Editor’s Note: This post was contributed by John McCrea, VP of marketing for Plaxo, which is at the vanguard of the data portability movement. He also blogs at The Real McCrea and does a weekly video podcast about “opening up the Social Web” together with Joseph Smarr, David Recordon, and Chris Messina at The Social Web TV.
As some of you know, I am a strong advocate of an evolution from the “walled garden” model of social networking toward an open Social Web, characterized by interoperability and data portability. Along the way, I have been both a cheerleader for all of the building blocks of the new “open stack” (including OpenID, OAuth, XRDS-Simple, microformats, Portable Contacts, and OpenSocial) and one of the most vocal critics of Facebook. Over the past two years, I have never missed a chance to point out Facebook’s absence from any key event or announcement around the “open” movement. And I’ve tried many different techniques to encourage Facebook down the open path, some more controversial than others.
But I had an “aha moment” on Monday of this week at a rather historic event that could only happen in Silicon Valley – a User Experience (UX) Summit for OpenID which brought together representatives from Google, Yahoo, MySpace, Microsoft, AOL, Plaxo, and others. The stated reason for assembling this group, most of whom are in direct competition with each other, was in reaction to recent usability studies on OpenID (one by Yahoo and one by Google), which made it clear that the current implementations of OpenID are confusing to mainstream users. The unstated reason that fifty of us packed together, shoulder-to-shoulder, was to muster a collective response to Facebook Connect.
You see, it’s been about a month since the first implementation of Facebook Connect was spotted in the wild over at CBS’s celebrity gossip site, TheInsider.com. Want to sign up for the site? Click a single button. A little Facebook window pops up to confirm that you want to connect via your Facebook account. One more click – and you’re done. You’ve got a new account, a mini profile with your Facebook photo, and access to that subset of your Facebook friends who have also connected their accounts to TheInsider. Oh, and you can have your activities on TheInsider flow into your Facebook news feed automatically. All that, without having to create and remember a new username/password pair for the site. Why, it’s just like the vision for OpenID and the Open Stack – except without a single open building block under the hood!
And so this past weekend I found myself looking forward to Monday’s UX Summit with a mixture of optimism and great urgency. On Sunday, I tweeted that I was excited to be going. I was stunned by the first response to come back just a few minutes later, from my friend Dave Morin, of Facebook Platform fame, “Agreed! The OpenID UX Summit is going to be awesome tomorrow. Looking forward to it.” I had heard that Facebook had been invited, but, honestly, I really didn’t know if they were going to send anyone. Then I looked at the confirmed attendee list, and saw three other heavy-hitters from Facebook were signed up: Josh Elman, Mike Vernal, and Julie Zhuo, all, like Dave, key players on the Facebook Connect initiative. “That’s very interesting,” I thought…
Monday morning came, and I saddled up with Joseph Smarr and the rest of the Plaxo crew and headed over to Yahoo. After the intros, Allen Tom of Yahoo, who organized the event, turned the first session over Max Engel of MySpace, who in turn suggested an alternative – why not let Facebook’s Julie Zhuo kick it off instead? And for the next hour, Julie took us through the details of Facebook Connect and the decisions they had to make along the way to get the user interface and user experience just right. It was not just a presentation; it was a very active and engaged discussion, with questions popping up from all over the room. Julie and the rest of the Facebook team were engaged and eager to share what they had learned.
What the heck is going on here? Is Facebook preparing to go the next step of open, switching from the FB stack to the Open Stack? Only time will tell. But one thing is clear: Facebook Connect is the best thing ever for OpenID (and the rest of the Open Stack). Why? Because Facebook has set a high bar with Facebook Connect that is inspiring everyone in the open movement to work harder and faster to bring up the quality of the UI/UX for OpenID and the Open Stack.
The day was very productive, with sessions led by Max Engel of MySpace, Eric Sachs of Google, and Joseph Smarr of Plaxo, among others. Right before lunch there was a rising chorus to form a small working group to develop a common UI spec for OpenID. Hands raised include Chris Messina (Vidoop), Joseph Smarr (Plaxo), Eric Sachs (Google), Max Engel (MySpace), and, drumroll, Julie Zhuo (Facebook).
Later in the day, there was a spirited debate about OpenID as a URL (as originally envisioned) vs. a new proposal to extend the spec to allow email addresses to be OpenIDs. Mike Jones from Microsoft was eloquent on the security risks of the email address approach. At one point, I thought the debate might devolve into chaos, but Dick Hardt, who delivered the infamous “Identity 2.0” keynote at OSCON three years ago, helped bring focus, “You have seen the competition; it is Facebook Connect. That is the new bar that we must meet.” The discussion found its way to constructive next steps; a few more folks joined the UI working group, and shortly after 5:00, the historic summit was adjourned. For those who want a little more detail, see my post, “Live Blogging the OpenID/OAuth UX Summit.”
OpenID, IMO, was doomed to fail from the beginning.
Interesting claim to make about a really popular, *not failing* protocol
Hmm… I’m looking forward to the release of Google Friend Connect
With MySpace, Google, Yahoo, Plaxo, and others committed to working together to get it right, I surely wouldn’t be betting against OpenID!
