Dare Obasanjo’s look at OpenID
As a bit of a follow-on to my last post, Dare provides his take (and some blockquotes from others) on OpenID here. Because of the picture I used in my post, I find his last sentence incredibly rewarding:
Only time will tell if by the time all is said and done, it won’t seem like we’ve been trying to shove a square peg in a round hole all these years.
As he mentions, OpenID was originally intended for people to put in a URL as their identifier, and honestly, I’m surprised that no one thought that maybe it would be nice to have a way to let people use their email address. If you are claiming to own a URL through OpenID verification, shouldn’t you also be able to claim ownership of an email address? Especially since a lot more people have email addresses than URLs (at least, that they know of).
In a link from Dare to the Google Code Blog, another of my unspoken (or hinted at) questions is answered:
One other question that a lot of people asked yesterday is when a large provider like Google will become a relying party. There is one big problem that stands in the way of doing that, but fortunately it is more of a technology problem than a usability issue. That problem is that rich-client apps (desktop apps and mobile apps) are hard-coded to ask a user for their username and password. As an example, all Google rich-client apps would break if we supported federated login for our consumer users, and in fact they do break for the large number of our enterprise E-mail outsourcing customers who run their own identity provider, and for which Google is a relying party today. This problem with rich-client apps also affects other sites like Plaxo who are already relying parties.
As someone simply reading the above paragraph, this seems like a fairly small problem of altering the backend to accept a URL as a username with a blank password and going to the OpenID verification from there. But as someone who writes code for a living, I know that just making a first decision about how to go forward with trying to fix this issue can be almost paralyzing.