I’m a little late on this one, but it’s still worth discussing. I also apologize for the length of this post, but I had more to say than I thought!
A few weeks ago, some of you may have read this post by Jeremiah Owyang regarding his predictions for the future of social networks. The article makes several assertions, such as social networks will create open APIs in response to market pressure from Facebook, which makes a lot of sense. However, the most interesting thing that he predicts is that Facebook will become a major player in the identity game.
Facebook will launch an Identity widget that I can embed on my blog. This allows only those who have registered to Facebook to leave a comment, many high profile blogs will do this, to avoid nasty anonymous comments, thus reducing the incident of Kathy Sierra type events.
He also suggests:
Facebook will have faster adoption that Open ID, as the consumer users will drive it. (Remember the mantra of consider joining before creating communities)
Now, Jeremiah Owyang is not assigning any value one way or the other, merely making predictions based off of the trend he is observing. Facebook certainly is aiming to be a single web platform for its users, and moving into identity management would be a logical step in that direction. The Facebook API does makes this possible, and in fact their are some sites that already support using FB login credentials, like Ma.gnolia. Given the boom in popularity of FB, it seems natural that users would find this an attractive option. After all, we already have many poor benighted souls that eschew email for messaging within FB or MySpace, so it is logical that those individuals would prefer to manage their identity through one of those networks. It is also certainly demonstrable that the lack of anonymity reduces the amount of active trolling in communities (although this is more an argument for identity verification in general as opposed to a FB-specific observation).
All that being said, isn’t this a step backwards?
We don’t need another walled garden, where another corporate entity controls the keys to our online identity, and eventually more users are going to realize this. Thus, I suspect any trend towards using the Facebook API to provide authentication elsewhere is ultimately only going to exist in the short term, only to be superseded by more open systems. Dave Winer gives an excellent explanation of this in this post on user lock-in when he says:
Facebook could easily be the place where the dam breaks. It’s attracting so many users, who may at some point realize that they want control of the data that’s locked up inside Facebook.
That is exactly the issue with entrusting our identities to any single entity, because ultimately it comes down to a matter of trust. As users grow more savvy, they will trust closed systems less and less. Or at the very least, users will become more aware of how incredibly inconvenient the walled garden approach to personal profile and identity data is, as Justin Baum explains quite well in his post on redundant relationships. The future success stories of the web will be the ones that can solve this problem.
I turn to Winer yet again, because he explains it very well:
A vendor will come along and they’ll store your identity but give you complete freedom to move it where ever you want when ever you want at no cost. They’ll make it easy to do so. And they’ll get rich doing it, if they want to.
Why?
[…]
It’s the basic trust proposition of the Internet. People will only trust a service that gives them complete freedom to come and go as they please. Further, they’ll want to come back if you send them to cool places. It’s why people like Facebook today, and why they’ll be tired of it tomorrow, if it only sends you to places within the Facebook silo.
The key to building these future successes is developing and using decentralized protocols like OpenID, and utilizing simple semantic markup such as microformats or even more complex syntax like FOAF. OpenID allows for a truly decentralized identity system, which allows you to switch identity providers on a whim, or even run your own. For more info on OpenID, I recommend you start by checking out Simon Willison’s excellent screencast on using OpenID. Microformats and FOAF provide methods by which you can describe people, relationships and other objects in such a way to be machine readable, but comprehensible to human beings, which opens the possibility of importing/exporting relationship and profile data between various services automatically. We need convenient and open ways of managing our online identities as well, and there are some very smart people out there who have already made some initial forays into that area.
In a later post, Jeremiah Owyang acknowledges:
I realize that Open ID is one solution, but let’s get realistic, it’s not being adopted because it’s too geeky, maybe they need a marketing evangelist, or a mass consumer tool will need to be birthed. Please note, I’m not opposed to the tool, I’m just looking at the market around me.
