Well, I guess it’s not that complicated, it’s neither Facebook being evil nor Facebook becoming the holy grail of the open standards community - it’s just “business as usual” where every party wins some benefits. Let me give you the big picture the way I see it behind this move of Facebook - I guess if you agree with me on that picture, you will also agree on the possible next steps we will see from this.

Facebook has received a very positive feedback from users and techblogs about the user experience they create with Facebook Connect. Anyway there have also been security concerns (phishing), because the user could be tricked about the real url behind the “login layer” of Facebook Connect.

The OpenID community was shocked about Facebook Connect first, and some were even speaking of “the better OpenID”. But then the OpenID evangelists decided to learn from Facebook - that’s why you see two goals for 2009 announced on Openid.net: user experience and security. The point is to give OpenID the same user experience as facebook connect, only with a higher security level.

Looking at what facebook connect provides as features, the main experience for the user is to login or create an account with a new site and immediately have his social graph with him: see his friends on the new service, invite friends to join etc.

From that perspective it makes no sense for Facebook to accept OpenId logins from people WITHOUT a Facebook account on facebook connect. They would have to register with Facebook first and connect all their friends there too.

So what we will probably see first, will be Facbook acting as an OpenID provider (yes, I know this sounds frustrating): that way their users can login to any OpenID enabled site AND Facebook can spread its facebook connect technology to a whole bunch of new sites too. While this will surely be a free option for every relying party, I guess the acceptance will be high: Accepting OpenID as a relying party is good anyway, but if this OpenID is even a Facebook OpenId, this is even more attractive. The relying party can not only access the users profile data but can even motivate the new user to recommend their service to his friends. What a great deal!

I’m pretty sure that this option will be a far more interesting argument for potential relying parties than just the single sign on experience of OpenID alone.

But wait - OpenID is moving on and becoming the basic element of the “open stack”. That way OpenId will be able to provide the same amount of data as Facebook Connect, just in a more open, standards based way.

Ironically this will probably be the reason why - somewhere in the future - we will see Facebook as an OpenID relying party too: as soon as the “open stack” becomes reality, Facebook has a lot of benefits from accepting OpenID registrations - the user can bring his complete social graph with him, immediately, even from his Gmail contacts or his MySpace account! Even more: with projects like http://activitystrea.ms, Facebook will be able to sync “external” activities with activities inside Facebook, all under their own privacy controls.

You see - it’s just “business as usual” - (big) companies have to see a benefit for becoming a relying party - and this benefit clearly comes from integrating the whole open stack - creating new user registrations with instant social graphs being ported to their sites.

The fight for users in the future will turn from “keeping users because of walling their social graph” to “keeping users because of the best features”.

Anyway - this is not the argument for e-commerce companies - here it’s more about added security to enable financial transactions - PayPal will clearly be the leader of this movement.

looking at the line up of big companies on the OpenID board, we will hopefully not see things slow down too much because of more difficult processes for finding agreements acceptable for all parties involved.

Moderated by Johannes Ernst the discussion led to the question if Orange wasn’t building a new walled garden for their users: By loosing their OpenID after leaving Orange they would also loose access to any of their accounts that they used with this OpenID before.

It was interesting to hear that Orange had already thought about this problem and decided to “not be evil”, which means that Orange still lets their former customers access their OpenID accounts after the contract has finished. That way the user can change his settings and move to another OpenID provider step-by-step without any hazzle.

This is definitely a best-practice example that hopefully other providers will follow.

The panel “pre-meeting” during lunchtime with (from right to left) Snorri Giorgetti (OpenID Europe), Ariel Gordon (Orange Telecom), Helmer Wieringa (Reed Elsevier), and …

… Thomas Huhn (lifestrea.ms, spreadopenid.org, openiddirectory.com), Johannes Ernst (Netmesh).

Kim Cameron (Microsoft) was late, but jumped right into the discussion.

Kudos to Christoph Ducamp for the photos.

That said, the most ambitious goal for 2008 should be converting these OpenID owners into OpenID users.

To accomplish this goal Carsten Poetter and Thomas Huhn have launched Spread OpenID today, a non-profit weblog dedicated to supporting users in finding ‘their’ provider (which can also mean finding out that they have one already) and understanding what the differences between the providers are.

The goal of Spread OpenID is to complement the official OpenID.net site with content that cannot be found there (at least not presented in the same way). The intended audience is the average internet user.

At this time the key feature of the site is an OpenID provider comparison that is built on a survey among a number of well known providers.

