions and answers to help approach the
problem:

0. Are you using any existing SSO/identity management technology?

To better understand your needs, I think the first step is to look at what
you're already doing (or not) and whether it's working. If it's broken,
arguments can be crafted on how OpenID could be used to "fix it"; if it's
believed to be working, then you might talk about how OpenID can supplement
or improve your existing solution.

1. Who is your audience?

OpenID seems targeted at users who use many online services. If your
members, for some reason, only use your portal and don't have any other
accounts on the web, OpenID might not be the right solution for you.

It's also true that OpenID, today, is not as user-friendly as it could be.
Until some of the usability issues are worked out, it might not make sense
for a technophobic or tin-foil-hat wearing audience.

2. Would your audience likely reuse their identifiers on other websites?

On the other hand, many people are experiencing both registration fatigue
and frustration with having to remember an increasing number of passwords
for all the different sites they use.

Still other people would like to be able to publicly identify themselves
with a verified identifier such as their URL. In a community setting,
enabling people to host their identity elsewhere, or on a service that they
use regularly, enables them to bring portions of their social capital with
them -- by linking to an offsite profile that they're more likely to
maintain.

Put another way, if someone spends a lot of time and energy pruning their
MySpace page or their blog, and they also use that URL as their OpenID,
other members of the network benefit from learning more about that
individual without burdening that individual with having to maintain, again,
an increasing number of redundant profiles across the web.

3. Is your portal centralized on one website and one platform or is it made
up of multiple websites, platforms and affiliated destinations?

Though it's not always the best solution for SSO, if you're dealing with a
hybrid system, making use of platforms like WordPress and Drupal that might
be managed by separate groups, it can be convenient to have a unique way of
identifying your members. OpenID and OAuth is a dual mechanism to enable
cross-domain account consolidation.

As well, as you add new pieces to your architecture, OpenID will enable the
reuse of durable identifiers leading to long term relationships with your
customers (that is, if you add a new destination, let's say, you could
enable users to import their existing profiles/activities/etc).

4. How much are you spending in support on account management, password
resets, email verification and the like?

One benefit of OpenID (taking for granted that you've implemented it
flawlessly) is that it pushes account management out to the OpenID
providers, absolving you, as an RP, from having to deal with trying to get
your email verifications through spam filters or dealing with users who
forget their passwords or give them away to untrusted third parties.

It also means that OpenID users can choose to use stronger methods of
authentication without costing you anything.

Finally, from a user-centric perspective, it means that a user will be able
to use a familiar process and interface to manage their account -- rather
than having to learn yours. Ultimately I think this will mean that users
will become more confidant in managing and securing their accounts since
they'll only have to do it from one place, rather than across a distributed
array of incompatible or different interaction flows.

5. Have you implemented support for OpenSocial or Google Friend Connect yet?
Do such social platforms interest your audience/board?

If yes, then getting on board with OpenID now should prepare you for the day
when OpenID truly is the best way to improve customer retention, increase
sign ups and decrease account management costs.

Over time, I think people will change their expectations of web sites — as
they have with commercial transactions at the mall. I can't imagine a store
that would make it today if it didn't accept credit cards. Cash and checks
only? Hardly. Someday having your own island of a user account system will
look just as antiquated and inconvenient. Should you jump on the trend now,
it seems to me, you'd be able to participate in bringing about an ideal user
experience which will work for your particular use case and customer base.



> 2. I see openid as a network product like gsm,water, adsl, atm or e-mail.
> What is your relevant experience in these type of projects to come to a
> turning point and bring openid to the mass


I'm not sure I entirely agree with that.

I think OpenID should become a brand more like Blu-Ray, Bluetooth or Visa or
Mastercard, where the logo comes to represent to a lay-audience the ability
to do something you couldn't before. It should be conceived of less as a
transport protocol and more of enabling feature: either you accept it or you
don't, but if you do, those who are aware of it stand to gain from both
convenience and consistency.

We have a long way to go, but someday, we should be able to say "OpenID,
it's everywhere YOU want to [have an account]."

In terms of my relevant experience, my background is actually in
communication design. In other words, I'm not a developer, but I have
experience with branding and with developing strong messaging that works on
the web.

I helped launch the Firefox community marketing project called Spread
Firefox and lead the design of the two-page New York Times ad:
http://www.mozilla.org/press/mozilla-2004-12-15.html

I also co-founded the Flock web browser and did much of the initial
(controversial) branding, messaging, design and outlining the vision.
http://flock.com

I have been a long-time active member of the microformats community. I've
worked to convince various parties to adopt them, including Twitter.

I co-founded BarCamp, a worldwide decentralized organization of open-space
conferences. http://barcamp.org

I helped found the coworking movement, a community dedicated to establishing
a network of physical, shared collaborative environments, which now counts
around 200 spaces around the world (an effort that began just over two years
ago). http://coworking.pbwiki.com

I kicked off the OAuth project with Larry Halff of Ma.gnolia and Blaine Cook
of Twitter, among others. I did the design of the logo, the website, helped
to maintain the wiki and source repository. http://oauth.net

I'm now working on the DiSo Project, a small effort intended to facilitate
the development of the building blocks of the Open Stack. I have worked with
Joseph Smarr on getting the Portable Contacts community off the ground and
am now attempting to develop a format for expressing activities in a
portable way.

I've also long been involved with advocating for the adoption of OpenID. In
fact, one day and one year ago I published my OpenID Hitlist:

http://factoryjoe.com/blog/2007/12/09/my-openid-shitlist-hitlist-and-wishlist-for-2008/


>
> 3. What candidate would you like to have in your team and why.


Frankly, I think we've been given a great slate of potential candidates and
I'm eager to continue working with all of them on eeking out the future of
OpenID, whether I'm on the board or not.

I will say that I'm disappointed that we didn't have ANY female candidates —
and that we didn't have more representation from the international
community. I realize that we're still early in this community and open
source projects tend to attract a white-male demographic, but I think we
need to do much better, and seriously make an effort here.

I'm currently at a Drupal conference and though it's certainly not a 50-50
split, I'm impressed by the percentage of female attendees here. If OpenID
is going to succeed, it's got to be something that appeals to the widest
possible demographics; the board that will be elected, given the candidates
on the slate, unfortunately does not represent that kind of demographic.

So, to answer your questions, among the many other issues we must confront,
I'd like to work with others who recognize this issue and take very
seriously the need for the OpenID community to expand the diversity of its
constituents.

Cheers,

Chris



-- 
Chris Messina
Citizen-Participant &
 Open Technology Advocate-at-Large
factoryjoe.com # diso-project.org
citizenagency.com # vidoop.com
This email is:   [X] bloggable    [ ] ask first   [ ] private
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081210/608fd718/attachment-0002.htm>