Is OpenID Doomed?
Zoho made an interesting move today by adding support for using a Google or Yahoo! account to authenticate to their suite of online productivity tools. I wonder what the OpenID community will think of this?
I’ve been following the OpenID space for the last little while, and this marks a curious turn in the development. OpenID has been promoting the idea of decentralized system that would allow users to minimize the number of usernames and passwords they need to login to the various web-based applications they use. It’s a great idea, but as I did some research for a client recently I concluded that the conflicting incentives for OpenID stakeholders may prove to be a barrier to adoption.
The core challenge is that while everyone wants to control users’ information by becoming an OpenID identity provider, there’s less enthusiasm towards becoming a relying party that accepts OpenID credentials. This is not especially surprising – controlling users’ information is the means that corporations maintain lock-in, and derive competitive advantage that they use to drive revenues. Hence, the move by many large web portals to act as OpenID identity providers, but not relying parties, has been viewed as an underhanded means to exploit the interest in the OpenID standard.
What’s curious about the Zoho move is that the company has obviously made the decision to accept third-party authentication credentials in a bid to lower the barriers to adopting its products. Google’s Docs and Spreadsheet offerings are a major competitor to Zoho’s offerings, so it makes sense to try minimize the pain of switching from Google to Zoho products. However, the decision to include Yahoo! accounts in the mix confuses things somewhat. Given Yahoo’s current problems, why would Zoho want to include those users? And if you’re going to go to the trouble of supporting yet another authentication scheme to reach a wider audience, why not go for OpenID?
Overall, it seems very strange that Zoho would exert the effort to support GAuth (used by Google) and BBAuth (used by Yahoo!). Both Google and Yahoo! are now OpenID identity providers, so why go down the path that requires roughly twice the effort required to support OpenID? You could do less work, and reach more users!
I can only guess that either this work began prior to Google and Yahoo!’s OpenID support was announced. However, there is one other troubling possibility: that while OpenID solves the technical problem, using a Google or Yahoo! account to authenticate to a third-party is more easily understood by users.
We did it mainly for user convenience. We will get to OpenID in a future update. But as things stand now, most Yahoo/Google users do not know what OpenID is – and there is not much Zoho can do about that fact, it is those big OpenID providers that have to educate their users.
Why Yahoo? It is the largest internet company by user base, particularly registered user base. We would love to get to MSN, AOL, MySpace, Facebook and so on too. We are pretty agnostic on how our users want to get authenticated.
Brendon,
Choosing to accept Google & Yahoo! logins first is an intentional move. I think we can safely say that anyone who has an OpenID Account also has a Google or Yahoo Account. But the reach of Google & Yahoo! goes far beyond the reach of OpenID and is well understood by a non-geek.
OpenID in its current state is still complex for an average user to really understand and use it. That is not the case with Google or Yahoo! accounts. I really hope OpenID gets there.
We are certainly not struck with Google & Yahoo! signins. We will support OpenID when the time is right.
Thanks for the clarification guys!
I think it’s really interesting to see that Zoho felt that there is a compelling reason to focus on these proprietary mechanisms rather than OpenID. It sounds like user acceptance was the key decision criteria for Zoho pursuing Google/Yahoo account logins first. If that’s the criteria, then this decision makes sense.
That said, it further highlights a challenge to the OpenID community: to bridge the gap between a technology standard that solves the authentication problem technically and one that solves it for non-technical users.
i was very excited by the title of this post – the sooner OpenID goes the way of the dodo, the better off the world will be. And the sooner I’ll be proven correct – the most important thing, of course.
Hi Brendon, came here through Miss604.
Anyway… I *hate* OpenID. It’s such a hassle trying to get it to talk to my TwitterFeed and stuff. I am sorry, but that’s just annoying for someone so not-geeky like me.
🙂 Great post!