My OpenID Shitlist, Hitlist and Wishlist for 2008

OpenID hitlist

Update: I’ve posted an update to these lists, giving props to Yahoo, Google, PBWiki and Drupal for embracing OpenID.

I believe in the power of community to drive change, and I believe that peer pressure can be a great motivator. I also believe that shaming can be an equally powerful motivator, if used lovingly and when an “out” is provided.

In this case, that “out” is adding support for consuming OpenIDs, not just being an identity provider.

With that in mind, I thought I’d throw out my OpenID Shitlist, Hitlist and Wishlist with the hope that a little sunlight might cause the previously planted seeds to finally sprout. Since OpenID 2.0 is now out, these folks really have very little excuse not to get on board and make this happen (limited developer resources notwithstanding).

So, without further ado:

My Shitlist

Last February, at the Future of Web Apps in London, there was an orgy of OpenID announcements.

The point of my Shitlist is to publicly shame folks who have previously promised (or strongly indicated an intent) to adopt and add support for OpenID but who have failed, thus far, to do so. I invite them to redeem themselves by making good on their promises. I won’t hold it against them, but hey, it’s their word on the line.

  • Digg.com. I’d consider myself personal friends with the Digg folks. I like Daniel, Kevin and Owen. I think they do great work and that Digg is one of the most influential synaptic centers of the net. But Digg tops my shitlist because of a very important 10 seconds of speech that Kevin offered on stage, and which was covered by Om and TechCrunch. He said, and I quote: And then we also want to announce today, uh, support for OpenID. So we will be, uh, rolling out OpenID here in the next few months. That’s gunna be cool. Listen to it yourself. Did this ever happen? Nu uh. Still waiting. Hmmph!
  • NetVibes. NetVibes remains one of the more innovative, more “open source like” rich internet desktops out there. Tariq‘s a friend. But, like Digg, when you make promises (scroll down to Tariq Krim) to do something and months and months later you haven’t made good on your word, well, you end up in my shitlist.
  • Last.fm. Now, I’m going out on a limb here. I have a strong recollection that Last.fm was the third company to promise OpenID support at FOWA, but for the life of me, I can hardly find a reference (besides this: “So what was the buzz at this years FOWA London? Two things resonated to me more than anything in the conference. OpenID and attention data. All of the key players from digg to Netvibes, Last.FM to Arrington touched on, commented or made announcements in these arenas.” — hat tip to JP), and in the recording of their session, they make nary a mention. Now, I’m pretty sure they said something about it, but I don’t have proof. Last.fm needs OpenID regardless, so if someone can backup or discredit my memory, I’m happy to move them to a more appropriate list.
  • PBWiki. I’m a fan of PBWiki, the hosted wiki service. They’re a good friend to the BarCamp and Twitter communities and are my first choice when I need a wiki and don’t want the hassle of setting up and maintaining my own. The oldest email I could find when I first approached David, Nathan and Ramit with a request to support OpenID was July 30, 2006. I’ve badgered them consistently since then, receiving various assurances that they’d work on it. And without directly calling bullshit, I do wonder why their own Auth API hasn’t been made to be OpenID compliant when there have been so many other significant improvements made. I know that nerds aren’t their top priority (nor their biggest money-makers by a long shot) but maybe we can hack it in at the next SHDH?
  • MyBlogLog. I suppose things change when you get absorbed by a massive corporation that requires a consistent terms of service. Or else it seems plausible that the early indications of support for OpenID might have blossomed into full fledged support. Alas, it was not to be.
  • Technorati. In October of 2006, Technorati announced support for blog claiming with OpenID. They also became an OpenID provider. So technically, they don’t deserve a full shaming. However, it’s lame that they allow you to claim your blog if it’s an OpenID, but for reasons that confound me, don’t let you actually sign in to Technorati using the same OpenID. This seems ludicrous to me and frankly, I expect more from Technorati. (And can I point out that it’s a bad sign that when I search your blog for OpenID using your search engine, nothing comes up? Huzzah!)
  • Wikipedia. Well, everyone loves Wikipedia right (that’s an uncorroborated generalization)? Well, they still belong on my shitlist. Wikipedia said they’d support it in a Google Video as early as June of 2006. They might be able to define the protocol, but they certainly don’t support it. (Reprieve: open source to the rescue! Evan Prodromou wrote the OpenID extension for Mediawiki. Now Wikipedia simply needs to adopt it!)

