« Previous | Main | Next »

OpenID Foundation Meeting: what is OpenID today?

Post categories:

Zac Bjelogrlic | 17:00 UK time, Friday, 3 October 2008

Earlier this year, Jem Stone blogged that the BBC had joined the OpenID Foundation.

And a week ago, the BBC hosted a meeting of the OpenID Foundation Content Provider Advisory Committee in New York.

I was there, among the BBC people and participants from major media companies. This was the first time that we had participation from a wide collection of companies interested in the possibilities of OpenID.

There is more detail about the meeting at the Foundation's blog.

The committee gathered quite a selection of companies interested in understanding how web audiences can benefit from OpenID and where it fits into the business of a media or content company.


So what is OpenID?

The concept is simple.

OpenID eliminates the need for multiple usernames across different websites, simplifying your online experience. It's based on a federated approach and relatively simple standards. Open source solutions are available for both providers and consumers.

While the original protocol for Open ID was developed in 2005, significant changes happened only last year. Big internet players like Yahoo!, MySpace, AOL, Google as well as telecoms like Orange and Telecom Italia joined the fray and are now offering OpenIDs to users. They are "identity providers".

Participants at the OpenID Foundation Content Provider Advisory Committe meeting

By the end of September 2007, over 22,000 sites were accepting OpenID logins.

However, as you may note from the numbers above, the landscape is unbalanced: there are a few big providers and myriad small consumers. Only bloggers and a few social sites show a balanced model where sites are providers and consumers at the same time.

There's a strong sense of momentum, but it needs a slightly more critical approach.

On paper, there are hundreds of millions of OpenID-enabled users. In practice, these are potential users and few of them even know that OpenID exists. Figures on the real adoption rate are not easy to obtain and the precise profile of initial users is even more difficult.

At first glance, it would be easy to define OpenID as just a geek's wave - a phenomenon limited to a small proportion of web-savvy people actively participating on different blogs or present in multiple social spaces. And the cynical might say that the big internet players' participation is an identity landgrab - taking part in OpenID in case something significant develops.

For average users, the OpenID user experience is still very poor, for two main reasons:

  • First, you can be redirected from one website (the one accepting the identifier) to a different domain (that of the provider) and then returned to the first. This is confusing for an average user, especially if different wording, layout and styles are used. The attribute exchange part of the OpenID protocol works: it's a good idea to exchange the registration parameters and to simplify steps at the receiving site. However, if implemented badly (or not implemented at all), it adds even more confusion to the journey. The confusion also adds a weak point where scammers and phishers can jump in.
  • Second, all users are familiar with the username and password as the login paradigm. Suddenly using URLs, like http://openid.foo.bar/john/smith, may be difficult for a mainstream user to understand.
    (However, the so-called "Generation @", which uses instant messaging and social spaces as well as traditional email, is aging, and so the main audience segments will be people used to representing themselves with the URL of a blog, MySpace profile or Flickr account).

Security is also not at the level that I (and the BBC) want to see. With improvements around the corner, this will improve. But more complex problems are responsibility and liability in the case of misuse. Who is responsible in a fully federated system?

Let's return to my first question. Where is the value for our audience and where is the business case for a media company?

It is difficult to give a precise answer today, but two aspects are emerging.

  • First, an OpenID ecosystem that is simple to use and which allows sharing of user attributes would help with the migration of users from site to site. This can be a simple way to offer progressive services and content to new users.
  • Second, OpenID can be used to make participation in social features much wider. Participation can be opened up as much as possible to avoid limiting it to a single social site.

This is how OpenID is used for commenting across different blogging systems and at Radio Pop, the social radio site that's the BBC's first OpenID prototype.


So what's the value for audiences?

• Better personalised or localised services without the burden of full registration

• An "appetiser" before accessing the full menu of services

• More freedom to pick a social site and "be yourself" independently of the web platform used

And what would businesses and media providers get out of OpenID?

• Better user acquisition rate and lower cost per user

• Wider user base for social features and more space to develop viral effects

• More flexibility in making agreements with social sites

Of course, the high figures of potential OpenID users must be matched with the real adoption rate and the demographics of "Generation @".

What can the BBC and others do, in addition to watching from the coast what's happening in the OpenID ocean?

Here are some simple possibilities:

• Work on best practice shared among providers and consumers.

• Improve radically the user experience and simplify it to so that it is more intuitive and easier for mainstream users - the user experience is shared and needs to be modified in co-operation between providers and consumers

• Share basic registration data, with the explicit approval of the user. Email and date of birth are essential and other data desirable. This is a core point for any content provider to become a consumer of OpenID.