Owyang is right on the money here, in that these services need more simplistic tools for implementation and more effective evangelism. Currently, the focus of these projects has been marketing the idea to other developers, and they have been succeeding in getting quite a few technical folks pretty fired up about it. Now it’s time to really focus on bringing it to the attention of the masses. Firefox 3 will have built-in support for detecting and utilizing microformats, as well as supporting OpenID which will go a long way towards raising awareness and usage of those methods of describing information. Lightweight and interconnected (maybe even interchangeable) social networks are clearly the future of the web, and these technologies, or their descendants, are the keys to creating them.
None of this is to say that services like MySpace and Facebook are doomed. Quite the opposite, both of these networks are uniquely poised to write their brands into the history of this shift in web technology. If they can let go of the lock-in business model and focus on developing with these budding technologies, they can be situated as central points of influence in the future web, rather than eventually fading into obsolescence, as many a closed system has before them. Turn user profile pages into OpenID identity providers, and offer the ability to use already existing OpenIDs for either new accounts or to associate them with existing ones. Utilize microformats and open APIs to encourage user freedom, and as a result, build brand equity as well as increasing user loyalty.
Users don’t want a walled garden, they want an open field. It’s time to give it to them.
(Comment Feed For This Entry)
This entry currently has 13 comments. You can leave one too, if you like.
Posted on Sunday, August 5, 2007 @ 20:03 CDT
Great analysis, thanks for doing this, I’m glad that others see our points too.
Posted on Sunday, August 5, 2007 @ 20:17 CDT
Wow, you don’t waste any time!
Thanks, Jeremiah. As you can tell, this is a subject I’m becoming more and more passionate about, and with these types of technologies emerging, I think it is a very exciting time to be involved in new media and the web in general.
Posted on Sunday, August 5, 2007 @ 20:38 CDT
I suspect that any comment I leave here is already in discussion on our Pownce thread. That said, great post.
Posted on Sunday, August 5, 2007 @ 20:38 CDT
sigh okay, http://pownce.com/creepysleepy/notes/433901/
Posted on Sunday, August 5, 2007 @ 20:44 CDT
Sorry about that, but I do warn you in the form directions that you have to use Markdown for formatting and links. I can strip out malicious code that way. I fixed your link in the last comment.
Posted on Sunday, August 5, 2007 @ 20:59 CDT
By the way, if you click “Preview Comment” you can always see how Markdown is going to format your comment when you post it. Just a tip.
Posted on Monday, August 6, 2007 @ 07:59 CDT
Darnit, some of us can’t get to that pownce discussion… so maybe it’s a good idea to post it here somewhere?
Posted on Monday, August 6, 2007 @ 08:52 CDT
Hi Uno, unfortunately the Pownce discussion ended pretty quickly, as it moved to a phone call, so there isn’t much in the way of new information in it. That being said, I can post the gist of it here, although I’m not sure how much it will add.
Pownce Discussion
And… cue my phone ringing.
Posted on Monday, August 6, 2007 @ 16:22 CDT
rebuttal to “users don’t want a walled garden, they want an open field”… sorry, they don’t want either. they want better products.
jeremiah’s criticism of OpenID is right on target… it’s a solution in search of a problem. the real problem most people have is not that they don’t have centralized identity & auth systems, it’s that they’ve forgotten their password for the umpteenth time.
open standards do not drive mass consumer adoption. better products drive mass consumer adoption.
when “open standards” solve a problem that lots of people have, then they are relevant. otherwise, they aren’t.
more on this rant here: http://500hats.typepad.com/500blogs/2007/08/facebook-not-fo.html
Posted on Monday, August 6, 2007 @ 18:34 CDT
Because they don’t have single-system for identifying themselves, and have to remember passwords for every site?
Certainly, I agree with you that better products are what drive mass consumer adoption, and the average user doesn’t care when you talk about “centralized identity and auth systems.” They don’t care how it works, but just about every non-geeky user I’ve talked to likes the idea of a single-signon system that they can change whenever they want. They like the idea of being able to just log in to any site without filling out a long registration form. They don’t understand how it works, but then again they don’t understand how their logins work now, so it’s really a wash.