Hitlist

With the shitlist out of the way, I can get on to those folks who haven’t necessary made promises before, but are ripe candidates to be lobbied to add support for OpenID.

  • Satisfaction. Satisfaction has long since planned on offering OpenID (and more recently OAuth) and they tell me that it’s coming soon. With co-founders (and my friends!) Thor and Amy recently getting into a new startup they’ve named Tesla Jane, I think I can be patient for a while longer. ;)
  • Twitter. If you’re aware of the backstory of OAuth, you’ll know that it was my advocacy of OpenID for Twitter that revealed the need for a delegated authentication protocol that was compatible with OpenID. And, now that OAuth has gone 1.0 (and while we’re waiting for Twitter to roll out support for the final spec) it’d be great to also see movement on the OpenID front. I know you’ll get right on that. Heh.
  • Drupal. Bonus points go to Drupal and James Walker for rolling in support for OpenID into core for Drupal 6.0, and maybe we have to wait for the upgrade, but it’s too bad that there isn’t support on the drupal.org website. Should be an easy fix, and with the brilliant way the community devoured my recent feedback, I hope that this request is met with equal enthusiasm!
  • Plazes. Well, I’m with Tara and am pretty disappointed with where Plazes is today. Felix and Stefan are great, but the new Plazer sucks. It’s like they took a bunch of VC and lost focus. Then again, maybe I’m projecting. Anyway, it’d mean something to me if they went ahead and added support for OpenID. Better late than never.
  • Pownce. Pownce has been rocking the portable social network stuff, along with sister-site Digg (yes, the same Digg on my shitlist). The logical next step is for them to provide OpenID consumption to make the circle of portability complete!
  • Ning. Well, they already have NingID, but I really question the wisdom of proprietary authentication schemes at this point. I mean, if they’re all about niche-social-networks, wouldn’t consuming OpenIDs make so much sense to further reduce barriers to outsides coming in to play?
  • LinkedIN. These guys have been doing some great work widely adopting microformats and becoming more social-network-like. People seem to use LinkedIN as an identity aggregation point; shouldn’t they also be able to prove that they own a certain LinkedIN profile elsewhere and then verify their accounts elsewhere by logging in to LinkedIN with their other OpenIDs?
  • Slideshare. Given that Slideshare probably has the greatest collection of OpenID related presentations on the net, it’s kind of a shame that you can’t login to the site using the protocol. I know Rashmi and Jon have their hands full, but it’d be sweet to see them add support.
  • TripIt. TripIt’s awesome. Tara and I did a day of consulting with them and have been constant users ever since. What’d be great is if you could use your OpenID to login between Dopplr and TripIt — it might sound insane to them — but they really are complementary services. Tying my identity between them would save me such a hassle of having to go back and forth between them — and they’d both win!
  • Blip, Viddler, YouTube et al. This might be a pipe dream, but I do think that we could win over Blip and Viddler. YouTube, not so much. But if we lobbied each independent and got one to go, the others might follow…
  • WordPress.com. So WordPress is a funny one. They serve as an OpenID provider but don’t currently consume. If you want to enable OpenID consumption, you have to run your own blog (as I do) and use Will Norrisexcellent plugin. This isn’t necessarily a problem, but with Drupal 6.0 getting support and Blogger offering limited consumption of OpenIDs, I would have hoped that WordPress would have made the move first.
  • Pandora. Finally, and this one might just be a vanity request, but I think it’d be cool if Pandora supported OpenID, if only because it would make OpenID seem cooler.