+1 just for the brilliant use of “it’s complicated” :)
Thanks!
make it a +2 :)
I’ve used facebook connect twice now on both TheInsider and Barack Obama’s website. It’s quite a fascinating tech going on, and on the other hand I find OpenID to be a behemoth that is too confusing. Facebook Connect’s simplicity is awesome
The cool thing is that there are not any technical hurdles in the way, just UI/UX design questions about how best to string together OpenID, XRDS-Simple, OAuth, and Portable Contacts to achieve similar simplicity for the user.
…or you can just realize that it’s been done — well, and there needs to be a trusted source to control private data…
I’ve used OpenID for my site and I’m chomping at the bit to start using Facebook Connect. Really…almost no one uses OpenID…I can see everyone using Facebook Connect. That is what Facebook is betting on.
But if Google, Yahoo, MySpace, Plaxo, AOL, and others with first-class OpenID Providers, with clean UX and access to the “people data”, wouldn’t that be more than a little bit compelling? :)
@john – problem is, they’ve all publicly committed to openid (or most of them have) for some time (a year or so IIRC) yet there’s been little progress, either from a technical or publicity push, from any of them. Suddenly facebook makes something that is easy from an end user standpoint, and now the openid crowd wants to jump on that bandwagon. They should have been there (ease of use) years ago.
I’ve had to implement openid before, and it’s a PITA from a developer point of view, and very hard to make a seamless experience from the end user’s point of view. OpenID has been out too long and had too many large companies give lip service to it to be in the shape its in. One would get the impression that it is in fact dying (though I hope not) and that Facebook connect will be the new MS Passport. Passport might’ve had a chance 8 years ago if they had had properties that enough people were majorly invested in (like people are with facebook now), but tying to hotmail alone wasn’t enough of a push. Pllus, it was from MS, so many early adopters shied away for numerous reasons. When early adopters don’t adopt, usually something’s DOA.
I truly want OpenID to succeed, but it needs to be easier for early adopters to use. Let me sign in to yahoo or google with my own openid account on my own server, or any server, not just a list of pre-approved openid providers. Until we see that level of adoption, I’m not sure we’ll see much more progress on the openid front, but I’d love to be wrong.
I think you make a lot of good points. but I really do think we are now finally on the cusp of this coming together. Some of it is realizing the power of snapping together the various building block that make this about more than single sign-on, allowing convenient and secure access to your profile and address book.
Yahoo had learned a lot since launching OpenID support earlier this year, and we’re contributing our research and experience back to the community.
We’re working very closely with other large identity providers and with the OpenID community to improve the OpenID user experience to make it super easy and intuitive for mainstream users.
There were plenty of very interesting ideas presented this week at the OpenID UX Summit, and I’m confident that an improved UX, along with the launch of OpenID support from other large identity providers will lead to widespread adoption very soon.
Well said, Allen. I am confident that Yahoo’s experience as the top Internet destination can be applied to make OpenID and the Open Stack a mainstream consumer-friendly experience.
Best article title to date !
Wow. Thanks, man!
Heck, this might be the best TCIT article to date. To paraphrase Dick Hardt, “You have seen the competition; it is John McCrea. That is the new bar that we must meet.”
I suspect part of the problem for OpenID is about brand. If a user comes across a site that says login with Facebook they are far more likely to do so than if the site says login in with OpenID, simply because they already now what Facebook is. The same is probably true of Google and MS Passport sign-ins.
To succeed OpenID must become the VISA of online identity, a tall order for an open Initiative with practically no money for building brand.
Great article! I’m intrigued to see how this pans out…
http://www.exactbrands.com
OpenID’s has a major hurdle in that it’s always solved just a piece of the puzzle, that you need the OAuths, the DiSos, the XRDSs, XRIs, Portable Contacts, the this-es and the that-s…
People just don’t have that much intellectual bandwidth, especially since the problem of web single sign-on isn’t that much of an issue to begin with. People like their usernames and passwords, and Relying Parties don’t want their users to commit to more than just “guesting” through their sites by way of OpenID.
Of course, the proponents of the technologies behind SSO will claim otherwise.
I think a solid one-stop-shop like FB and FB connect is what’s needed. Can the OpenXYZ folks converge on that, under one umbrella?
Maybe we need OpenEgo and OpenSuperEgo to complete the offering. :)
Simple and secure
to do that you need to setup a clearing house
yes there are problems with email = ID
BUT if you unify around a single clearing house like banks use for secure transactions it could work nicely… you could rather than have a visa and mastercard situation where they act as brokers setup a non profit that is secure and converts email = ID that everyone refers to infact something like this exists today
http://emailtoid.net/
regards
John Jones
http://www.johnjones.me.uk
Hmm… Lets look at this equation.
Facebook Connect + naive users = Phishing Goldmine!!!
It would take a high-school student with a basic HTML editor to make a page that looks like it is for Facebook Connect.
og8w69f11tvchztp
個人的な雑記