OpenID Middlemans

Apparently the invite-only OpenID meetup at Facebook took place tonight. The fact that it was held at Facebook points to a shift taking place in the OpenID world. What’s coming is obvious: somehow retrofit Facebook Connect into OpenID architecture. Repeat after me. Yes, we can.

Facebook Connect can become a OpenID middleman, serving attribute-enriched OpenID to consumer sites that selected Facebook as its OpenID supplier. OpenID middlemans solve two key OpenID usability issues as well as opening up the potential to solve some privacy issues.

The first usability issue the middleman solves is the need to type in OpenID URL by replacing the URL input box with a button saying Signin with OpenID or a branded version like Facebook Connect button.

The second usability issue is users forgetting which OpenID they’ve used at a OpenID consumer site. Site can save that in a cookie but that opens up privacy and taste issues, particularly since consumer sites will be less trusted than OpenID supplier services like Facebook and Google.

The middleman can also support anonymous personas for users to minimize privacy issues but, to do so, they’ll have to provide bridging service between the sites and the real identity to meet the needs of consumer sites.

Who will be the players? Facebook and Google, of course. Throw in MySpace, Yahoo, Microsoft, and AOL as well. I reckon security, payment, and infrastructure companies to come in too, late of course. Now, they are all OpenID providers but, to act as middlemans, they’ll have to also act like OpenID consumers to either pass on third-party OpenID identity or return a proxy identity. IMHO, it’s a very small price to pay IMHO since only oddball users will choose to do so.

Yes, it’s going to be a party night and, when the dawn comes, small OpenID providers will just fade away like old soldiers, taking the name with it too and leaving behind only big name portals and social networks wrapped in brand names.


4 thoughts on “OpenID Middlemans

  1. Don states “Now, they [FB, Google, …] are all OpenID providers but, to act as middlemans, they’ll have to also act like OpenID consumers to either pass on third-party OpenID identity or return a proxy identity.”

    Is that true? Can’t they be asymetrical OpenID providers? That is to say allow smaller 3rd parties to use their (the bigger players) OpenId servers to validate customers, but not accept OpenID identity credentials from any other OpenID provider.

    If I was FB, Google, etc. that is what I would do, but I have been accused of being “evil” from time to time.

  2. I think it’s a matter of “what can they offer to users so they’ll ignore complainers crying foul?” Most small OpenID providers don’t have rich metadata associated with their OpenID, so another option is to ‘wrap’ source OpenID with middleman’s OpenID along with rich metadata on the wrap.

    Note that some small OpenID providers will have valuable metadata. For example, banks and brokers as well as any Yodlee-backed services (like Mint and SafePage) will have access to personal wealth metrics which can be attached to OpenID secured with double-blind service.

    There’s a lot of options as well as ways to get tarred and feathered, exciting and terrifying at the same time.

Comments are closed.