I helped lead a session on Saturday at iPhoneDevCamp on the topic of OpenID and Oauth (a new protocol a group of us have been developing) to a packed room of developers, designers and interested parties.
My basic premise was that if you’re going to be developing an application for the iPhone that has any kind of account or social functionality that you should dispense with creating yet another identity silo and instead make use of OpenID. Among the reasons I cited:
- Safari on the iPhone doesn’t have a password manager like 1Passwd and won’t be able to import all the Firefox passwords you’ve been recording for years. And, as mobile web browsers become more powerful, remembering web service account credentials will become more important (and more of a burden). Better to make it easy on your customers — one OpenID url, one username and password.
- if you’ve logged in with OpenID on a web service on your desktop or laptop and have set your provider to always allow you to login in automatically, logging in on the iPhone will require you to only login to your OpenID provider and then enter your URL once for every web service that you want to login to. This means that you avoid the challenge of invisibly typing in your password over and over on the error prone touchscreen keyboard.
- The ability to cross-polinate authenticated data using a combination of OpenID and Oauth while remote will be increasingly valuable, especially if the expectation is that applications are going to be entirely web-driven. When you’re dealing with desktop apps, you’re operating off a harddrive with known permissions; when you’re passing between web apps, the permission model is radically different and, just as when you go to check out from Amazon you always have to authenticate, developing patterns for this experience between web apps needs refinement. OpenID can help smooth out that interaction.
Lastly, there is work going on (okay, I’m doing it so far) to make the OpenID login experience on the iPhone (and elsewhere) trump any kind of old school login system available. This obviously needs a lot of work and new thinking (maybe instead of authenticating by typing a password you have to SMS a unique shortcode, etc) but I think your money should be on OpenID if you’re going to be developing account-based web applications on the iPhone — or — generally.
Factory Joe 
OpenID totally makes sense for mobile apps, period. Less characters to input = easier use.
Has there been discussion about if it is appropriate to use something like useragents to detect the requesting device and adjust the openID authentication mechanism appropriately? Whatever the mechanism is, it should minimize “keystrokes”.
I’m excited to see this evolve, it’s just as smart as the “one portable login for every small business service I use”.
I’m glad that OpenID already works great on my iPhone. MyOpenID keeps me logged in so I don’t have to type my password and I just bookmark my OpenID enabled sites with my site, Highrise ex (https://josh.highrisehq.com/session?openid_url=http://joshpeek.com/), and it automatically logs me in everytime. Great!
Cheers to your efforts! I hope that app developers will heed your advice and use OpenID on all their apps especially ones built for the iPhone.
I have screwed up my password a bunch of times on the iPhone virtual keyboard. You essentially have to start from the beginning each time you screw up.
I never really understood the usefulness of OpenID until now. Great article!
Besides a new push towards Ajax, I think that OpenID is definitely one of the major winner technologies with the release of the iPhone.
Keep up the good work ^^