Wishlist

So, with the more likely candidates out of the way, I’d like to turn my attention to what would be big wins for OpenID, but that are an order of magnitude harder to win over, not so much because of technology issues but because of the complexities of terms of service and other business-level issues. In any case, if we see support from these folks for OpenID in 2008, we know we’re making serious ground.

  • Facebook. I asked the question on Twitter whether people would use Facebook as their OpenID provider if they could. The overwhelming response was no. Still, of anyone, Facebook could, if they actually rebuilt people’s trust and extended the reach of their strong privacy controls with best practice OpenID support, I think it’d be a net positive thing to see Facebook official adopt OpenID. There are already two Facebook apps that enable it, so clearly someone’s interested!
  • Yahoo and its various properties: Flickr, Delicious, Upcoming. I know they’re interested, but it will take more than interest and developer intentions to make this one happen. If Yahoo gets on board, game over man, cat’s in the bag.
  • Google. With their enthusiasm for OAuth and the recognition of the problem of widespread password scraping, I think Google is realizing that their avoidance of OpenID is not paying off. With Blogger toying with support for OpenID, I think (hope!) that’s it’s only a matter of time.
  • Microsoft. Well, Bill already promised. And they’ve even shipped code, even if it’s kind of a weird approach. Like most brushes with the embrace of openness, Microsoft is probably at war with itself once again, on the one hand having elements within that want to do the right thing and on the other, for some reason, being heavily influence by holdouts from the evil empire. We’ll see what comes of this, but I’m not holding my breath, even if InfoCard is the right interface metaphor for OpenID.
  • Mozilla. I don’t know if you noticed, but Mozilla has quite a few properties strewn about. Practically every week there’s a new property launched to promote some new campaign, not to mention all the myriad community sites that crop up (i.e. UserStyles.org, thankfully an OpenID consumer!). In leiu of a top-down single sign-on solution, why not just support OpenID and get it over with and enable portable reputation within the Mozilla universe? And — once you do that — maybe start looking at integrating support into Firefox, as I asked earlier this year?
  • Trac/SVN. With OAuth, support for OpenID on the command line becomes much more feasible, even if there’s little support today. Imagine being able to use your OpenID credentials to login to any SVN repository. Being able to federate whitelists of identifiers would make cross-collaboration much more facile and I think would be a boon to independent open source development.
  • MySpace, Hi-5, Bebo, Orkut et al. I mean, we now know that is basically an overhyped widget distribution platform, but that doesn’t mean that it won’t turn into something more. Eventually the limits of siloed identities are going to run up against the cross-pollinating design of OpenSocial and logging in to Bebo with your MySpace account is not only going to make sense, but will be expected, just like I can send email from my Gmail account to Hotmail and Yahoo email users. OpenID 2.0, with directed identity, is perfectly suited to handle this particular use case and I’d love to see the early OpenSocial partners get on board sooner than later.
  • Adobe. Not even sure why this one’s in the list, but so long as I’m thinking big, it’d be sweet to see support not only on Adobe’s site for OpenID, but also in Flash apps (which I think would possibly require OAuth). Adobe has Adobe IDs already, and, as I suggested before, proprietary protocols for identity on the web make less and less sense.
  • TechCrunch. This one’s for fun. I know Mike’s a fan of big ideas and making things better, so it seems strange that, given his use of WordPress, he hasn’t demanded support for OpenID commenting yet. Perhaps we can dream.

Now that I’ve got those lists out of the way, I wanted to give summary props to folks who have already gone ahead and implemented OpenID (this is not an exhaustive list; check out the OpenID Directory for more):

Make sure to stop by these folks’ sites and try out their support for OpenID. Heck, they’ve pioneered the way forward, might as well both give them some patronage and see what user experience lessons can be had from their implementations.

