Late in the 90s, the web began to evolve from static brochure websites to a more community-driven and participatory structure. This trend coalesced with the advent of eCommerce and online bill payment. Suddenly, the average web user had dozens of accounts at different websites, each with a distinct username and password. Or worse, users jeopardized their online security by recycling the same password across a number of sites.
For online businesses, this password fatigue problem has resulted in lost conversions and missed engagement opportunities for years. OpenID was established in 2005 as a grassroots solution to this problem. The notion was that users gain security and convenience when they can access their favorite websites with a single, portable identity, and websites eliminate registration friction and acquire more users as a result.
With the help of a passionate developer community and collaboration from companies like AOL, Google, Yahoo! and Six Apart, Janrain has been instrumental in driving the evolution of OpenID from specification to internet-scale technology. We’d like to take a look back at how OpenID has matured since its inception six years ago, and discuss its ongoing role in shaping the future of online identity as a critical part of an ecosystem of protocols supported by Janrain’s solutions.
A Look Back at OpenID
Let’s be honest – early implementations of OpenID circa 2005-2007 were a bit intimidating for most consumers. These implementations first required web users to create an identity with a third-party OpenID provisioning service such as myOpenID or myID.net, and enter their identifier (a unique URL) in a blank text box on a website’s sign-in page. The screenshot below is an example implementation of OpenID in its infancy.
For most users who have been around email for over a decade, the interface was a barrier to adoption. Many struggled to grasp the concept of an identity as a URL, and the blank text box became a canvas for confusion.
Fast forward to March 2008, when the Janrain team advanced the market by launching a major enhancement to the social login experience. Rather than asking users to remember their entire OpenID unique identifier, the widget below simply asked users to click their preferred identity provider and enter their username with that service. Based on this prompt, the widget automatically built the user’s full OpenID identifier and kicked off the authentication process.
But this was simply a UI layer on top of a site’s existing OpenID implementation. On a technical level, most of these implementations relied on a discovery flow that is known in the space as claimed identity – the user tells a website her unique OpenID identifier, and the website then needs to make a backchannel call to determine the identity provider and begin the authentication transaction.
But during that year, three major developments occurred to position OpenID as a viable internet-scale technology. First, the Janrain team worked with a group of community developers to co-author the OpenID 2.0 specification. This bound data sharing protocols such as Attribute Exchange (AX) to OpenID, enabling an OpenID authentication transaction to pass demographic profile data and email addresses to websites rather than just a user identifier. Second, companies like AOL, Google and Yahoo! came on board, leveraging the OpenID standard to turn their millions of user records into portable web identities. Lastly, the Janrain team again moved the space forward by launching the industry’s first and only turnkey social login solution.
Where OpenID Stands Today
Janrain Engage launched in October 2008 and radically simplified the process for websites to support social login and OpenID. Rather than spending weeks or months learning and installing complicated libraries, the solution abstracted the disparate protocols used by each of the social networks and email providers into one simple API. In short, Janrain Engage has cut deployment times from weeks or months to merely a day.
In addition, a significant change in backend discovery flows has also facilitated adoption from consumers. Whereas legacy implementations from 2005-2008 relied on the claimed identity flow previously described, Janrain Engage introduced a more intuitive button-based interface that employs an OpenID discovery flow known as directed identity. In this flow, the user simply needs to click a button for her preferred login provider, and the website then makes a call to that provider to kickoff the authentication, verify the user’s ID and retrieve profile data.
Today, OpenID is thriving as an underlying technology to power social logins. OpenID is baked into almost every Janrain Engage deployment across more than 350,000 websites. On many of these sites, it is presented as a branded sign-in option for tech-savvy users who choose to delegate their portable identity through an independent third-party service or run their own OpenID server. The screenshot below depicts the option to sign-in using OpenID via the Janrain Engage social login widget.
For those sites that choose not to expose an OpenID button in their Janrain Engage widget, the technology is still at work “under the hood” powering social login for popular networks such as Google, Yahoo!, AOL, Flickr and PayPal. Every social authentication with one of these providers through Janrain Engage leverages OpenID under the covers.
The Future of OpenID
For OpenID to sustain its success, it doesn’t need to become a household name. Nor should the viability of OpenID be judged by whether your grandmother can articulate its meaning. As a critical underlying technology for social login, OpenID can be likened to HTTP or RSS. Ask the average web user to describe the Hypertext Transfer Protocol, and his eyes will likely glaze over. Why? Because tools like the web browser were developed to abstract the complexities of HTTP. And tools like Google Reader have made RSS technology consumable for the public.
Similarly, social login tools like Janrain Engage abstract the complexities of OpenID, making it extremely easy for websites to enable social login and for consumers to understand and use it.
OpenID is also positioned for continued success because Janrain and the developer community are fully committed to open standards and interoperability. OpenID is a building block for data sharing protocols such as OAuth, Activity Streams, Portable Contacts and Backplane, all of which have been adopted by various social networks and rolled into Janrain Engage.
And new enhancements are building on OpenID as we speak. OpenID Connect is an emerging standard that blends the best elements of OpenID and OAuth 2.0, a token-based data sharing protocol used by Facebook, Twitter, LinkedIn and others. On the backend, OpenID Connect replaces the traditional OpenID authentication flow with an enhanced OAuth 2.0 flow that uses an ID token to access additional profile data from an identity provider with the consumer’s consent.
Extensions such as webfinger and Janrain Login Helper are further reducing complexity by introducing email discovery for social authentications, whereby a user simply enters her email address to kick off a discovery flow that determines the desired identity provider. Janrain’s solutions will naturally support each of these new protocols and enhancements as they become available, eliminating the need for ongoing maintenance.
OpenID may never achieve universal brand recognition from consumers, but that won’t stop it from playing a central role in the future of the web. As long as recognizable brands like Google and Yahoo! continue to support the technology and consumers see the value of leveraging their social identities to access sites across the web, OpenID has a bright future.