OpenID 2009 Year in Review
Published December 16, 2009
It's been an exciting year. A number of initiatives that were started in 2008 had a direct impact on the success of the platform in the past year, so many thanks to all the organizations and individuals who have contributed. Here's a quick summary of the state of OpenID.
- There are over 1 billion OpenID enabled accounts from the following providers worldwide:
- US: AOL, Blogger, Flickr, Google, LiveJournal, MySpace, Verisign, WordPress, and Yahoo
- Europe: France Telecom, GMX/Web.DE, Hyves, Netlog, and Telecom Italia
- Japan: Livedoor, mixi, NEC Biglobe, Rakuten, and Yahoo! Japan
- There are over 9 million websites utilizing OpenID for registration and login on some portion of their websites across a wide range of organizations including Sears, Kmart, Universal Music Group (200+ Interscope, Geffen, A&M labels and artists), FoxNews, EMI, TwitterFeed, RedPlum, Savings.com, DC Shoes, CitySearch, Zappos, Nike, Microsoft, Mint, Nokia, Random House, Sony BMG, Café Press, TweetDeck, ViewPoints, Qype, Scout24 (Deutsche Telecom), Avro, Associated Northcliffe Digital, Smart.fm, Hokkaido Television Broadcasting, OnGen, 2-han.net, Nikko Hotels, ClipCast, Facebook etc.
- Microsoft, NTT Docomo, PBS, and PayPal have also announced plans to OpenID-enable their users adding hundreds of millions of additional OpenID enabled accounts
- Several organizations are using OpenID internally for federated ID management: Amazon, Japan Airlines International, National 4-H, SAP, Sun Microsystems, and PBS
- The US federal government has announced its intention to deploy OpenID on federal websites. During two separate meetings with Vivek Kundra, the Federal CIO, he explained that a major priority for the federal government is transparency and "citizen engagement." Accordingly, the government is aggressively pursuing open standard technologies that enable and support these objectives. At the Gov 2.0 Summit in Washington DC, the General Services Administration and several government agencies announced their plans to adopt OpenID as part of the White House's Open Government Initiative. This announcement followed several months of research and discussion between the OpenID Foundation, OIDF member companies, the GSA, NIST, OMB, the InfoCard Foundation, and various government agencies. The Identity, Credential, and Access Management (ICAM) committee of the GSA published its Identity Scheme Adoption Process, Trust Framework Provider Adoption Process, and OpenID 2.0 Government Profile documents over the last several months. Initial identity providers include Yahoo, Google, AOL, Verisign, and PayPal who are undergoing certification processes defined in the TFPAP. The first wave of federal websites to accept these identity providers will include the Center for Information Technology (CIT), National Institutes of Health (NIH), U.S. Department of Health and Human Services (HHS), and related agencies.
- A large number of market leading web platform providers have also integrated OpenID including Disqus, Drupal, GetSatisfaction, Joomla, JS-Kit, Kickapps, Movable Type, Plone, Pluck, TypePad, UserVoice, Viewpoints, WetPaint, WordPress, and Zend.
- Shibboleth, an identity management system used by thousands of research institutions has announced that Shibboleth V2.X will integrate OpenID support. The U.S. deployment of Shibboleth, InCommon, is a community of more than 4 million researchers, students, staff, and faculty across more than 180 institutions. The OpenID Foundation worked closely with InCommon/ Shibboleth in developing trust frameworks for the US Government OpenID deployment. Another example of how the OpenID Foundation and members are collaborating with a number of identity initiatives.
- The OpenID Foundation and member organizations continue to collaborate closely with other user managed identity open standards including OAuth, Portable Contacts, and Activity Streams to provide website operators and end users with even richer and mutually beneficial web experiences. We believe that this decentralized, open-standards-based approach is ultimately in the best interest of website operators and end users alike, where both collaboration and competition can drive innovation, choice, and widespread adoption across multiple geographies/nationalities, application areas, and demographic segments.
- OpenID Foundation Organizational Developments. As we mentioned at the end of 2008 and in early 2009, a lot of attention was required to develop an organizational capability commensurate with the growing role and needs of the Foundation.
- At the end of 2008 we completed our first open board elections for 2009 and subsequently elected an executive committee.
