The Paradox of Progress 1


by Don Thibeau

I was a close reader of the commentary from Scott Gilbertson of Wired’s WebMonkey and some other posts of late. I appreciated the historical context the Forester Analysts provided; noting that when OpenID appeared on the scene, more robust solutions based on SAML under way in scenarios involving limited circles of trust — typically point-to-point enterprise scenarios — rather than consumer use cases.

History belongs to those that tell it, but I subscribe to the narratives that identity providers adopting OpenID opened the door for users to click on a button that identifies their preferred identity service for logging in at a relying-party site and are continuing to influence the development of new solutions and best practices for federated identity, trust frameworks and the like. It’s natural at this stage in its evolution that many are unpacking OpenID’s value proposition in light of the meteoric rise of Facebook Connect. Forester’s commentary “identifying the U.S. government’s support of OpenID as an important marker and noting OpenID Connect as an important way forward” and notes that “OpenID may well be that it was ahead of its time, but that hardly makes it a failure.”

The most recent blog reports of OpenID as deficient or dying assume an ever upward trajectory of adoption. The real world is different. My rear view mirror reflects an inevitable ebb and flow to any standard adoption process. While Facebook Connect’s adoption is phenomenal, it can overshadow the natural back and forth of standards development seen in recent experience in both OAuth and OpenID. All this is to say the OpenID Foundation’s role in driving a broader understanding of and improvements to the product is a critical success factor. The OIDF’s AB/Connect Working Group’s work can be pivotal in addressing the newer use-cases posed by users like Facebook and Government.

Certainly, international expansion is a key to that broader understanding and the product’s path forward.  As a community we look to new leadership from Kick Willemse and Axel Nennker to bring a EU perspective to our work. We will be co-hosting our first OpenID Summit in Tokyo later this year. The Google team is considering the same for China. The 2011 OpenID Summits are both pacing items and forcing functions. Pairing OpenID Summits with other industry gatherings and collaborating with organizations like Kantara and the ITU mobilizes the resources of a global community and corporate participation. The leading by doing commitments of Google, Microsoft and Facebook and the example of PayPal’s hosting the upcoming OpenID Retail Summit gives us early positive indications of progress. Guessing the trajectory of any internet standard is both science and art. I tend to delete my responses to the ‘OpenID is a nightmare’, ‘fails to cure cancer’ commentary.

For my part, the question is not “What does OpenID mean?” It is rather, “How is OpenID influencing internet identity around you?”

Don Thibeau
Executive Director, OpenID Foundation


Leave a comment

Your email address will not be published. Required fields are marked *

One thought on “The Paradox of Progress

  • Stephen Wilson

    We need to not read too much into OpenID’s trials and tribulations but at the same time, absorb the lessons.
    OpenID is the poster child for federated identity; one of just two technologies called out in the supposedly tech neutral OIX framework and the NSTIC. OpenID is represented as the prototype universal identity. It provided sufficient inspiration for the Whitehouse to imagine that one day a student could get a digital credential from her cell phone provider and another one from her university and use either of them to log-in to her bank, her e-mail, her social networking site . Yet reusing identities across established risk management borders is easier said than done. In banking in particular, federation will require legislative changes to allow delegation of Know Your Customer. I have seen four different federated identity projects – all far more sophisticated than OpenID – founder in Australia due to legal complexity. It’s not for nothing we call em Identity Silos. Established ID rules in different contexts have evolved to provide strong protective barriers to protect business communities from risk and they resist casual wishful thinking of those who would break them down.
    OpenID and its descendants like Facebook Connect are nothing more than unverified nicknames used to cut corners to log onto relatively unimportant web site. For higher value/risk e-business these are almost certainly evolutionary dead-ends.