15

Scott Hanselman (alternate link) suggested in a twitter tweet on November 18, 2010 that "OpenID might be Dead".

OpenID is Dead

If this were true (I'm not saying it is), what other options are there for universal sign-in (similar to OpenID)?

further info

I'm currently involved in a pretty good sized project, and it's public facing log-ins are completely OpenID driven (Using DotNetOpenAuth). If this is going to be too challenging for users (as per the comments made around Scott's original tweet), I'm going to need to know of some GOOD alternative solutions... if there even is one.

Any information would be appreciated.

edit

To clarify and rephrase. I'm not trying to launch a debate on "WHAT IS THE NEXT BIG THING"... I'm simply asking "What is there to take the place of OpenID, should it be dead". I'm also NOT saying that I think OpenID is dead, but merely asking the question based on a comment made by a well respected developer.

addition

As @marc pointed out in a comment. There is a pretty good rant/blog post by Rob Conery titled Open ID Is A Nightmare where the Rob makes some pretty compelling arguments as to why OpenID is not desirable. I have to agree that I don't want to be wasting a large amount of time recovering accounts for my users, my time is better spent in other places.

So back to the original question. What is there for alternatives? Is there a better "standard" out there that is "open" yet doesn't fall apart if a provider decides to change something? (changing API's or encryption logic for example)... but also one that can span across multiple providers and still recognize a single user?

