OpenID, and making glue
This originally was a response to a message posted by Chris Messina to the OpenID mailing list.
Since the original conversation that spawned OpenID, I’ve observed the rise of real identity versus obscuring it behind a [nonsensical] username @ someservice.com.
The fact is, the OpenID non-pattern has overwhelmingly ignored in favor of standard email + password signup. Hearteningly, the user experience of registration has been largely normalized. There are observable and copyable best practices here, that require neither a spec nor educating the user.
Basically, OpenID—as it is now—is irrelevant.
There were major lessons learned, but they were social rather than technical. The original problem that OpenID was conceived to solve has been supplanted by services like Disqus, Intense Debate and TypePad Connect.
The non-problem that OpenID [2] was intended to solve was putting a user in charge of how (and if) their identity online was centralized.
I say non-problem because it was already solved. Most people overwhelmingly didn’t care, and the people who did—knew how to set up multiple email addresses or use different usernames/passwords.
If email was invented today, it’s not to hard to imagine that we’d grant permission for a service to send us email using a mechanism similar to OAuth. Communicating with someone (or thing) via their preferred channel is just another ACL.
So OpenID won—not because it was the solution, but because it helped us understand the fundamental interaction problems that previous auth systems failed to address.
We didn’t build a better horse, but we did make some good glue.