Last Thursday over 60 OpenID advocates met at Sears World Headquarters in Chicago for a full day of discussions on progress to date and future plans for OpenID deployment and utilization. There is a summary of the event on the OpenID Foundation wiki. See Twitter coverage of the event with the hash tag #openidux
Companies represented included Sears, NPR, PBS, AARP, MTV, Fox News, Universal Music Group, Kodak, Tribune Interactive, White Pages, OpenTable, Scout24/Deutsche Telecom, GameStop, Bank of America, Yahoo, Google, AOL, Microsoft, PayPal, Facebook, JanRain, Exact Target, Ping Identity, and others.
Updates from the Identity Providers:
The session kicked off with presentations by Google (Joseph Smarr), Yahoo (Allen Tom), Microsoft (Angus Logan), Facebook (David Recordon), PayPal (Andrew Nash), and AOL (George Fletcher). Copies of many of the presentations are available on the OpenID Foundation wiki. Some key highlights from these sessions:
- Google is working on providing more API access to its OpenID Services, including Buzz, Portable Contacts, Activity Streams, OAuth WRAP, etc. Their OpenID service will also be certified by the newly formed Open Identity Exchange (OIX) for use on federal government websites.
- Yahoo has deployed an OpenID/OAuth hybrid deployment model for access control to Yahoo data and APIs including Contacts (address book), Yahoo Mail, and Yahoo Updates (Activity Streams). Allen went through a case study of how Yahoo OpenID and OAuth services are being used on Huffington Post and the many benefits to users of this experience. Allen described how Yahoo Updates allows posting back to 300M Yahoo homepage, 300M Yahoo Mail, 90M Yahoo Messenger, and 40M MyYahoo accounts.
- Microsoft reported that they have over 500 million active users across Windows LiveID, Bing, Xbox, HotMail, Messenger, MSN, and Office. They continue to making process in providing ‘standards’ based access to user data and services. Angus described how Windows LiveID is currently being used across Windows Live and Xbox. He also discussed MS’ active involvement in OAuth/WRAP, Portable Contacts, OWF, and Activity Stream initiatives.
- PayPal described their work with the federal government in launching an OpenID service for federal websites. Consumer policy and permissioning mechanism based on the UMA model will be integrated into the IDP operation. They are currently working with a limited number of “white listed” commercial websites for deployment of their OpenID services. Organizations wishing to discuss acceptance of PayPal OpenID on their websites are encouraged to contact Andrew Nash.
- Facebook discussed the widespread adoption of Facebook Connect and how they have been accepting OpenID for logins for the past year. They continued to share user experience learnings from building Connect and stressed the importance of developer simplicity around OpenID this year. David demonstrated a killer multimedia demo where a video feed dynamically consumed and displayed data from Facebook profiles via Connect.
- AOL reported that they will be upgrading their OpenID Provider service to V2.0 within the next few weeks. George discussed that they are pursuing a number additional enhancements based on emerging standards like XRD and webfinger. In addition, as an existing OpenID 2.0 Relying Party, AOL continues to expand the number of properties that accept OpenIDs.
- MySpace was unable to attend due to some last minute scheduling conflicts. Monica Keller, formerly an OpenID Advocate at MySpace has recently transitioned to Facebook and is now working with David Recordon on open standards initiatives.
Some History and Recommendations:
After the updates from the Identity Providers, Brian Ellin, Product Manager at JanRain, chronicled the evolution of OpenID UX. Brian made a number of recommendations to RPs looking to drive adoption and usage of OpenID registration and login:
- Simplify the login and registration flow – rethink the process and optimize it for a third party approach, don’t just bolt it onto your existing page
- Avoid lengthy registration forms. Engage quickly, progressively ask for data as needed. Import SREG, AX, and/or OAuth data where possible to pre-populate registration forms.
- Remember user preferences and present only the preferred ID provider upon return visits.
- Consider a branded button-driven interface, select the ID providers that are most relevant for your user base.
- Queue the users right at the register/login link with favicons or other visual images and text that makes it clear that they can use existing accounts instead of having to create an entirely new account.
- Placement of elements of the workflow on the webpage can impact adoption and usage
- Consider combining registration and login into one integrated service
- Use the OpenID UX extension for a pop-up interface that keeps the login process in the context of the host website – avoid the full browser redirect. Use check immediate mode when possible so user achieves a “single click login” experience.
