So where better to launch the latest version of the leading OpenID plugin for WordPress—wp-openid—than Portland?
Will Norris, the lead developer of the wp-openid plugin, happens to be in town this week. And, as such, he has just announced that he will be launching wp-openid 3.0 this Wednesday at Portland Web Innovators “Demolicious!“, the new hip spot to unveil cool new tools here in town.
What does wp-openid do?
This plugin allows verified OpenIDs to be linked to existing user accounts for use as an alternative means of authentication. Additionally, commenters may use their OpenID to assure their identity as the author of the comment and provide a framework for future OpenID-based services (reputation and trust, for example).
So, if you’re a WordPress type who’s been using OpenID or who is interested in deploying OpenID on your blog, make sure to attend Demolicious! on Wednesday night at NEMO Design. Even if you’re just OpenID curious, I’d highly encourage you to attend.
Plus, as always, there will be some other cool stuff being demoed there, as well.
Look. You’re in Portland. Arguably the de facto hub of OpenID. So it happens. The OpenID soapbox is literally right here. I can jump on it at practically any time.
So yes, I’m talking about OpenID, again.
But this time, I think even the staunchest critics will find the discussion interesting. Because it solves a very common complaint.
You see, once you get past initial objections surrounding OpenID and the “we should push the value, not the technology” discussion—once you get into actually trying to convince people to use OpenID as a form of credential for online services—one criticism tends to pop up time and time again…
Why is OpenID a url? Why can’t OpenID be an email address?
Why does this complaint come up so much? Because email passes the “mom ‘n’ pop” test. As in mom ‘n’ pop are growing increasingly comfortable with the idea of having an email address. They “get it.” And they’re far more comfortable managing that type of address than they are managing a url.
Long story short, email seems easier to grasp.
And we’ve been so conditioned to plug an email address into the “username” box, that it’s almost becoming second nature.
The concept is simple. And congruent with current OpenID logins.
One box. One credential to enter. The basic difference being that you’re using an email address instead of url.
So how do you validate that you are who you say you are? Well, there are a couple of ways.
If you don’t have know that you already have an OpenID, you can just use your email address and Email to ID will create an OpenID association for you.
The first time you sign into a new site, Email to ID will send a validation code to that email account. (Much in the same way CAN-SPAM encourages people to confirm their membership on email lists.) Using the code, you can validate that the email address is, in fact, yours and that you are who you say you are.
If you’re already a typical OpenID user, you can associate your existing OpenID(s) and relying parties with an email address. This allows you to use the inherent security features of your relying party instead of having to check your inbox every time you want log into a new site.
Technically, what’s Email to ID doing?
Okay. I can see you geekily salivating over there. But I’m not going to try to explain it. Instead, I’ll let the people doing the work explain that:
Emailtoid is a simply a mapping service – we take a GET request to our mapper ( eg, http://email@example.com ) and return an HTTP redirect (a 302) to an OpenID. If the email address is not in our system, we create an OpenID account for the user on the fly. The user logs into the OpenID account by verifying his or her email address through a one time URL or confirmation code sent to that email address. The RP (relying party, the site that originally sent the request) then has the user returned to it.
Get it? Good. Explain it to me sometime.
All I care about is that it works. And it does. Quite gracefully. And that is technology as it should be.
So is OpenID “mainstream” now?
I don’t know that making OpenID mainstream should even be a goal. But I do know that making services and technologies more useful to the general populous should.
“Basically, OpenID is great, it’s a wonderful technology, but it can be a bit confusing to the end users,” said Richardson, lead developer for Email to ID. “Users are already trained to use email as an identifier, so this bridges the gap between email and OpenID.
“Ideally, this service will go away as all top level domains will implement their own mapping. But until that time, we provide a way for sites to have people to use OpenID through their email address. The barrier of entry into OpenID is significantly lower.”
Conceptually, this service marks a huge step forward for “bending the OpenID technology to the needs of the common user.” And as such, it could definitely be one avenue for introducing a new way of logging-in to a wider group of people.
But, whether the term or concept “OpenID” needs to travel along with that form of credentialing is still a matter of debate.
To paraphrase something that Kveton, who in addition to efforts at Vidoop happens to chair of the OpenID Foundation, often says, “My mom doesn’t says she’s going to go establish an SMTP connection. She says she’s going to go check her email.” Or to put it another way, “Sell the sizzle, not the steak—or Gardenburger, as the case may be.”