And, this is by no means a finished list. It’s just a start. If you’ve got your own Shitlist, Hotlist and Wishlists, please do share them. Not only have I probably missed some folks (Amazon anyone?), but there are probably services and sites more dear to your hearts that should be embracing citizen-centric web protocols that I don’t even know about yet.

So, let me know what you think and if you want to start doing some lobbying, the best place to start is with the OpenID site itself.

30 Comments

  1. Ben Gold said
    at 2am on Dec 9th # |

    YOU FORGOT ZOOOMR!!!!

  2. at 5am on Dec 9th # |

    I’m fairly sure we didn’t promise OpenID support at FOWA. Having said that, provider support has been there and nearly finished for ages. I’ll see if I can update that for 2.0 and release it when I have a few moments.

    RP support, by all accounts, is a little further off.

  3. at 6am on Dec 9th # |

    There was a CodeFest in Montreal revolving around adding or improving OpenID support in some of the projects you mentioned last September. I missed the event, but I know that good things came out of it. :-)

    http://wiki.facil.qc.ca/CodeFest2007

  4. børge said
    at 6am on Dec 9th # |

    Also the fantastic photo sharing site (with a lot in common with Flickr, only much better in many regards) ipernity has support for OpenID. I switched from Flickr to ipernity a while back and haven’t looked back. You should check it out!

  5. børge said
    at 6am on Dec 9th # |

    PS: I was not sent to my OpenID provider when commenting here!

  6. 113.com said
    at 7am on Dec 9th # |

    113.com (China) supports OpenID (two-way) at their January launch.

  7. at 9am on Dec 9th # |

    Chris, you can quote me here: We’re working on our API right now, which uses OAuth for application authentication (I’ve actually just tested this on Friday at the office), and when we get the resources to update our registration / login processes – we’ll be adding OpenID.

    Consider Viddler, “won over”.

  8. at 10am on Dec 9th # |

    PBwiki is launching OpenID support in its next major release, which will be in the next few weeks. Why do you put us on your shitlist, just because you’ve been badgering us about it for a while? ;) (Which is true.)

    And AuthAPI has nothing to do with OpenID; it’s a way for individual wiki owners to delegate authentication to their own webapps, letting them authenticate against their wiki with LDAP, AD, OpenID, retina scans, or whatever else they’d like to code up. Several companies use this for behind-the-firewall single sign on support.

    But we still love & support you. (And Barcamp. etc.) :)

    Kisses,
    -David

  9. at 11am on Dec 9th # |

    You forgot Wikitravel, too. What’s with that?

  10. at 2pm on Dec 9th # |

    @Russ: thanks for that. I’d like to see if anyone else who was at FoWA will back up your claim. At this point I’m really not certain, but would like to hold Last.fm out there just a wee bit longer. Awesome to hear about providing OpenIDs, though — can’t wait to see it!

    @Stephane Daury: Good stuff — would love to see what concrete solutions came out of it! We need more of those kinds of events!

    @børge: thanks — hadn’t heard of that. It’s interesting that, like Zooomr, it seems to have inherited a great deal straight from Flickr, but added support for other media types. Good to see they’re using OpenID at least! As for your issue, not sure what the problem was, but Will Norris’ blog picked up your OpenID, so I don’t know what happened here…!

    @Colin: great news! Can’t wait to see it!

    @David: thanks for your comment — and that’s great news! I mostly put you on my shitlist because I know you and because I know you want to support OpenID and I also know that when you release it, I can blog about how PBWiki is even *more* awesome since it supports OpenID. PBWiki isn’t on a *general* shitlist, only on my list of sites that really *should* support OpenID, especially since you rely so much on a central PBWiki Identity.

    As for the PBWiki AuthAPI, you’re right, OpenID doesn’t directly factor in; perhaps what I should have said is that it’d be cool if you guys supported OAuth. ;)

    @Evan: Oh yeah…! I’ll add you to the list! Sorry dude! At least you got props for the MediaWiki plugin! ;)

  11. at 5pm on Dec 9th # |

    My response is here:

    http://evan.prodromou.name/Journal/18_Frimaire_CCXVI

    -Evan

  12. Aiden said
    at 11pm on Dec 9th # |

    I’d add Wrike.com http://www.wrike.com/ to the wish list. It’s a totally great project management software, that’s email integrated. It would be so cool, if I could use it with my OpenID.

