OpenID – What’s in it for me?

OpenID

I am a strong proponent of Open Source efforts, and was excited with the prospect of integrating OpenID into List Central, but as I got into the ins and outs of OpenID it became clear that OpenID would not be worth the effort.

I entertained the idea of forgoing the standard username and password login for OpenID for about a day. I quickly rejected this idea as List Central needs each user to have their own List Central username to be able to cleanly participate in the social aspects of the site. I was left with the option to use OpenID in conjunction with my own username system. From my research, it seems that using a hybrid of the two is currently the most common practice, as observed in many StackOverflow threads.

Usability is HUGE for me. I want my users to have a smooth experience on List Central, which means no hoops too jump through, or at least very few hoops.  The idea of creating some sort of hybrid between OpenID and my own username system made me itch. How would it work? Would I force my users to go and get an OpenID if they don’t have one? Make them go through the process of choosing one of many OpenID providers, of whom they have never heard of, go through this third party site’s sometimes confusing process, all for the privilege of saying they own the URL http://username.random_openid_provider.com? What do they need that for anyways? I own http://road2nowhere.myvidoop.com, but only use it for logging in to Twitterfeed. I constantly forget the URL, and how to login.  What good does it do me really? I feel no benefit from my OpenID account with MyVidoop, and honestly feel annoyed when I have to deal with that account.

At this point I’ve boiled down OpenID to two concepts in my mind:

1. OpenID allows a user to prove that they own a URL
2. This URL can be used to login to OpenID enabled web services

Good. I’m getting somewhere. For the sake of the user’s experience, I’ve ruled out option 2 for List Central, but what about option 1? List Central does have a user profile section where the users can share links to their websites. I could use OpenID to enable my users to prove that they own the URLs they want to list on List Central. Ok, this could be good. A couple of days of reading OpenID documentation and getting into the coding of it all, my head cleared: Why the hell do I care if my users own the sites they’re listing in their profile? It really doesn’t matter to me it they send traffic to sites that aren’t theirs. All of the effort I was putting in to OpenID was setting me up to make my users jump through hoops, and for a very silly reason: to prove something I don’t care to know! In addition to this, my users who’d like to link to sites that do not support OpenID, such as myspace or self hosted sites are shit outta luck. I dropped OpenID on the spot… for the hoops that it would make my users jump through, and for the hoops it made me go through as a developer; integrating OpenID in a web application is not a trivial task!

I can see the virtue behind the OpenID effort. Having a unique username and password for every site one frequents does get messy. Each of us has many pairs to remember. I, like everyone I’m sure, has had to go through the pain of password guessing when I lose my browsers remembered passwords. I too have cursed an innocent site when my favorite username has been taken and I’m forced to add some random number on the end. Cleaning up this mess is a noble effort.

On the flip side, OpenID is a little scary. I can help but fear of Orwellian Big Brother fate for the web if OpenID were to sweep the web and all logins were handled with OpenID. Yes, OpenID has multiple providers, very many at this point, but really, who is Myvidoop and what is to stop Google from buying them. Even if OpenID doesn’t snowball into the worst case scenario, I am still a uncomfortable with having one agency out there knowing what sites I use, as well as what my login credentials are.

To summarize, I have made the executive decision to not integrate OpenID in List Central because:

• OpenID cannot be a suitable substitute for my site specific username and password system
• A hybrid of OpenID and my username and password system requires that my users go through too many hoops
• I do not need my users to prove that they own a URL in order to display it on their profile page
• Integrating consumer side of OpenID is far from trivial
• OpenID stirs fears of Big Brother when thoughts of how it may grow are considered

I welcome you try convince me otherwise. Are there some deal making benifits to OpenID that I have overlooked? As it stands, OpenID will not be employed on List Central 1.0, but there is always List Central 2.0.