- OpenID for mobile applications is great – less typing required, easier to import data for registration forms, no username/password to input. Don’t use pop-up for mobile interface.
- Use “verified email” from ID providers when available to eliminate the 2 step email verification registration flow that results in reduced success rates.
- Use the OpenID/OAuth hybrid for access to rich user data including friends, address books, photos, etc.
By implementing these recommendations, Blink182.com saw that 60% of users opted for 3rd party registration over the legacy username/password option. Through a finely tuned implementation that evolved through iterative testing, Universal Music Group’s Lady Gaga website was able to achieve an astounding 89% 3rd party login preference over the traditional username/password option.
National Public Radio (NPR):
Daniel Jacobson, Director of Application Development at NPR, was recently elected to the Board of Directors of the OpenID Foundation and as the Chairman of the Adoption Committee. He reported on goals and priorities of the Adoption Committee for the upcoming year. Daniel’s vision behind these goals is to help position OpenID as a product that will make it easier for website operators to implement while providing a better user experience for the end users. The top priorities supporting this vision include:
- Increased market research on the needs of RPs, OPs, and end users
- Enhancement of the open source libraries
- Marketing, education, and promotion
- Improved ability to serve non-browser-based platforms, including mobile
Anyone willing to contribute to the discussion on how to increase adoption and usage of OpenID may want to subscribe to the Adoption Committee mailing list.
Daniel also described the research that NPR has been doing with OpenID and that their “end game” is shared identities across all public media. They are currently collaborating with PBS and the OpenID Foundation to determine the next steps in their identity sharing strategy.
Rob Harles, VP Social Media and Community at Sears Holdings Company, presented a summary of Sears recent deployment on the MySears and MyKmart communities as well as their plans to roll out across all the Sears websites. Rob was recently elected to the Board of Directors of the OpenID Foundation and serves as the Chairman of the Online Retailer Committee.
Rob reported that Sears has one of the fastest growing retail communities, with 400% growth in 2009. They deployed JanRain‘s RPX integrated into the Viewpoints community platform to accept third party registration and login from Yahoo, Google, Facebook, MySpace, AOL, Twitter, Windows LiveID, and general OpenID accounts.
Additionally they surveyed their members to find out what drives interest in 3rd party login. The top two motivators were login convenience and the desire to not have to set up yet another username & password for a new account. When asked what would further improve user experience, the top two requests were the ability to share content and photos with friends.
Rob described their objectives as a combination of serving their existing customers better while also reaching out to a broader demographic than their traditional 35 to 53 year old female segment. He said that accepting registrations from a wide variety of identity providers definitely helped to expand their demographic reach.
Public Broadcasting Service (PBS):
Jonathan Coffman, Social Media Strategist and Product Manager at PBS, was also recently elected to the Board of Directors of the OpenID Foundation and serves on the Adoption Committee. PBS has launched an OpenID service for use across PBS websites.
Next steps for PBS include:
- Enhanced user profiles, including allowing RPs to store extended profile data at the OP
- Begin building out the consumer side of system, allowing users to connect with and use their 3rd party accounts across ecosystem
- PBS has teamed up with the OIDF to investigate what a Public Media Trust Framework, modeled after the US federal government trust framework, might entail
- Talking to Stations, Shows, NPR, and companies like Google and PayPal to envision a time when all of this might come together and to create a path forward.
Best Practices and Data Management:
Finally, Allen Tom reviewed some best practices including account recovery/reset, attaching multiple identifiers, mobile authentication, and using WebFinger. Joseph Smarr discussed data management including updates on SREG, AX, OAuth, WRAP, Portable Contacts, and Activity Streams. Joseph acknowledged that there are a lot of moving parts and that things are changing quickly, so organizations who don’t have sufficient internal resources or expertise might want to consider outsourcing to a solution provider.
What was especially memorable for this event was the active involvement, questions, and recommendations from existing and prospective OPs. Representatives from Sears, NPR, PBS, AARP, MTV, Fox News, Universal Music Group, Kodak, Tribune Interactive, White Pages, Scout24/Deutsche Telecom, and GameStop provided lots of constructive feedback for the OpenID Foundation and the Identity Providers.
Thanks to the Sponsors:
Many thanks to Sears for hosting the event, Google for providing video conference access from DC and Mt. View, and to all the participants who braved the Chicago weather and airport challenges to attend this exceptional event.