Spread OpenID starts with a good number of well known providers and will add more providers to the comparison chart in an ongoing process.

If you’re missing a provider on the list, just propose it to admin [@] spreadopenid [.] org.

Spread OpenID is thankful for every link love it can get, esp. from sites accepting OpenID logins and looking for a way to provide their users with an easy way to find ‘their’ OpenID provider.

Cheers!

Thomas

Check it out at openid.net

To be honest - I’ve been waiting for a big telco to make this move for a long time now, because adopting OpenID makes perfectly sense for telcos in general. Why?

Well, we’ve seen a lot of discussions around two questions. The first is “Can I trust my OpenID provider to not do evil things with my personal data? I mean with my profile, expressed by the sites I visit?”
This question is superfluous now, ’cause your telco already knows very well (even better than anybody else) what sites you visit, when you are online and often even with whom you communicate. The data stored for offering an OpenID service is really only a drop in a bucket.

The other question is “Does OpenID give me any means to identify who’s the real person behind that URL?”
Until now the answer was no. This changes significantly when telcos come into play: Your telco knows who you are, where you live and even your credit card number or bank account. It’s their business to provide you physical access from a real location and identify you as a customer by sending you invoices and receiving money from you.

This means that Orange OpenIDs are verified IDs of real people as a matter of principle. This new “quality OpenIDs” open up a whole new world of trusted services you could imagine as a usage scenario.

In consequence the same thing will happen with our attention data (think of http://attentiontrust.org). This means that Google, the company that started with the credo “don’t be evil”, goes back to its roots: they hand over the control over the users personal data back to himself again. This makes perfectly sense for their philosophy.

As Brad Fitzpatrick is one of the guys in charge of this project, I really hope that Google will demonstrate its openness by adopting the OpenID standard and connecting every Google Account to an OpenID URL, which will be the users central home on the web. By joining these masses of data together you could even call this the users online identity.

Even if my assumptions concerning OpenID adoption are to keen, this is really a big step, ’cause it completely changes the way internet companies are evaluated! Until now the first base for evaluations of web 2.0 startups was always the number of registered users. We clearly have to re-think this when user profiles are not locked up in silos any more.

The other question that has to be answered at Googles headquarters is what implications this new openness will have on the companies revenue stream. I can imagine that making use of the new Google API will be free in the beginning and maybe for non-commercial purposes, but in the long run they might charge some money for the usage. Just like they already do for the Google Adwords API.

BTW: no other internet company will be able to NOT JOIN Googles move in the long run, I guess this is almost needless to mention.

Funny that I posted about Google and attention data in the dev blog of YoWhassup.com just yesterday.
I guess we’re on the right track and I’m quite sure we’ll be one of the first companies to adopt the new Google API to our product.

YW is the first application that brings everything together what belongs together in Web 2.0: OpenID and Microformats, granular Identity 2.0 Profiles with sophisticated Control, Trust, an Open Social Network, Artificial Intelligence, Semantics, Webservices, Microblogging, Personalization, Attention Economy Techniques and Mobile Applications - all handled in one auto-updating Ajax-Dashboard.

Sounds like a ridiculous accumulation of buzz words, but it’s real and it’s almost there. We are giving away preferred private beta invitations to the OpenID community, ’cause we see OpenID as the basic technology for the next evolutionary step in the development of Identity 2.0.

If you’re interested in joining the private beta, just send an email to beta [ AT ] yowhassup [.] com.

Deeper insights in the application design of YW will be published step by step on the development blog over here.

YoWhassup.com is a project of Thomas Huhn and his team at Solution Media, who is also running The OpenID Directory.

In his well done summary Carsten gives an excellent introduction and steps through the questions “what is OpenID”, “where to get my own OpenID”, “what is a relying party” and “how does it work”. He also gives hints on obstacles that may occur using OpenID.

I think it’s important to have this positiv critical view from the outside, as it helps to sharpen the focus on the things to be done to reach a broader audience for the adoption of OpenID.

There might be much more OpenID enabled sites out there which do not know about the chance to have their site promoted for free on the OIDD, so please spread the word. The more benefit OpenID has to the users ( which is directly related to the number of sites they can use their OpenID with), the more traction the whole topic will get.

There’s only one restriction for the sites that will be accepted for the OIDD: they must have a working OpenID login (consumer) or they provide OpenIDs to their users (provider). The exception to this rule are software packages that provide OpenID functionality.

Cheers!