OpenID has taken a lot of flak lately. Rob Conery calls it a “nightmare”, Yishan Wong says it was “doomed from the start”, and 37 Signals retired support. If a standard like OpenID’s is really dead, does federated single-sign on for the web stand a chance? At AppDirect, we’ve found that not only can OpenID work, but that it can offer a smooth experience for the end user. We’re acting as both an OpenID identity provider and a consumer and have seen positive results on both sides of the protocol. AppDirect’s OpenID consumer experience AppDirect is an OpenID consumer for two major identity providers, Google and Yahoo, as well as our channel partners. This allows users to create AppDirect accounts with “two-click signups” from Google or Yahoo. For our channel partners, we can synchronize accounts invisibly via OpenID with no user interaction:OpenID attribute exchange (AX) to automatically import basic user information, we do not need to send an activation email to OpenID accounts. As a result, users creating accounts via OpenID abandoned the registration process at 5% of the rate email-validated users. These are similar to results found by Plaxo when they enabled two-click signups.
AppDirect’s OpenID identity provider experience
AppDirect is also an OpenID identity provider and have integrated over 40 OpenID web applications as OpenID consumers. Because OpenID support is widespread and mature, most vendors were able to quickly drop in an existing library and become OpenID enabled. As a result, users can log into their apps with a single click, not only from AppDirect, but also from other identity providers:
Making OpenID work
OpenID works best when the user doesn’t realize they’re using it. A major critique of OpenID is usability. Originally, users had to paste their own identifier URL into a form fields to log in, which is less intuitive than using a username or email address.
Fortunately, with OpenID 2.0 “identifier select”, users do not need to ever see an identifier URL. Users can log in via an identity providers with a single click. They don’t need to know what protocol they’re using; they just click a button and get to work.
The future of OpenID
While OpenID 2.0 is mature, stable, and widely supported, there are still areas of improvement which are driving the next generation of standards. One of the most promising is OpenID Connect, which is built on OAuth 2.0 and designed for RESTful APIs. OpenID Connect is still in development, but should be ready for early exploration soon. AppDirect will be watching the development of OpenID Connect closely.