Community
  • 1
  • 1
Chase Florell
  • 46,378
  • 57
  • 186
  • 376
  • Facebook login API :| just kidding!!! – Filipe YaBa Polido Nov 20 '10 at 02:06
  • you gotta admit. With FB being one of the most user-intensive sites out there. It's not a bad idea to allow users to login with their FB account. I just want to be more flexible than that. – Chase Florell Nov 20 '10 at 02:07
  • Next thing is existing service providers such as Google, Facebook etc. –  Nov 20 '10 at 02:08
  • but my site uses Google already using OpenID via DotNetOpenAuth. So isn't Google "using OpenID"? – Chase Florell Nov 20 '10 at 02:11
  • 1
    Hey close/down voter... This is hardly Subjective/Argumentitive. I'm not asking for a debate on this is "THE" thing, just looking for what alternatives are starting to pick up steam instead of OpenID – Chase Florell Nov 20 '10 at 02:24
  • 1
    I don't understand what people tweeted on that link. Someone posted "everyone seems to want OAuth these days". They probably don't understand that OpenID and OAuth are two complementary protocols. @rockinthesixstring: Yes, Google is using *both* OpenID and OAuth. – André Caron Nov 20 '10 at 02:27
  • 23
    Some Microsoft employee wrote on Twitter to disparage a technology that's not controlled by Microsoft? Yes, absolutely, you should rush right out and make important business decisions based on this information. – Mike Baranczak Nov 20 '10 at 02:28
  • As per [this SO answer](http://stackoverflow.com/questions/802729/oauth-openid-neither-which-one-should-my-site-support), OpenID is for user identification and OAuth is more for Data Interaction (API's). – Chase Florell Nov 20 '10 at 02:29
  • @Mike, I've +1'ed you because it's the truth. I'm not saying I'm making important business decisions based on this. But asking questions isn't a bad thing. All I want to do is make "educated" decisions. – Chase Florell Nov 20 '10 at 02:30
  • @Mike: what's with this gratuitious propaganda? Any idea if it even really *is* a Microsoft employee? – André Caron Nov 20 '10 at 02:32
  • 2
    @André - Scott Hanselman **is** an Microsoft employee. – Chase Florell Nov 20 '10 at 02:34
  • 1
    Oh yeah! I just checked out his blog :-) It's just that the last time I checked, they didn't need to diparage a technology that's not controlled by them. They just come up with their own similar standard. And that's what they did with with Windows Live ID. – André Caron Nov 20 '10 at 02:38
  • I added a link to Scott Hanselman's blog for anyone else who wants to find out who this guy really is. – Chase Florell Nov 20 '10 at 02:42
  • hmmm... some haters out there don't think this is a valid question. – Chase Florell Nov 20 '10 at 02:44
  • 7
    OpenID dead? When is my Stack Overflow account going to stop working? – Kevin Stricker Nov 20 '10 at 02:45
  • 2
    If you weren't also reading Rob Conery's tweets (which @shanselman's was a reaction to), and especially his blog post -- http://blog.wekeroad.com/thoughts/open-id-is-a-party-that-happened, the concept is entirely out of context. – Marc Bollinger Nov 20 '10 at 04:03
  • 4
    Windows Live Id is not exactly Microsoft trying to compete with OpenID, since Windows Live ID is an outgrowth of passport, a single sign on technology started before some of you were born. – keithwarren7 Nov 20 '10 at 04:03
  • 37
    @Mike Baranczak whether I agree with Scott on OpenID being or not, he is generally very open to technologies that aren't Microsoft-specific. Does he have a vested interest in Microsoft? Sure! But his tweet offered absolutely no marketing advantage for Microsoft, so what difference does it make if he's from Microsoft or Joe Blow Software Inc.? If you disagree, fine, but it's foolish to discredit an opinion simply based on their employer. – senfo Nov 20 '10 at 04:08
  • 3
    Not only Microsoft Employees think that OpenID is at least a nightmare to implement, mainly because Google had a totally broken implementation that was widely used by users. I don't know if they fixed it in the meantime, but I think that Rob Conery's criticism is spot on for the most part. As a User I like it, but only because I use my own domain as delegation. If I were to start a new WebSite, I would certainly not use it or ANY Single-Sign-On technology. – Michael Stum Nov 20 '10 at 04:09
  • Just read another tweet by @Jaykul (twitter UID, not SO UID) "What cracks me up is people who think that if #Microsoft wanted to kill #OpenID their action would be to convince @shanselman to talk trash." – Chase Florell Nov 20 '10 at 04:41
  • **None** of the "Close Voters" left a comment. Not only that, but I don't think they even **read** the **whole question**. – Chase Florell Nov 20 '10 at 14:59
  • Side note: if I could have my dream implementation of an "Open" ID, I'd want the following--- I can sign up with Provider A with Email 1 and Provider B with Email 2, and so on. I can then link the ID's at the provider (*instead of how StackOverflow links them in the StackExchange*), and then use any/all of my logins interchangeably throughout **all** the sites I use. – Chase Florell Nov 20 '10 at 15:35
  • 4
    @rock: Your edit and clarification *state* exactly why this question has no place on SO. Saying *"I'm not trying to start a holy way, but should I use emacs or vi?"* would get shot down just as fast. You have (1) based the question on a hypothetical fact not in evidence (that OpenID is in trouble; and note that there are distinctly mediocre technologies out there that just won't die), and (2) ask for a recommendation on the best replacement technology. – dmckee --- ex-moderator kitten Nov 20 '10 at 20:17
  • Not saying "what should I use"... just asking "what's out there / what are others using" – Chase Florell Nov 20 '10 at 20:36
  • 2
    @rock: Your own comment above: *"So back to the original question. What is better?"* – dmckee --- ex-moderator kitten Nov 20 '10 at 20:42
  • 2
    @rock. I voted to close. take this to [programmers.stackexchange.com](http://programmers.stackexchange.com). You are not asking how to implement an algorithm. You are not asking for help debugging code. You are not asking about a language feature or how to achieve some concrete goal with a specific implementation of a specific framework. This has no place on SO. – aaronasterling Nov 21 '10 at 04:48
  • 1
    Are you serious? There are countless questions just like this here on SO. Not only that, but programers. is relatively new. Not to mention that your attitude is offensive. – Chase Florell Nov 21 '10 at 05:29
  • Why then are these questions not closed? [Best non CSS WYSIWYG Editor](http://stackoverflow.com/questions/483984/best-non-wysiwyg-css-editor) or [Best LaTeX editor for Windows](http://stackoverflow.com/questions/270121/best-latex-editor-for-windows) or [Good Free Alternative To MS Access](http://stackoverflow.com/questions/29044/good-free-alternative-to-ms-access) or even [Alternatives to .NET provided apis regarding uris and urls](http://stackoverflow.com/questions/3525258/alternatives-to-net-provided-apis-regarding-uris-and-urls) – Chase Florell Nov 21 '10 at 05:36
  • @rockingthesixtring. Thanks for the list. When my close votes reup in half an hour I'll give them a visit :) – aaronasterling Nov 21 '10 at 23:29
  • 1
    I really don't see how Scott Hanselman being employed by Microsoft has any relevancy. If Miguel de Icaza had asked would people be saying its Novell trying to push something? – sclarson Nov 22 '10 at 01:50
  • @sparks: If every controversial opinion expressed on a bog of tweet was meat for a Stack Overflow thread we'd be slashdot. – dmckee --- ex-moderator kitten Nov 22 '10 at 02:44
  • 1
    again. The question isn't to debate Scott's tweet. It's to ask about alternative quality solutions to OpenID. – Chase Florell Nov 22 '10 at 02:57
  • @rock: Dude, it doesn't work that way. People are coming to this "question" because you quoted the tweet in the title, and the leading (by a mere factor of 9, mind you) answer is a refutation of the claim in the tweet. Whatever your intent you *have* started on argument about the future of OpenID. – dmckee --- ex-moderator kitten Nov 22 '10 at 06:10
  • @Rock your examples are all correct; The two that weren't wikis are ones now. They are also from back in '09, which is before programmers.SE.com arrived. StackOverflow isn't static; its largely driven by the desires of the community. So, unfortunately, there isn't a rulebook that states unequivocally what is and what isn't allowed. For example, take this question. A year ago, if you had asked it and made it a wiki, you might have a couple complaints but it would be okay. Now, not so much. I understand your frustration, but it is what it is. –  Nov 22 '10 at 13:21
  • Thanks @Will for being objective in your comment. I get where you're coming from. The reason for the tweet quote was to give some basis for the question. I could strip everything else away and ask "are their any alternatives to OpenID".. but I fear some of the down vote nazi's would still protest. – Chase Florell Nov 22 '10 at 15:37
  • @Rock actually, it would be [closed as duplicate](http://stackoverflow.com/search?q=alternatives+to+openid), lol. –  Nov 22 '10 at 16:25

