Memo to OpenID: Keep it simple, please

The universal log-in standard has been around for three years now. So why is Facebook Connect stealing all its thunder?

Caroline McCarthy Former Staff writer, CNET News
Caroline McCarthy, a CNET News staff writer, is a downtown Manhattanite happily addicted to social-media tools and restaurant blogs. Her pre-CNET resume includes interning at an IT security firm and brewing cappuccinos.
Caroline McCarthy
3 min read

With all the buzz about Facebook Connect this week, it's worth asking the question: Whatever happened to OpenID?

The universal log-in standard was created in 2005 by Brad Fitzpatrick, founder of LiveJournal, while he was working at blog software company Six Apart. (Fitzpatrick now works at Google; Six Apart has since sold LiveJournal.) It has the support of Yahoo, MySpace (which just helped build an OpenID extension for the Flock browser), and President-elect Barack Obama's Change.gov. Even Google has dipped its proverbial toe in the pool.

But it wasn't until Facebook Connect started making headlines that the concept of data portability--a single log-in across multiple sites--made the jump from the tech press to the mainstream media. OpenID, some speculated, had been left behind in the dust.

Hardly. But Wired's Michael Calore hit the nail on the head on Monday: "Presenting a dialog that asks a user to log in to one Web site using a name and password from another Web site is jarring, but Facebook has managed to keep Facebook Connect simple enough for everyday users to understand. Such ease of use virtually guarantees it will win support quickly."

The truth is, the future of the "social Web" is in expansion. And expansion invariably involves dealing with a crowd beyond the Twittering, FriendFeeding, WordPressing geeks who actually understand the concept behind data portability.

And that's not made any easier by the fact that OpenID calls itself "an open, decentralized, free framework for user-centric digital identity." Try bringing that up in the boardroom of a non-tech company looking to ride the social-networking wave. Then tell them that the most buzzed-about social network on the planet will power your site's social features. The decision will probably fall in the Facebook camp, unfortunately for the open-standards crowd and its admirable dedication to all things balanced and democratic.

"Nobody should own this. Nobody's planning on making any money from this," Fitzpatrick has said about OpenID. "The goal is to release every part of this under the most liberal licenses possible, so there's no money or licensing or registering required to play. It benefits the community as a whole if something like this exists, and we're all a part of the community."

"The most scary part of this, is that while Facebook is quietly and methodically building out this vision with massive partners, the standards community is busy squabbling about naming the open alternative."
--Chris Saad, DataPortability Workgroup

But your average company is probably going to care more about profit margins than OpenID's decentralized ideal, and the possibility of having its user activity broadcast across Facebook members' news feeds is tantalizing. Especially during tough financial times, strategy will likely trump idealism.

That said, there are some good signs for OpenID. It has a ton of support in the tech world, and if Facebook Connect's impending expansion goes awry for any reason--think Beacon--it could open up a whole new set of doors for OpenID. What it (and other open Web standards) needs either way is some image repair.

"Facebook is trying to replace all log-ins with their own, and control the creation, distribution, and application of the social graph using their proprietary platform," Chris Saad, whose DataPortability Workgroup has put its support behind OpenID and other open Web standards, wrote in a blog post. "The most scary part of this, is that while Facebook is quietly and methodically building out this vision with massive partners, the standards community is busy squabbling about naming the open alternative."

OpenID and its brethren could use a good, simplified marketing pitch, not to mention some announcements and partnerships that are more prominent than an extension for a niche Web browser. They need to use the resources that the likes of MySpace and Yahoo can provide to get more deals going and start making headlines outside of ReadWriteWeb and TechCrunch.

And most importantly, in a recession, "it's good for the Web, so it's good for everyone" just isn't concrete enough. One last tip for OpenID: Start talking business benefits.