I read Joseph Smarr’s What an "RP" Wants presentation after reading Marc Canter’s account of the Facebook hosted OpenID UX get together that happened yesterday. While I greatly appreciate the work that Joesph Smarr and all the others are putting in on this issue, my main issue – an issue of Trust – continues to be ignored. That is…
I am being forced to trust the people who are sitting at the table, and frankly I want options.
I want a large ecosystem of OPs (Open ID providers) competing to provide me with the greatest level of service and earn my trust. Earn it.
Then I want the BigCos, as Marc likes to call them, to become RPs (relying partners) with the OPs that earn their trust.
Being an OP is a serious business – to be a good one you have to service both sides of the market – that means seamless UX from the user perspective, impeccable operations and data protection, and sophisticated, federated authentication with the RP, whatever platform they may be on.
Marc reminded me, that being an RP is a serious business too. It is, because it requires TRUST. I am not saying that Google or Microsoft should federate with any random OpenID Provider. I understand, and fully expect, that they will carefully vet the OP’s they Rely on. Microsoft has already dipped their toe in the water with HealthVault, as Angus Logan had pointed out to me a while back
So, I will get excited when Google, Yahoo, Microsoft, Facebook, MySpace and the rest become RPs that rely on OPs that are not part of their club. BigCo’s that exclusively serve as OPs seem to be simply making a play to “own” people’s identity credentials.