See my previous post on Web 2.1: How OpenID will rescue Web 2.0 where I wax lyrical on how great it will be when I can have a single ID and use it everywhere. Well, I still think it is a good idea, and I still think it is the right approach, but I am considerably more disappointed about the level of support.
The asymmetry of the support bugs me. It seems that there are many providers who say “yes, our ID’s are open IDs” but then they don’t accept anyone else’s open ID. WordPress is one of those. My wordpress ID is an open ID, but I can not use any other. Obviously with this kind of support, I can’t just have one OpenID, which is the whole point.
I recently hit a Web 2.0 service I use occasionally — I will keep them anonymous for now — and noticed a new “Log in with OpenId” button. Great! This is what I am looking for. I have a log-in ID there, but this would be my chance to ditch it, and use my open id instead. I click the button, and what happens is not what I expected.
I use MyOpenID.com, which asks for a confirmation, so did so, and then got another screen saying that the application was asking for some additional information. Seems fair enough to share a little information about myself, but I was more curious about what kind of information it was using. I clicked OK, and then I was presented with a standard “register” screen with a few of my details filled in. Not sure why I needed to do this, but I will go along with it. I do expect the application to keep a couple of details about me, so no problem.
Then it told me “that user ID already taken”. Apparently, the service was not really using my openId as an ID at their site. Instead, they use the openID provider just as an aid to set up a local account. They should realize, that only the full OpenID is guaranteed to be unique. Using a value from my provider as a local ID is not guaranteed to be unique, and therefor is not a good ID.
Conclusion: To let people access a site with an OpenID, you have to actually use the OpenID as an ID. There is no short cut, and ironically, there is nothing easier either.
By the way, after I wrote the Web 2.1 article, I saw a great talk by a speaker at SOA World on the subject. I asked for the slides, but have not gotten them yet. He pointed out some potential problems, and I hope to cover them here .. when I get those slides