The Paradox of Progress 1

by Don Thibeau

I was a close reader of the commentary from Scott Gilbertson of Wired’s WebMonkey and some other posts of late. I appreciated the historical context the Forester Analysts provided; noting that when OpenID appeared on the scene, more robust solutions based on SAML under way in scenarios involving limited circles of trust — typically point-to-point enterprise scenarios — rather than consumer use cases.

History belongs to those that tell it, but I subscribe to the narratives that identity providers adopting OpenID opened the door for users to click on a button that identifies their preferred identity service for logging in at a relying-party site and are continuing to influence the development of new solutions and best practices for federated identity, trust frameworks and the like. It’s natural at this stage in its evolution that many are unpacking OpenID’s value proposition in light of the meteoric rise of Facebook Connect. Forester’s commentary “identifying the U.S. government’s support of OpenID as an important marker and noting OpenID Connect as an important way forward” and notes that “OpenID may well be that it was ahead of its time, but that hardly makes it a failure.”

The most recent blog reports of OpenID as deficient or dying assume an ever upward trajectory of adoption. The real world is different. My rear view mirror reflects an inevitable ebb and flow to any standard adoption process. While Facebook Connect’s adoption is phenomenal, it can overshadow the natural back and forth of standards development seen in recent experience in both OAuth and OpenID. All this is to say the OpenID Foundation’s role in driving a broader understanding of and improvements to the product is a critical success factor. The OIDF’s AB/Connect Working Group’s work can be pivotal in addressing the newer use-cases posed by users like Facebook and Government.

Certainly, international expansion is a key to that broader understanding and the product’s path forward.  As a community we look to new leadership from Kick Willemse and Axel Nennker to bring a EU perspective to our work. We will be co-hosting our first OpenID Summit in Tokyo later this year. The Google team is considering the same for China. The 2011 OpenID Summits are both pacing items and forcing functions. Pairing OpenID Summits with other industry gatherings and collaborating with organizations like Kantara and the ITU mobilizes the resources of a global community and corporate participation. The leading by doing commitments of Google, Microsoft and Facebook and the example of PayPal’s hosting the upcoming OpenID Retail Summit gives us early positive indications of progress. Guessing the trajectory of any internet standard is both science and art. I tend to delete my responses to the ‘OpenID is a nightmare’, ‘fails to cure cancer’ commentary.

For my part, the question is not “What does OpenID mean?” It is rather, “How is OpenID influencing internet identity around you?”

Don Thibeau
Executive Director, OpenID Foundation