  13. John McCrea said
    at 10am on Dec 10th # |

    A good OpenID “naughty or nice” list, Chris!

    Here’s my post on Facebook’s ClosedID: http://therealmccrea.wordpress.com/2007/12/10/why-facebook-wasnt-at-the-internet-identity-workshop/

  14. Oxa Koba said
    at 2pm on Dec 11th # |

    Newsvine

    Mike Davidson expressed interest publicly back in February 2007. But Newsvine has fallen silent since then.

    Another is Virb, who keeps suggesting that new things are on the horizon, but has been stalling for months and was very nearly still-born when they came out of beta, imho.

  15. Kevin Fox said
    at 8pm on Dec 11th # |

    Hi Chris,

    Excellent post, nice to see all these sites listed in one place. If anyone is working to implement OpenID for their site and needs any assistance please let me (JanRain) know.

    Cheers,
    Kevin

  16. Phil Wolff said
    at 10am on Dec 12th # |

    There’s some momentum at Skype for supporting OpenID. See the https://developer.skype.com/RoadMap/ and
    https://developer.skype.com/RoadMap/WebLogin for more. No commitments yet, so I don’t know which list they belong to.

  17. at 4am on Dec 13th # |

    There is also Plone (http://plone.org) which implemented OpenID this year. I have some ideas on how to improve support there but the basics are there. We now even see more and more Plone based blogs to support it which is cool.

  18. Kevin Fox said
    at 1pm on Dec 13th # |

    Launchpad is also looking at adding OpenID Support:
    https://bugs.launchpad.net/launchpad/+bug/1169

  19. Graue said
    at 6pm on Dec 16th # |

    I’d really like to see The Pirate Bay and Mininova offer OpenID for uploading torrents — consider them on my wishlist/hitlist. On my netlabel we’re seeding music releases on both sites, and it would make sense to have a link back to us showing the upload is official (rather than some silly nonce account).

  20. Oxa Koba said
    at 8pm on Jan 9th # |

    LinkedIN just moved to my shitlist. I realize the original intent of this post was to highlight services that should consume OpenID’s, but this is a related issue.

    With as much conversation as he community has had about “import addressbook” features as anti-patterns, you would think they would be moving away from them.

    Nope.

    On January 8th, Tips for a more productive 2008 was posted to their company blog. Here is tip #4:

    4. Import Your Address BookLet us do all the work — in seconds you can see who in your address book is already on LinkedIn and connect with them.

  21. at 10am on Jan 21st # |

    What openid plugin are you using for wordpress? I’ve never been able to get any of them working due to php errors etc.

  22. at 11am on Jan 21st # |

    @Luke: Hmm, weird. I’ll follow up with you by email!

  23. Josh McHugh said
    at 12pm on Feb 15th # |

    6a’s TypePad is still not consuming OpenIDs, though. They should catch a little shit for that, no?

  24. David Weekly said
    at 5pm on Feb 15th # |

    PBwiki had better get off the Shitlist now that we’ve added OpenID support. :)

  25. at 8pm on Feb 25th # |

    Nice to see the “shitlist” posted here whittled down a little bit, although I’m not sure if the shaming had anything to do with it. I suggest a follow up post listing all of the OpenID providers who are not consumers. It has to go two ways if OpenID is to truly go mainstream.

  26. steve said
    at 5pm on Mar 24th # |

    Chris,

    Just an FYI, Information Cards have nothing to do with OpenID. The Information Card standard is another open standard often used to compliment OpenID provider functionality they address weaknesses in eachother. The most common issues is their resistance to phishing attacks. CardSpace is Microsofts identity selector for Windows. CardSpace and Information Cards may not be used interchangably.

