What is this OpenID Everyone Speaks Of?

Lately, there seems to be a lot of talks about OpenID / OAuth, privacy, owning information, decentralizing, centralizing, user-centric, SSL, profiling, identity, and other stuff ? (for a lack of a better term.)

I know it is some way relevant to me, since I see the logo everywhere I go. And I have an inkling OpenID is somehow important, since I am hearing about it a lot. And uhhh there was even a summit for OpenID and OAuth.

Well. I don’t know about you, but to me? OpenID is nothing but a bunch of gibberish.

  1. Too much effort.
    I am so used to logging in with a username and or handle, the concept of using a URL is ludicrous. A six letter username is already too much effort, to add mywebsite dot domain dot com each and every single time I need to log-in is blasphemy. Oh, nevermind password managing programs I use, ok? Thanks.
  2. Too confusing.
    Flickr, WordPress, Technorati, Yahoo, Blogger, LiveDoor, LiveJournal, blah blah blah – the OpenID provider list goes on and on. I am signed up for and use almost all OpenID service providers. Meaning, I already own an OpenID. Several, even, but how do I claim them? And what is this claim they speak of? Why can’t I just log into a site that supports OpenID with my respective URLs? Where and how do I start? WHY can’t this be more simple? See? The questions start and maybe I am an idiot, but for the life of me, I can not figure out how to get started.
  3. Why is this relevant to me?
    I am not going to lie. I log into almost all my accounts on unsecure Internet connections. Identity theft is irrelevant to me, since my identity has never been stolen. I am the last person to be anal about privacy. Call me naive, but in my sheltered world, confidential information is viewed via proprietary services (corporate server, apps, etc.) anyway, and I trust my system administrators. In my 10 years of working in corporations large and small, my sys admins have protected any security leaks. All I know (choose to know?) is when making, receiving, or transferring any financial transactions, I check the URL to make sure it reads: “https”. WHY should I care?

I know in theory, OpenID is a good idea. But really, why does owning my information pertain to me? How is this relevant to my daily usage? After all, it’s not like merchants (Ebay, Paypal, financial institutions, etc.) are partnered with OpenID. So unless OpenID becomes more intuitive, or there’s a reallllly good motivating factor for me to actually figure that crap out? I am sticking with dedicated usernames and passwords.

Do you know something I don’t know? If so, do please enlighten me.

Awesome discussion as well here. :)

16 thoughts on “What is this OpenID Everyone Speaks Of?

  1. 1) I don’t always have access to a password manager, especially now that I’m using Chrome.

    2) Many sites have their own unique password size/strength requirements which means I can’t just use one password everywhere.

    OpenID lets me not worry about either of those.

    3) OpenID helps move beyond the idea that a web service needs to know my address and phone number before letting me join.

    1. So currently, it’s more relevant to Social Networking sites that require personal info like addresses and phone numbers… say like FACEBOOK?

  2. That’s not exactly what I meant – I mean that lots of sites ask for personal info for no good reason other than a greedy desire to build a comprehensive database of users’ info. OpenID to me is a move away from that. I guess a lot of sites are moving away from it anyway just to avoid angering potential users.

    Have you ever tried to register to comment on a ZDNet blog? It’s horrific: http://friendfeed.com/e/bad473d9-d231-456e-94da-426a4aefd10e/Registration-FAIL-I-wanted-to-comment-at-ZDNet/

    1. @Daniel: But see – Amazon, Paypal, Ebay… almost every online merchant has our info stored. Why should we start caring now? @Shevonne: My browsers also have my info stored so I’m RIGHT with you.

  3. Mona – you can trust Paypal et al to have decent security and disclosure (I hope). You can’t say the same for the fly by night web apps we all love to try. It’s too bad we give a lot of them the same email and password we use to connect to Amazon and Paypal.

    With OpenId there are a lot fewer weak links in your online identity.

  4. I’m with you Mona. Every time I see an OpenID sign-in on a page, I’m perplexed. I’ve signed up for OpenID, twice! But I can’t remember where I signed up or how I’m supposed to use them. I don’t know what I’m supposed to enter when I’m presented with those sign-up options. Username/password is a lot easier.

  5. If a sharp pencil like you can’t figure out OpenID, Mona, what chance do I have? I just went to this page http://openid.net/get/ and it didn’t explain ANYTHING to me. Umm, yes, I use some of those services so I already have an OpenID. And? Next? What is my next step? That page does NOT deserve to be titled “How do I get an OpenID?”

  6. OpenID is a huge struggle for me, since I know that it is a movement I need to… well want to back. Too bad it’s an EFin clusterf*ck. Seriously.

    Every. single. time. I attempt to claim, I am sent from one page, to another page, to another, and… well you guys catch my drift, right? All the user experiences and feedback from here, I am RIGHT with y’all. I’m so glad to hear I’m not the only one. Thanks for your comments, Laura and Hutch!

  7. I’m not sure what you mean by “claim”. Do you mean when you try to log in to a site with an OpenID? Because here’s how that should work when logging in the first time:

    0. Make sure you are logged in to your OpenID provider.

    1. Enter your OpenID into whatever site (lets use Amazon for this example) you want to log in to. Don’t enter a name or password. (If wordpress gave you an OpenID, it would be pixelbits.wordpress.com. Enter that.)

    2. You get redirected to the wordpress OpenID provider to confirm that you want to give Amazon access to your ID. You confirm it. (You only do this the first time.)

    3. You are redirected back to Amazon, logged in to your shiny new account. Amazon already knows your name and whatever other info you gave wordpress and allowed it to pass on.

    That’s it. On subsequent logins, there would be no step 2 or 3.

    Does that help at all, or am I misunderstanding your misunderstanding?

    1. When attempting to log in with my OpenID, partnered sites prompt me to “claim” or “verify” with my provider. Like you said in step 2, I get redirected to various pages and sites, with no end. LOL I gave up.

  8. Hm. Maybe you’re skipping step 0? I included it because it really makes things much easier and simpler if you’re already logged in to your OpenID provider before doing anything else. Having OpenID embedded in the browser would make it much more natural.

    If you start out logged in to your OpenID, then there should only be the two redirects I described. If you’re *not* logged in to your OpenID, then it turns in to a mess like you described. Enter your OpenID on some site, get redirected, log in to your OpenID somehow, authorize the other site, get redirected back (or maybe not), blah blah blah. There’s definitely work to be done.

  9. Finally a smart person explaining OpenID and it’s lack of mass.compatibility (what it is supposed to be all about!).
    I NEEDED OpenID because I have so many accounts=profiles=contacts everywhere but for normal human beings who don’t have to know about things like that it’s just too f*cking complicated and stupid. I ended up with several OpenIDs now – by Google, Chim.mp etc. – and don’t know what the heck I’m sticking with. Please tell me once YOU’ve figured it out :-)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s