As I mention in the post, the real problem with OpenID adoption is that the focus has been marketing it to developers, which is great, but it’s time to take the evangelism to the masses. More and more projects (Wordpress, Drupal, Plone, donetnuke) and companies(including, but not limited to, Technorati, 37Signals, Ma.gnolia, AOL, Microsoft, and Sun) are adding OpenID support. Libraries, pre-written apps and documentation are reaching the point where adding OpenID consumer support is almost trivial. More and more sites are starting to express data in microformats and at the end of the year support for both microformats and OpenID are coming home in the form of the browser.
There have already been successful profile imports and exports using microformats and as people spend more and more time online, and net services become ubiquitous that kind of portability is going to become attractive to users.
No doubt, the market at the moment doesn’t place as high a value on organizing identity, because the majority of users either aren’t aware or aren’t concerned about that issue, but I’ll argue that it is going to become a bigger problem, one that people are going to grow aware of, and almost certainly they are going to become concerned about it. Verifying and controlling identity is going to be a huge issue in the near future, and just because the people don’t understand it now, doesn’t mean we shouldn’t be striving to build up a framework to help manage it.
After all, user Joe Schmoe didn’t care about email, the web or social networking when it first appeared on the scene, so I don’t think we should conclude that because the issue isn’t on the radar of the average user, that it means the issue is “solution looking for a problem.”
Posted on Monday, August 6, 2007 @ 18:34 CDT
heh, forgot about my 3,000 character limit for comments
So, since I’m going on so long, I’ll conclude with this. In principle, I agree with you. What I am saying though is that people are seriously working on this, its got backing from big companies, the interest of web developers and that eventually someone’s going to present us with a full implementation. I think that it’s inevitable at this point, and that it is going to be better, because users will be able to do whatever they want with it, even if that means taking their stuff elsewhere. Maybe no one will understand that at first, maybe it will flop horribly the first time someone tries it, but I don’t think so. I think it’s something to strive for, and the result will be an open field of wild innovation, not a “barren desert” outside the walled garden.
Posted on Tuesday, January 29, 2008 @ 21:54 CST
Can I suggest that for any of these to be ‘easily adopted’ into ‘simple quality products’ it should be easy for the developers to add. For example I’ve just tried setting up as an Open ID provider, adding an account, then pulling details from a successful post info a web page. - sounds easy but it ended up being very time consuming!! - like days not hours!!! Who ever makes it the easiest to get integrated will win as they will be the ones splattered all over the internet - take apple ipods as an example - simple and everywhere so everyone uses them however in the old days they were not the best product out there. In general people are sheep and will use whatever is most convenient - at the moment it’s still having 50 different logins and passwords (or 1 / 2 that they use everywhere on the web). - Another thought for half of these sites - are you sure you need users to login????
Posted on Tuesday, January 29, 2008 @ 23:07 CST
@simonc: Sorry to hear you had problems setting up OpenID on your server. Am I correct in understanding that you set yourself up as your own provider as opposed to delegating to an established provider in your headers? Because at this point that can be a little complicated (I find the PHP libraries particularly tricky to work with for OpenID). However, it is ridiculously easy to set up your site via delegation. For example if you have an identity profile at a provider, you can have your site delegate to it in two lines of HTML code. I think that’s pretty easy, and setting up consumption for OpenID on this site was pretty easy, mostly thanks to Simon Willison’s Django OpenID Consumer. However, you are correct, we need more and more awesome tools and libraries like that to help spur adoption.
I tend to agree that there are a lot of sites that require logins for no reason, although if sites really want to provide customized experiences for users it’s really the most practical way to go about it, which is why I like OpenID. I agree though, I hate sites where I need to login just to leave a simple comment or have base interaction with the product. I prefer value-added logins. For example, I don’t require a login to comment here, but if you do use an OpenID account I give you the watchlist to better track your conversations (plus maybe some future features I’m still thinking out).
Thanks for stopping by and sharing your thoughts.