In an excellent sign of what’s surely to come, Technorati has adopted OpenID, at least for the moment, to claim your blog. This is a good first start and public display of support for this grassroots authentication protocol developer by Brad Fitzpatrick of LiveJournal, but until they fully support it to login to your actual Technorati account, this move serves only to whet the appetite.
But Technorati’s support does deserve recognition, as it is still early in the days of distributed single sign-on. Furthermore, the issues around remote login are many and require the involvement of and efforts from a wide range of diverse folks to help push through viable solutions for the myriad interface, user flow and communication challenges that this emerging standard brings with it.
I’m well aware of the concerns about phishy user interface vulnerabilities. The idea of logging in without a password may seem weird.
But that concern in and of itself should not prevent the continued building out of the OpenID network, especially as some smart folks are working on these, and other, thorny issues.
There are two things worth mentioning here as well.
First is that there was an agreement (perhaps a gentleperson’s agreement only) that stated that once Technorati added support for OpenID, LiveJournal would add support for microformats. Whether blog claiming constitutes “support for OpenID” as was intended by the offer is unclear, but it would be a rather positive development if LiveJournal did add support for hcard, XFN and other microformats.
Second, and more importantly, this example demonstrates the potential (I hate to say it) “longtail” value of support a decentralized authentication protocol like OpenID.
Consider this: let’s say that you blog on Blogger or on Yahoo! 360 or on MSN Spaces… as you probably know, each of the majors has their own authentication protocol (Google’s GAuth, Yahoo!’s BBAuth and Microsoft’s CardSpace, respectively). No doubt Technorati could add support claiming your blog using those protocols, no problem. But let’s say that you don’t want to play in one of those three de facto identity silos… what if you’re building your own independent blogging platform and want to offer authentication not provided by one of the Big Three? What are your options? What if you also want to use that same protocol to allow your users to have one login account across your other products?
Well, OpenID is designed to serve that purpose. In fact, you can run your own identity provider without needing to come close to the big three… and yet if did want to support them, work is being done (more thorny work I might add) to unify all your accounts into one OpenID that supports the big three. It’s highly unlikely, meanwhile, for the big three to do the same on their systems (for various appropriate reasons).
But here’s the thing: OpenID provides independents — individuals and small businesses — a way to play in the big leagues like the big guys without having to build the same kind of massive account infrastructure that they have. Furthermore, owing to the network effects of this standard, the more folks who consume and port around OpenIDs, the more valuable the network.
This is why we promote OpenID to all of our clients — as each one adds support for OpenID, all of our client’s clients (our real customers) can then log in and share their accounts across the services that our clients are building. This is a fundamental key to the non-zero sum economics that we preach! People like flexibility, they like control over their data and they like to be in charge of their identity and its destiny. That’s just good business. And the more that we decentralize identity and authentication services, the closer that control moves to the individual.
In the meantime, there is still much work to be done. But these small steps make a world of difference in terms of underscoring the value of this work.