We last took a serious look at OpenID about a year ago. At the time, we pointed out that “you’d have a hard time finding any of your favorite web apps” on the list of sites that support OpenID logon. Our commenters were in favor of client-side solutions such as 1Passwd or Roboform.
Lately, though, there’s been a spate of OpenID news, highlighted by the announcements that both Yahoo! and Blogger are joining the list of OpenID providers. This means that you can use your Yahoo! or Blogger credentials to log on to sites that take OpenID (though neither one accepts OpenID logins in return; Blogger lets you use an OpenID login to leave comments and Yahoo! says they’re working on it). But is this enough to drive OpenID adoption?
So far, at least, it seems that OpenID remains a marginal technology. While the latest announcements make it easier than ever to get an OpenID identity, it was pretty easy before: AOL, WordPress, Live Journal, VeriSign, and others were already on board as providers. Yahoo! says they’ve tripled the number of users out there with OpenID credentials, but that figure really doesn’t mean anything when the vast majority of those users don’t even know they have an OpenID. How many AOL users, to take one predecessor in this space, have ever used their AOL identity to log on to an OpenID consumer site?
The biggest problem remains the lack of OpenID consumers - sites that let you log in using your OpenID. While Web 2.0 aficionados will find some of their usual haunts on the list (including Ma.gnolia, Plaxo, and Basecamp) the fact remains that it’s still much easier to get an OpenID than it is to use it. The OpenID Directory lists a mere 446 sites as of this writing.
There are also some questions as to the security and privacy of OpenID. OpenID advocates say that these concerns are overblown or solved in the latest version of the spec, but certainly they have been debated; Stefan Brands rounded up a long list of problems with OpenID, and David Recordon responded at length (the comments to both posts are worth reading as well). It seems clear, at least, that not all OpenID implementations are created equal, and that those who are worried about these issues need to seek out a provider such as VeriSign or myOpenID that is committed to staying on the cutting edge. But it’s unlikely that the average user will realize this, and I fear we will see some highly-publicized OpenID phishing incidents when and if adoption truly takes off.
As it stands, OpenID is a convenience for users who are in the habit of logging on from many different computers (and so not in the target market for client-side solutions) and lucky enough to use some of the leading-edge OpenID consumer sites. For the rest of us, it’s so far an interesting technology, but not yet a compelling one.
Utolsó kommentek