Who cares about OpenID awareness?

OpenID is becoming the open single logon standard, and all kinds of websites and web-based software are using it to allow people to use a single username and identity across all their services.

A while back, Yahoo! did some research on OpenID usability (PDF link) that a lot of people took to indicate that OpenID was too confusing. It was conducted with a test group of just nine Yahoo! staff, so recently Chris Messina decided to research awareness using a survey conducted on Amazon Mechanical Turk. In effect, he paid 301 people two cents each to answer some questions about OpenID.

Neither survey was hugely scientific, but Chris’s results were summarised as follows:

Combining some of the results, we found that:

  • of those who know what OpenID is, 14.81% use it.
  • of those who have merely heard of it, 6.9% use it.

Given there are over half a billion OpenID accounts in the wild, including some of the highest profile sites out there (Myspace! Yahoo!), it could be argued that this is bad news for the standard.

I disagree. One of the most important parts of a technical standard is the ability for end users to use it seamlessly, without having to worry about what it is or how it works. When you loaded this website, did you stop to think about the DNS, TCP/IP and HTTP protocols that made it happen? When you send an email, do you care about the structure of how it’s routed and the protocols servers use to pass it from source to destination? Very few people would answer ‘yes’.

Similarly, I’d bet that a lot more people know what a ‘feed’ is, or recognise the orange RSS icon, than know what RSS is. (Even then, feed subscribers are likely to only be around 11% of total web users.) It doesn’t matter; they don’t need to know how it works. The sign of good technology is that it just does. The linked post talks about promoting awareness of RSS in order to increase uptake, but in truth, the tools need to get easier to use.

Therefore, OpenID awareness in end users is neither here nor there. It’s very unlikely that an average end user will ever know what their OpenID is. Far more likely, sites will have custom login boxes that invite users to authenticate using IDs from supporting sites and providers that they’ll recognise, the way some are already beginning to do with things AIM accounts. In an ideal world, these login boxes will adapt based on your cookies and IP address (using a combination of serverside scripting, some clever JS and CSS) and suggest the logins that are actually active in your browser. Visiting Google Docs from your university network? Maybe one day it’ll prompt you for your university username – or even log you straight in, using OpenID on the back-end. This sounds like magic, but wouldn’t be massively hard to build, and could simplify users’ web experience instead of muddying the waters by adding another layer of complexity.

One response to “Who cares about OpenID awareness?”

  1. I find it somewhat ironic that I'm commenting on this post having signed in with an identifier that IntenseDebate describes as my "OpenID". If they didn't call it "OpenID", what should they have called it?

    Furthermore, you might have made the same argument about "email" years ago… and thankfully that happened or else we might be asking each other for our "AOLs, Prodigies and Compuserves" and we all know how relevant those "household" names are today.

    The point is, we need to call these special URL-based identifiers something, because NOT ALL URLs are OpenIDs. If I asked you for your blog address to sign in, not all blog addresses are OpenIDs; sure I can ask you for your AOL, Yahoo, Microsoft, Google, MySpace and other accounts — but one, that doesn't reflect the decentralized model of the web and two, is a list that EVERYONE is going to want to get on (and will probably use dirty tricks, as you suggested).

    As much as I don't want OpenID's inner workings to be seen by people, I think in order to enable the decentralization that's necessary for the protocol to thrive, we need to get people in the position where they can recite at least ONE OpenID-capable identifier (which will hopefully soon include email-formatted identifiers).

Leave a Reply

Your email address will not be published. Required fields are marked *