Apr 10

Mike Loukides

Mike Loukides

Building Better Silos

It's been good to watch the use of OpenID spread. It's great to see that has dropped "traditional login" in favor of OpenID. And I was encouraged to read about Yahoo's support of OpenID. Granted, it took me a while to get around to trying it.
But when I got around to trying it, Yahoo!ID was a disappointment. The promise of OpenID is to return ownership of ID to the users, and to eliminate identity silos, in which the big sites compete to own your identity and your data. If that's the goal, Yahoo!ID may not be a step backwards, but it's certainly not much of a step forwards.

Although Yahoo is talking the talk, it's still playing the same game. Today, I went to Yahoo to try to use my OpenID URL (from myOpenID). And I couldn't. I kept being asked if I wanted to create a new Yahoo!ID account.

That's precisely what I did not want to do. If I have to create a Yahoo OpenID for Yahoo sites, but that ID is different from the OpenID I already use for Ma.gnolia and other OpenID sites, what's the advantage? I could give in, create a Yahoo! OpenID and use it everywhere--but isn't that just giving in to the problem that OpenID was trying to solve? I don't want Yahoo! to be the data silo that owns my identity, any more than I want ma.gnolia or or twitter or Get Satisfaction or... you get the idea. Google support for OpenID would be nice, but if they implemented GoogleID and didn't accept IDs from Yahoo or any other ID-issuing organizations, we'd be right back where we started.

Yahoo's OpenID press release is dated January 17th. Internet time flows quickly. I could perhaps pardon a "yahoo-only not-quite-open ID" in a beta release, though not an "eternal beta". But I still wonder--what's the deal? Three months is plenty of time to accept a standard that you already support.

OpenID is important because it places control back in the users' hands. A net where we didn't have dozens of accounts and passwords to remember is something we all want to see. But we won't get there by building even bigger and better identity silos. "We support OpenID--you can use our OpenIDs anywhere. But don't try using anyone else's here" just isn't an acceptable position.

Previous  |  Next

Comments: 17

  william [04.10.08 10:18 PM]

The fact that Googles recently announced super cool app server does not support Openid is alarming. It only shows there true motive of trying to become the monopoly force of the internet.

Remeber the good old days of Microsoft Lock in; well this is far worse.

Google has made billions off the backs of media companies and content creators, and now they are using those very billion to choke the life out of innovation and any future hopes of an open internet

Behold the beauty of the beast that we have created

  Julian Bond [04.11.08 12:38 AM]

So does O'Reilly Radar support OpenID for comments? Oh, Wait. ;)

Yahoo's OpenID support is both good and bad.
- Very large number of users now have an easy to use OpenID.
- Anti-Phishing technique
- No Simple Reg or AX support for passing over profile details
- No use of OpenID as a consumer, only as a provider
Well it's a start.

Meanwhile Google has a commitment to start supporting oAuth but they're still rolling out new APIs that use AuthSub. To their credit though they are active in a lot of open source projects and even OpenSocial has turned into a Google led but community driven project. All the majors have a bit of this "not invented here" syndrome. What's most distressing is watching them each create yet another profile description markup. Do we really need another one?

  musicman [04.11.08 12:48 AM]

I don't know which is the best, Google or Yahoo.

  Mike Loukides [04.11.08 04:10 AM]

I would love to see Radar support OpenID everywhere any sort of login is required.

  Chris Fizik [04.11.08 05:55 AM]

Nice post. I cringed everytime you mentioned the term 'identity silo'. Really disappointing the way the great adoption is turning out so far. :-\

  Ian Gregory [04.11.08 09:14 AM]

I was also disappointed when I found that Yahoo! does not actually support OpenID having announced that they do. Google does support it for commenting on Blogger (I tried it using my GetOpenID ID and it worked).

  ndk [04.11.08 10:15 AM]

The open trust model of OpenID will lead to identity silos no matter what. There's no way any remotely valuable application could accept the liability(or spam threat) of accepting third-party OpenID's from a completely untrusted provider. You can point out that you're a good steward of your own identity, but... says who? How do you demonstrate that?

Reputation and vetting services are the missing link, but there isn't much active work in that space, sadly. Static federations have been the most successful by far.

Especially due, as you mention, to the economics and incentive for identity lock-in.

  anon [04.12.08 11:03 PM]

In reality, what is the benefit for Yahoo to use OpenID one way or the other? Agree with ndk, identity lock-in is too great an incentive for Yahoo or others to change. Step in the right direction, but just one step.

  Innenausstattung Vitula [04.13.08 04:56 AM]

Google actually supports it on Blogger.

  Mike Loukides [04.13.08 06:26 AM]

Yes--I'd love to see Google go the rest of the way, but Blogger is a start. And O'Reilly supports OpenID for conference registrations.

  Christian [04.13.08 06:55 AM]

yeah i'would be happy if more websites use openid

  Ajeet Khurana [04.13.08 12:40 PM]

All the comments in Radar using openID are interesting and who knows they might precipitate action.

I understand Yahoo's point of view. Giving up control over user data can be a formidable business advantage, and relinquishing that stranglehold is tough even for non-evil organizations such as Google :)

  canlı tv [04.13.08 04:00 PM]

good article. thnks.

  Michal Migurski [04.13.08 05:38 PM]

This is to be expected, I said as much a year ago:

There's no value to just being an OpenID consumer.

  Paul Annesley [04.14.08 01:42 AM]

"Oh, and before anyone jumps on me about this not being “full” (meaning bi-directional) OpenID support, I’m quite aware of that. Consuming OpenID is a different beast that can’t happen overnight. Give it some time. I’m optimistic that we’ll get there."
January 17, 2008


  Allen Tom [04.14.08 08:17 AM]

Let me know when O'Reilly Radar allows its viewers to sign their comments using OpenID. :)

  Brian Robinson [04.16.08 10:15 PM]

You hit the nail on the head. I was just thinking about this recently, and my starting point for OpenID providing real value was Google, Yahoo, LinkedIn, and Facebook all enabling me to use my single OpenID from Verisign. Unfortunately, I don't expect that to happen any time soon.

Post A Comment:

 (please be patient, comments may take awhile to post)

Type the characters you see in the picture above.