By Michael Olson | Posted on July 17, 2011
Late in the 90s, the web began to evolve from static brochure websites to a more community-driven and participatory structure. This trend coalesced with the advent of eCommerce and online bill payment. Suddenly, the average web user had dozens of accounts at different websites, each with a distinct username and password. Or worse, people jeopardized their online security by recycling the same password across a number of sites.
For online businesses, this password fatigue problem has resulted in lost conversions and missed engagement opportunities for years. OpenID was established in 2005 as a grassroots solution to this problem. The notion was that users gain security and convenience when they can access their favorite websites with a single, portable identity, and websites eliminate registration friction and acquire more users as a result.
With the help of a passionate developer community and collaboration from companies like AOL, Google, Yahoo! and Six Apart, Janrain has been instrumental in driving the evolution of OpenID from specification to internet-scale technology. We’d like to take a look back at how OpenID has matured since its inception six years ago, and discuss its ongoing role in shaping the future of online identity as a critical part of an ecosystem of protocols supported by Janrain’s solutions.
Let’s be honest – early implementations of OpenID circa 2005-2007 were a bit intimidating for most consumers. These implementations first required web users to create an identity with a third-party OpenID provisioning service such as myOpenID or myID.net, and enter their identifier (a unique URL) in a blank text box on a website’s sign-in page. The screenshot below is an example implementation of OpenID in its infancy.
For most users who have been around email for over a decade, the interface was a barrier to adoption. Many struggled to grasp the concept of an identity as a URL, and the blank text box became a canvas for confusion.
Fast forward to March 2008: the Janrain team advanced the market by launching a major enhancement to the social login experience. Rather than asking people to remember their entire OpenID unique identifier, the interface below simply asked users to click their preferred identity provider and enter their username with that service. Based on this prompt, the interface automatically built the user’s full OpenID identifier and kicked off the authentication process.
But this was simply a UI layer on top of a site’s existing OpenID implementation. On a technical level, most of these implementations relied on a discovery flow that is known in the space as claimed identity – the user tells a website her unique OpenID identifier, and the website then needs to make a backchannel call to determine the identity provider and begin the authentication transaction.
But during that seminal year in 2008, three major developments occurred to position OpenID as a viable internet-scale technology. First, the Janrain team worked with a group of community developers to co-author the OpenID 2.0 specification. This bound data sharing protocols such as Attribute Exchange (AX) to OpenID, enabling an OpenID authentication transaction to pass demographic profile data and email addresses to websites rather than just a user identifier. Second, and most importantly, companies like AOL, Google and Yahoo! came on board, leveraging the OpenID standard to turn their millions of user records into portable web identities. Lastly, the Janrain team again moved the space forward by launching the industry’s first and only turnkey social login solution.
Janrain launched its social login solution in October 2008, which radically simplified the process for websites to support social login and OpenID. Rather than spending weeks or months learning and installing complicated libraries, the solution abstracted the distinct protocols used by each of the social networks and email providers into one, simple API. In short, we were able to offer brands and websites a turnkey solution that cut deployment times from weeks or months to merely a day.
In addition, a significant change in backend discovery flows has also facilitated adoption from consumers. Whereas legacy implementations from 2005-2008 relied on the claimed identity flow previously described, Janrain introduced a more intuitive button-based interface that employs an OpenID discovery flow known as directed identity. In this flow, the user simply needs to click a button for her preferred login provider, and the website then makes a call to that provider to kickoff the authentication, verify the user’s ID and retrieve profile data.
Today, OpenID is thriving as an underlying technology to power social logins. OpenID is baked into almost every Janrain deployment across more than 350,000 websites. On many of these sites, it is presented as a branded sign-in option for tech-savvy users who choose to delegate their portable identity through an independent third-party service or run their own OpenID server. The screenshot below depicts the option to sign-in using OpenID via the Janrain social login interface.
For those sites that choose not to expose an OpenID button in their social login interface, the technology is still at work “under the hood”, powering social login for popular networks such as Google, Yahoo!, AOL, Flickr and PayPal. Every social authentication with one of these providers utilizes the OpenID technology standard under the covers.
For OpenID to sustain its success, it doesn’t need to become a household name. Nor should the viability of OpenID be judged by whether your grandmother can articulate its meaning. As a critical underlying technology for social login, OpenID can be likened to HTTP or RSS. Ask the average person to describe the Hypertext Transfer Protocol, and his or her eyes will likely glaze over. Why? Because tools like the web browser were developed to abstract the complexities of HTTP, and make it easier for consumers to use. Just as tools such as Google Reader were developed to make RSS technology consumable for the public.
Similarly, social login technologies such as ours abstract the complexities of OpenID, making it extremely easy for websites to enable social login and for consumers to understand and use it.
OpenID is also positioned for continued success because Janrain and the developer community are fully committed to open standards and interoperability. OpenID is a building block for data sharing protocols such as OAuth, Activity Streams, Portable Contacts and Backplane, all of which have been adopted by various social networks and rolled into Janrain’s solutions.
And new enhancements are building on OpenID as we speak. OpenID Connect is an emerging standard that blends the best elements of OpenID and OAuth 2.0, a token-based data sharing protocol used by Facebook, Twitter, LinkedIn and others. On the backend, OpenID Connect replaces the traditional OpenID authentication flow with an enhanced OAuth 2.0 flow that uses an ID token to access additional profile data from an identity provider with the consumer’s consent.
Extensions such as webfinger are further reducing complexity by introducing email discovery for social logins. With this process, a person simply needs to enter her or his email address to kick off a discovery flow that determines the desired identity provider.
OpenID may never achieve universal brand recognition from consumers, but that won’t stop it from playing a central role in the future of the web. As long as recognizable brands like Google and Yahoo! continue to support the technology and consumers see the value of leveraging their social identities to access sites across the web, OpenID has a bright future.
Why customer experience is essential to (C)IAM success.
Ten years ago identity and access…
From the barista who knows exactly how sweet you like your daily nonfat, caramel macchiato to the…
According to IBM, poor data quality costs U.S. businesses $3.1 trillion annually. This is…