Make no mistake, this is progress for OpenID and its potential. And progress very much in the right direction for a very fledgling technology with a number of benefits.
I, for one, feel that—with Email to ID—one of the major gripes against OpenID is now a thing of the past.
And that means, it’s time to attack the next one. What’s next?
Last week, after reading Aaron Hockley’s call to implement OpenID, it got me to thinking: How many sites in Portland—arguably the de facto leader in OpenID development—and the Silicon Forest have actually implemented OpenID?
Well, thanks to Kevin Fox at Vidoop/ConfIdent and a number of other folks chiming in, we were able to gather the following list of 23 30+ velvet ropes behind which your OpenID will let you.
(NOTE: The list is by no means exhaustive. So if your site is missing, please comment, and I’ll add it.)
“We connect businesses and websites with each other and their customers using a wiki-based resource of millions of editable pages of information.”
“Find a green place to live or work. Discover green buildings in your neighborhood. Get recognized for your sustainability efforts.”
“ICANNWiki is a wiki whose goal is to create a free, valuable and ‘community’ neutral, global Internet resource containing information for all aspects of the ICANN ‘community.'”
“Claim anything! Yes, anything. If you have something to say, then make a claim and let the community vote on it. Make claims about yourself, friends, and family. Put your stake in the ground and see where the votes go.”
“It’s your career. You need to take responsibility for it. That’s why we built Kumquat. To help make it easier to get the feedback you deserve. Whenever and however often you want it.”
“Pibb combines the best features of instant messenger, chat, email, and bulletin boards.”
Portland Small Business
“PortlandSmallBusiness.com is a collaborative website, where members of the Portland small business community can go for peer advice and networking.”
Portland Web Innovators
“Portland Web Innovators is a technology-agnostic group where you can meet like-minded web people without the excuse of a networking-only event.”
“WTF is Treasurelicious? It’s a widget to show off what you treasure.”
“Using Twitter followers, Tweetpeek is designed to help anyone build a pulse-of-anything widget in a few easy steps.”
“So what is twurl designed to do? Well, at the very most basic level, twurl is a URL shortener that allows you to track clicks.”
“Velog is a simple place to log your bicycle rides and connect with others in the cycling community.”
Bonus: Any Marshall Kirkpatrick post on ReadWriteWeb (You can actually use it for any comment, but I had to find a Silicon Forest hook.)
Need an OpenID?
If you haven’t had a chance to use your OpenID (it’s highly likely that you already have one) or aren’t quite sure how to get started, you might want to visit Portland’s own myVidoop or MyOpenID to get going. A few short steps and you’ll have access to all of the sites above.
The problem, though, is that the Big Four Internet companies that I mentioned above have made big press announcements about their support for OpenID, but haven’t done enough to actually implement it. Microsoft has done absolutely nothing, even though Bill Gates announced their support over a year ago. Google has limited its support to Blogger, where it is both an Issuing and Relying party. Yahoo and AOL are Issuing parties only.
This is a tenuous position at best. For as much ground as we can cover from a grassroots perspective, it’s going to be exceedingly difficult to get anyone—beyond early adopters—to take on OpenID without the support of some of these bigger entities.
Without the bigs, there is no OpenID tipping point.
But the funny thing—not funny “ha ha,” but funny “sad”—is that all of these gigantic companies are struggling with one very similar issue that would be partially—if not completely—solved by an effective implementation of OpenID: bringing acquisitions under a common login credential.
Yahoo! throws its acquirees’ respective user bases into turmoil every time it asks them to move over to a Yahoo! ID. Google takes years in its struggles to get everyone on the Google credential system. Microsoft and AOL are no different.
To me, it seems obvious that OpenID could solve this issue, now and for the foreseeable future. And I can’t be the only one seeing that.
As hard as it may be for them to accept it, the bigs need to move away from their proprietary credentialing structures. They need to embrace concepts like OpenID and OAuth for what they can do to solve their problems, today.
In short, they need to let go and let OpenID.
For now, the jury is still out on when and how the big company momentum will fall behind OpenID in terms of something more than spin and lip service. But let’s hope that day is soon approaching. For all of our sakes.
I can tell you one thing: from a grassroots level, Portland is sure to be leading the charge. And we’re not going to slowing our OpenID fandom anytime soon.
Portland-based JanRain—a company that started as an OpenID play and has since morphed into the way to simplify distributed Web logins across the board—announced that they had closed Series A financing to the tune $3.25 million. The round was led by DFJ Frontier. Especially considering this round has been rumored to be in the works since this summer.