2008-10-31 04:49:15.0
Want to alienate and confuse your users? Consider Open ID for your next authentication scheme. Fortunately we have Yahoo (god bless 'em), mysteriously oblivious to their shareholder obligations with plenty of time to spend on usability studies --providing actual observable proof of something that is common sense to anyone with a friend or family member who doesn't know or give a fuck what Web 2.0 means.
This pretty much sums it up:
"Our test subjects were several experienced Yahoo! users... None of [them] had heard of OpenID before, and none of them even noticed the OpenID sign-in box displayed below the traditional email/password login form on the site."
In other words, if you're building a site where a significant percentage of your users are from somewhere other than San Francisco, or who's primary source of income is non-tuition-based, I would recommend avoiding Open ID altogether. It is practically useless as an optional authentication method.
If Open ID made sense it would have garnered some form of mass-appeal by now. It is clearly an evolutionary dead end. When you're reading this in 2020, I'll still be smirking.
So what then?
Although the un-washed masses are apparently incapable of understanding the utter brilliant masterwork of philanthropic engineering that is Open ID, they seem to recognize the potential benefits of a distributed authentication system (or is Open ID centralized? What if your Open ID provider spends too much money on usability studies, runs out of money and goes dark? It's too confusing to know for sure), which I admit, resembles something an engineer might acknowledge as a legitimate idea.
"...we explained OpenID to them, and they all recognized the value of being able to easily sign into a new site without having to create a new ID and password. They also appreciated the potential of using their Yahoo OpenIDs to automatically verify their Yahoo email address without having to do manual email verification."
Fair enough, but a simple REST API to Yahoo's back-end would have actually been useful--simply formalizing what can already be automated with some clever scraping mechanisms. Yes, give me your Yahoo username and password and I can programmatically import all of your data. This is already possible. What the Open ID cloud dwellers fail to acknowledge is a (albeit informal and somewhat legally questionable) distributed authentication system has been in place since the emergence of the first multi-user web app. Open ID is a solution to a problem that doesn't exist. It's Premature Optimization at its best and most entertaining.