[OpenID] Exchange could be a strategic error -- if done now ratherthan later...

Scott Kveton scott at janrain.com
Thu Jan 18 16:32:10 UTC 2007

Hi Bob,

I'm finally catching up after my mail client ate itself earlier this week.

> I know this will sound like heresy... However, I would like to say that I'm
> very concerned that OpenID may get more complex than is good for it before it
> is widely accepted. The initial implementations of OpenID (LiveJournal, etc.)
> have done one thing -- support login to multiple sites with a single identity
> -- and done it reasonably well. Thus, as all identity systems must, OpenID has
> started with means to establish and assert numerical identity ( i.e. the
> property that distinguishes one entity from all others and permits
> "counting."). In providing portable numerical identity, OpenID has
> accomplished a great deal and provides something (like SSO) that will be
> valued by many users.

Definitely not heresy.  You're absolutely right.  The biggest strength of
OpenID has been the singular focus on doing one thing well.

> I suggest (although I'm not sure I have much hope that the suggestion will be
> taken up) that the "OpenID Community" should do its best to resist the
> temptation to add new capabilities to what is already there until after there
> is substantial acceptance of what is there now. We've waited too long to get a
> decent identity system in place and I'm sure we're all frustrated and anxious
> to deploy as much technology as we can as fast as we can. But, the reality is
> that going slow, one step at a time, is probably more likely to be the path to
> success. Others have tried -- and failed -- to deliver "complete" solutions to
> the identity problem in the past. Let's not follow that well trod path.
> I think we should be putting 100% of our efforts into talking every
> significant online property to accept OpenID for "login identity" and on
> working out solutions to the various phishing, spoofing, etc. issues. The goal
> should be to reduce, as much as possible, objections to adopting the base
> capabilities so that we can have a solid, widely deployed base on which to
> build other capabilities. Once we get to the point where the base is broadly
> known to the general user (even your grandmother), that is the time to push
> ahead with more stuff. Let's build on a solid foundation... Let's not move too
> much faster than the market.

Extremely well said.

There are infinite possibilities with OpenID and things we can layer on top
of it.  However, the game is not "won" yet ... Its not ubiquitous ... There
is a lot of momentum here but that doesn't mean every idea we come up with
will be supported across every host/site.  That means poor user experience
and failure of the platform.

The first half of 2007 should (IMHO) should be focused on getting OpenID
Authentication out to the masses and on every single site and integrated in
every project we can find.  If we focus our efforts up-the-stack, OpenID
will lose the momentum that it has had and we'll be back at square one.

I like the idea of doing one thing and doing it really, really well.
Diversifying now could be catastrophic for us.

Just my $0.02, 

- Scott 

More information about the general mailing list