- We were fortunate to be able to hire Don Thibeau as our new Executive Director. Don was formerly VP Business Development at TransUnion and Executive Vice President at Qsent
- We retained Global Inventures as our Foundation platform infrastructure partner. Global Inventures manages the back office operations of over 20 organizations including HDMI, HomePlug Network, Open Grid Network, PC Gaming Alliance, SD Card Association, and the ZigBee Alliance
- We established a 2009 operational and financial plan, balanced costs and income even with the unplanned costs for US Government OpenID pilot programs
- We added Nat Sakimura as International Liaison to OpenID Foundation Board Executive Committee
- The bylaws and IPR agreements were updated
- We added three new sustaining members: PayPal, Facebook, and Booz Allen Hamilton
- We established the User Interface, OpenID/OAuth Hybrid, and Contract Exchange working groups
- The board developed a list of key priorities for 2010
- Market Outreach. A key goal for 2009 was to increase awareness, adoption and usage of OpenID.
- OIDF’s Executive Director and several board members represented OpenID with analysts like Gartner and led a new industry collaboration with key identity ecosystems organizations like InCommon, Kantara, Oasis, and others at key public and private sector events.
- We participated in several industry events including Internet Identity Workshops, RSA Conference, Transparency Camp, Government 2.0, and others
- Yahoo and Facebook each hosted and led User Experience Summits at their respective facilities
- Yahoo held an OpenID Summit just before Internet Identity Workshop
- BBC and JanRain hosted a Content Provider Committee meeting in NYC and several members participated in an Online Retailer Advisory Committee session
- Sears, Yahoo, and JanRain are scheduling the next UX Summit at Sears Usability Lab in February in Chicago
- We executed two significant updates to the OIDF website led by Chris Messina with support from Global Inventures and JanRain
- Several individual community candidates for the 2010 board elections represent experience with broader industry and geographic coverage – Media (NY Times, NPR, PBS), Commerce (Sears), International (Deutsche Telekom, Switzerland, Estonia, Netherlands, India, etc.)
- Federal Government. While this opportunity wasn’t on our roadmap at the beginning of the year, the Foundation responded quickly and aggressively to requests from the government to adopt OpenID for use on federal government websites.
- OIDF’s Board of Directors responded to the invitation of the US CIO, Vivek Kundra, and significantly influenced the government’s plans for technical and policy interoperability of internet identity.
- We worked with GSA, NIST, OMB, NIH, HHA, CIT, and ICF to deploy pilots for three federal government agencies
- 5 industry leading identity providers are supporting the OIDF’s training and technical assistance for testing a government-wide technology profile for OpenID in pilot applications in support of the US NIH iTrust Program: Google, Yahoo, AOL, Verisign, and PayPal
- OIDF’s Chairman, Executive Director and outreach committee members were quoted in numerous trade, government and mainstream press regarding the US GSA’s “Open Identity for Open Government Initiative”
- The OIDF is evaluating mechanisms to deliver the organizational capability required to provide ongoing OP certification services for the federal government and eventually other commercial applications
- OP Progress. All the major OpenID Providers have significantly improved the richness and usability of their offerings (OP capability summary to be published shortly)
- MySpace became an OpenID provider
- Facebook became an OpenID relying party
- PayPal became and OP for the federal government pilot
- Google converted over 1 million Google Apps clients into OpenID providers
- Microsoft committed to becoming an OpenID Provider in 2010
- AOL committed to migrating to OpenID 2.X in 2010
- Security Progress. Monitoring and continuous improvement in safety and security of the OpenID platform continues to be an area of emphasis for the Foundation. The following summarizes some important developments during the period.
- Andrew Nash of PayPal was selected to head the Security Committee. Other members include: Eric Sachs, Nat Sakimura, Tony Nadalin, David Recordon, Eddy Nigg, John Bradley, Nate Klingenstein, and Philip Hallam-Baker
- Working groups were formed and specification development has progressed for both the PAPE and Contract Exchange OpenID extensions
- Per the Federal Government section above, the OpenID Foundation and Information Card Foundation have been working with the GSA, NIST, and others on trust and security frameworks for federal government deployment pilots. It is expected that the trust frameworks and certification programs developed for this application will be extensible to other commercial and private sector applications where enhanced security requirements are relevant.
