Today, Google announced a single sign-on solution that is powered by OpenID. This is certainly a fantastic bit of news, and comes on the heels of Microsoft's announcement of their intention to support the standard. In addition, Chris Messina wrote an excellent post yesterday on how we can overcome the usability problems that have marred OpenID to help the spec succeed, and how e-mail address support is critical to the success of the standard.
I completely agree on the importance of enabling e-mails as a valid OpenID, and believe that we should ultimately empower the user to enable the identifier he or she most strongly identifies with. At MySpace, we are uniquely positioned to work with OpenID because we have a user-base that already thinks of themselves as being represented by a URL. If you ask any MySpace user what their vanity URL is, there is a very good chance they'll know it. However, beyond us and the blogging community, most users from major OP's don't know what their URL is, even if many of them actually already possess an OpenID. That is why, even with the excitement around Microsoft becoming an OP, a user with a valid OpenID doesn't equal a user leveraging their OpenID. It is this disconnect that e-mail-based OpenID can help to alleviate. Further, we need to be flexible enough to include other identifiers that might emerge, such as cell phone numbers.
It is this eventual freedom to use the identifier you identify with as your OpenID that necessitates that the foundation take a more proactive role in marketing. It is only once the brand has been strengthened that users will understand that their URL, e-mail, or type foo identifier is something special. people know they have a credit card number, and they know who gives it to them, even if they aren't being expressly asked for their "Visa" or "Mastercard". we need that type of recognition.
With today's announcement by Google, while I am excited to see them get behind OpenID, I am troubled by some of the implications. As I indicated earlier, I am completely in favor of allowing e-mail addresses to be valid OpenID's. My concern is over the user-experience that Google is promoting for the product. The user interface they are promoting not only omits OpenID, but also is pushing e-mail address as the only identifier. While this is certainly elegant, it could potentially hurt the OpenID community by fracturing the identity provider space. E-mail-based OpenID's are great for the major mail providers, but clearly it doesn't help URL-based identity providers. I worry that this will create a rift, and also possibly make URL-based identity providers second-class citizens. As I've said before, if RP's think this is the ideal model, then, to riff on "Animal Farm", we have created a world where all OpenID's are equal, but some OpenID's are more equal then others.
This is again why it is critical that OpenID become a stronger brand, so that we can help move away from these problems. Clearly Google is doing what is best for their users; there is no question that they are proposing an elegant model. However, I do worry that if a majority of RP's decide to implement Google's recommended user experience, that those of us with URL-based identities will be left behind.
This is certainly shaping up to be an exciting couple of weeks, and am hoping that all of us, as a community, can come together to solve these fundamental problems of usability so that our users can be as excited about this technology as we all are.