  27. at 1pm on Apr 13th # |

    Hi Chris! Thanks for this excellent post.

    I’ve been doing a bit of probing recently. You may be interested in this recent thread on Wikimedia’s wikitech-l mailing list where I ask them about the state of their OpenID support, where the answer is “it’s possible”.

    There’s also this discussion I started in the lj_dev community on LiveJournal to ask the same question. At the time of writing, I haven’t received any answer from an employee of theirs. There’s also a link in there to a much earlier discussion two years ago(!) where, apparently, promises were made, but nothing happened. LiveJournal implemented partial support for OpenID consuming a long time ago, but never got around to the important part – letting us tie our OpenID and LiveJournal identities together. It seems like they don’t care, which is pretty ridiculous for the company that brought us OpenID in the first place.

  28. at 10pm on Jun 1st # |

    great article Chris still a way to go until we get there see my comments on http://www.davidwesson.weblog.com/

  29. N said
    at 7am on Mar 19th # |

    It’s ironic that http://wiki.openid.net is hosted by PBWiki which still doesn’t act as a relying party for openid auth.

  30. at 9am on Mar 19th # |

    Hmm, yes it does. Take a look:

    http://my.pbwiki.com/?p=openid

15 Trackbacks

  1. […] OpenID 2.0 last week along a massive video recap from the Internet Identity Workshop. This morning, Chris Messina, one of the loudest about OpenID has created his list of sh**, hit and wish for […]

  2. links for 2007-12-10 on Dec 9th at 9pm

    […] My OpenID Shitlist, Hitlist and Wishlist for 2008 | FactoryCity Since OpenID 2.0 is now out, these folks really have very little excuse not to get on board and make this happen (limited developer resources notwithstanding). (tags: openid identity) […]

  3. […] Listen inkluderer hjemmesider som Digg, Netvibes, Last.FM, PBWiki, Technorati, Wikipedia m.fl. Men tag ikke mine ord for det, læs selv  OpenID Shitlist, Hitlist and Wishlist for 2008. […]

  4. […] And for an update on OpenID see Chris Messina’s recent post. […]

  5. […] great. Now what? Adoption is going to be the key. Chris calls out his shit, wish and hitlist for 2008 and he’s dead-on. We’ll get there, but its this type of grassroots evangelism is what […]

  6. […] week, the final version of OpenID 2.0 was released. Chris Messina has a great post highlighting those companies who said they would adopt and support OpenID but have […]

  7. […] and Digg that have adopted this. Digg has announced support for it but is still on somebody’s sh*tlist for not following through. 5. OpenID Community formalizes: The OpenID community will formalize […]

  8. […] makes you nervous.  I agree that its fucked up and I applaud Chris Messina for putting them on his shitlist.  But you shouldn’t be surprised.  These are not leaders, but followers – and until they […]

  9. […] announcements to support it earlier this year but haven’t actually implemented it yet (see Chris Messina’s great post about […]

  10. […] to my initial euphoria but somehow I am reminded of last year when everyone and their mother made announcements to adopt OpenID. Just talk! Also let’s put things in perspective. DataPortability.org is a […]

  11. […] Digg also wants to support OpenID. It wanted to join this growing standard one year ago already but nothing happened. It’s unclear if it will become a provider, a relying party, or both. […]

  12. […] the way, Chris Messina has done an excellent job of monitoring these and other companies that have promised OpenID support but are yet to […]

  13. […] ?????Chris Messina????4????OpenID?????????????????????????????????????????????????????????????????Chris? CrunchBase Information OpenID Foundation Information provided by CrunchBase […]

  14. […] Mesina puts forward an in depth post articulating a shitlist, hitlist and wishlist around OpenID along with an […]

  15. […] available on bbc.co.uk, Stone explained. “However, at this stage, and wary of being named and shamed here, this doesn’t mean that we are going to immediately be offering OpenIDs on bbc.co.uk or even […]