3 Answers3

60

In my thoroughly subjective personal opinion, OpenID is not dead precisely because there is nothing there to take its place.

oAuth is often mentioned but that is completely orthogonal. OpenID is for humans logging into machines, oAuth is for machines logging into machines on behalf of humans.

My fear is that it is going to be replaced with a proprietary technology like Facebook Login, Yahoo! ID, Live ID, etc., which would leave people like me who don't want all their sensitive information shipped off to a country with frankly less-than-third-world-level privacy standards unable to login.

Jörg W Mittag
  • 363,080
  • 75
  • 446
  • 653
  • 8
    So..you wrote this in 2010. What do you have to say [now](https://support.google.com/accounts/answer/6135882)? – mpen Jan 26 '15 at 00:58
  • 6
    2017: Even StackExchange stopping support: Dead. https://meta.stackexchange.com/questions/307647/support-for-openid-ends-on-july-1-2018?cb=1 – susanoo chidori Mar 06 '18 at 18:17
  • 2
    @susanoochidori 2018 – silvascientist Mar 09 '18 at 01:18
  • 3
    OpenID is dead because there is something that took its place: [OpenID Connect](http://openid.net/connect/). – poke Mar 11 '18 at 02:07
  • 2
    Only if I could upvote this answer 10 times precisely because "which would leave people like me who don't want all their sensitive information shipped off to a country with frankly less-than-third-world-level privacy standards unable to login." I can only agree so much that 3 years down the line, people chose convenience over privacy; and voila, FB/Google propritary technology is, alas, now a norm. – BhaveshDiwan Jul 29 '20 at 07:55
4

The fact is that if Open ID dies it will be because it's perceived as confusing for users.

That being the case, the replacement is clearly just custom logins -- it's way easier for all those poor confused users to just use the same password on every site ;-)

Amusingly enough, I think the difficulty is mostly because websites keep presenting users with 65 different buttons for every OpenID provider they know of instead of just asking them to remember a URL. Oh well.

Jaykul
  • 15,370
  • 8
  • 61
  • 70
2

Check out WebIDs http://esw.w3.org/Foaf%2Bssl

You can go create your own at http://foaf.me

You can see what one looks like by looking at mine here http://foaf.me/darrelmiller

Darrel Miller
  • 139,164
  • 32
  • 194
  • 243
  • So how does it prevent the problems as described in http://blog.wekeroad.com/thoughts/open-id-is-a-party-that-happened? –  Nov 20 '10 at 04:48
  • 1
    @pst Well for one, it does not provide a place for providers to put ads therefore there will be less of a "land grab" to be a provider. Maybe this time we can learn from our mistakes and teach people how to use URLs as their logins instead of remembering who their provider is. – Darrel Miller Nov 20 '10 at 13:42