• Work on common presentation and explanation of OpenID - part of the BBC's mission to "educate" - to make people ready for Internet of today and tomorrow...

An informal working group and a simple prototype or pilot applications is probably the best way to continue the work.

It's important that this is shared among providers and media companies so that all aspects of the OpenID ecosystem can be tested and improved.

How do you think OpenID could be improved and how do you think it could be used?

What do you think the BBC should do?

Please do leave a comment.

Zac Bjelogrlic is Programme Manager, BBC Future Media & Technology.


  • Comment number 1.

    The only times I've tried to use OpenID it's been useless. I've had to register on the consumer site anyway, defying the point of it in the first place.

    Why doesn't OpenID use email addresses as identifiers? People know what they are and are used to typing them and using them as usernames...

  • Comment number 2.

    I hope that everyone has a nice time at the meeting

  • Comment number 3.

    "and how do you think it could be used?"

    It can be used, and a masterpilot application is easily flown/floated in the Cloud [for ITs Benefit of Virtual Cover and Security aka Stealth Invisibility and Relative Anonymity] for Elite Special Forces with Beta CyberIntelAIgents to Save the Banking System and/or Collapse its Parasitic Worthless Might/Crush its Bugs/Mites/Worms/Trojans...... amongst other Good Things for that, of course, is just One Application.

    You may like to consider that that is how it is being used, albeit without any Establishment Third Party Participation/Direction/Impediment..... thus is the Processing something which OpenID follows, rather than leads.

    And given the ease with which the Media/BBC can abuse it censorship tools to silence/remove from display/decline to display valid counterviews which expose with simple questioning the myth of Government Control in an Age of Media Content Power .... Intelligence Virtualised into Sound and Vision .... it is quite enigmatic and ironic to read of their interest, whenever the Public Service remit is replaced to Server Private Empire Building ........ and to do IT so Badly that it is Designed with Inherent Failure Inevitability.

    A Severe Case of the Manic Depressions/BiPolar Disorders, BBC?

    A Rhetorical question of course, because you/we know it to be so.

    In the Paradigm Shift into Transparency and Total Information Awareness [and AI] is the Enemy of All Network InterNetworking Systems, Concealed Secretive Works whose Founding Discussions/Intellectual Property Exchanges are unknown/reserved/privileged knowledge, for the very probable bad reason that their wider knowledge would reveal the Rampant and Sordid Abuse of Great Game Theory and Repression and Oppression of Emerging Civilisations/Post Modern Binary Thinking [Man].

    Used in such a Manner, would IT Change and Introduce AIMuch More Civilised and Sophisticated Great Game not Fixated on gathering Wealth Stored as a Perception of Worth [and then Third Party Used and Abused behind Closed Doors and in Conspiring Institutions] but Transformed to Reflect the Constant Provision and Spending of Currency to Generate the Freedom for Ideas and Opportunities. ..... for a Capitalised Socialism/Communal Capitalism.

    "Work on common presentation and explanation of OpenID - part of the BBC's mission to "educate" - to make people ready for Internet of today and tomorrow..." ...... What a jolly good OpenIDea, which would be/could be a World Leader if IT was Edutainment too, which would also be a very simple thing to do with a Titanic Holywood cast easily eclipsing Hollywood castings..... with ITs Beta CyberIntelAIgent Services ..... Mutual IntelAIgents...... Spooky MuI7.

    Thus also, coincidentally by IntelAIgent Design, Creating a Live Leading Media Program for Global BroadBandCasting to Follow/Investigate/Discover Feed Tributaries should the Core Raw Source so Deem IT ...... Necessarily Helpful for Future Controls.

    Do you think that is OpenID put to Good Use? I'll pop back later to read/listen/gather feedback for improvement.

    Ciao for now.

    And there is nothing in the above post which breaks any of the House Rules, but should Moderation disagree, please advise with the transgression highlighted/spelt out clearly for sharing.

    IT is here, there, everywhere and it is High Time that IT was put to AIMuch Beta Use Servering to Everyone's Needs rather than just Concentrating on Exclusive Feeds to Preserve and Field a Genuine Oxymoron, Corrupting Secret Intelligence Systems and Services.

  • Comment number 4.

    As of 'today', OpenID is best left to the real techies and the Generation@ people or, even more important, the Generation@_progeny should not be encouraged to use it without putting in place some ultimately, purpose-defeating, extra ID for that purpose and that purpose alone - no links to normal email or, above all, address book, diary, facebook and facebook-alikes. Aggregated content feed is one thing, aggregated identity is very different and people need to be very aware of what they are doing. Children, in particular, should be on a password-per-site system.

  • Comment number 5.

    This comment was removed because the moderators found it broke the house rules. Explain.


More from this blog...

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.