[OpenID] An alternative OpenID UX

[Martin Atkins]

SitG Admin wrote:
> 
> Whitelists also risk creating for users one of the very problems that 
> OpenID was intended to solve: the requirement to have many different 
> accounts across different providers. It doesn't matter whether these 
> accounts provide access locally or remotely; if one RP accepts Google 
> and another RP rejects Google, the user can't simply use one account 
> (Google) for everything; they *must* begin creating accounts with 
> multiple services all over again, taking their cue from the whitelist 
> each RP publishes.
> 

While I agree with you in principle, there are two details to consider here:

* RPs presumably want to create a good user experience, so they're under 
pressure to accept login from popular OPs that their users are likely to 
use. In particular, it's unlikely that any RP would deliberately exclude 
Google, Yahoo!, Microsoft and so forth. Since most users are going to be 
using a large provider, most users wouldn't be affected by such 
whitelisting.

* RPs are likely to include OPs that provide them with what they need 
(read: want), so OPs will end up competing based on providing what RPs 
need. Unfortunately, this is not tenable long term because once there is 
a handful of providers that offer what RPs need it will be difficult for 
new providers to enter the space without convincing RPs that they need 
something new that only they can provide. Of course, an optimist might 
look at this as encouraging innovation in the OP space.