BrowserID: Will it Succeed Where OpenID Failed?

Monday Jul 18 2011 | 22 Comments

The Mozilla Identity Team  recently released BrowserID, a user-centric identity initiative that uses email as the identifier. The Drupal community, typically quick to support open identity protocols, released support within 24 hrs, which shows how easy it is to implement.

If you read my recent post on the OpenID Foundation, you will know I am disappointed in the direction of OpenID. I am encouraged that BrowserID has many of the core features I was hoping would emerge in OpenID v.Next. There has been a reasonable amount of online coverage of BrowserID, what it is, and how it compares to OpenID. I’ll focus on what I think are important issues that I have not seen covered. 

User-centric

Unlike OpenID Connect, BrowserID is user-centric aka Identity 2.0. With the demise of InfoCards and the service-centric approach of OpenID Connect, it is encouraging to see the emergence of user-centric proposals. While in some ways subtle, I think this is an overlooked feature.

Email as Identifier for Others

There has been plenty of discussions on the pros and cons of using email as an identifier. There is an important pro that seems to be missed. It is the only widely adopted, non-proprietary identifier for other people. When you want to share information or communicate to someone online, we usually have an email address for the other person. With the rise of sharing online as supported by Zuckerberg’s Law of Social Sharing, critical function of an identity system is how we identify other people.

Will BrowserID Succeed?

At IIW 11 I led a session on the Decline of User-Centric Identity  which tried to cover reasons why InfoCards and OpenID failed to provide a wide spread, user-centric identity solution.

Business Motivation: While the idealists amongst us are keen to promote the “Open Web”, the business reality of running a website will trump idealism for most sites. The BrowserID web site answers questions about how to implement BrowserID, but punts on why an Identity Provider should implement and there is no mention on why a Relying Party will implement. Without appropriate financial incentives, there will be no widespread adoption. The financial incentives of course tend to be indirect: my site has less friction for user registration, I have a deeper relationship with my users etc.

Open Web: Facebook, and to a lesser degree, Twitter, are becoming the defacto identity services on the internet. I currently don’t see any motivation for either Facebook or Twitter to adopt BrowserID — they have their own identity systems which strengthen their respective positions as critical internet infrastructure. While idealists talk about the virtues of “open”, the business driver behind “open” has been to unseat incumbents. As a non-profit whose raison d’être is to ensure the web is open, it is clear why BrowserID came from Mozilla. But why would any of the other players participate? To succeed, the BrowserID community needs to figure out how to bring in enough other players that are motivated to have an alternative to Facebook and Twitter.

Non Browser Support: The web has evolved since the introduction of OpenID. Support for non-browser applications has become critical with the explosion of native mobile applications. Authenticating a user on a mobile device is more cumbersome than the traditional web SSO challenges, and a good solution to mobile SSO can gain significant traction because of the current pain. A number of us in the identity community have commented that if a good solution to mobile SSO emerges, that likely will become the web SSO solution. Unfortunately, BrowserID has been positioned as a web SSO solution, and the lack of native client support is an issue. While BrowserID has many of the right attributes, it may not succeed because it does not solve the new, emerging pain points.

Putting Sxipper Down

Thursday Mar 31 2011 | 294 Comments

Today we are informing all users of Sxipper that we will be shutting down the sxipper.com servers and not updating Sxipper to Firefox 4.0.  The writing has been on the wall for a while that Sxipper might be put to rest and it was a hard decision to make. It has been over two years since Sxipper has learned any new tricks, and with the release of Firefox 4.0, we can’t justify teaching Sxipper about the new platform.

I looked for a new home for Sxipper. There were discussions with Microsoft when I was there and Google after that. I talked to complementary add-on companies as well, but alas, no suitable home could be found and the team has moved on to other opportunities.

Sxipper was conceived at Sxip Identity by Keith Grennan as a means of transitioning user from using passwords to an identity protocol. By providing users with a graphical interface that enabled them to click on the information they wanted to share to existing websites rather than having to type it in, the transition to an identity protocol such as OpenID could be seamless to the user.

In addition to Keith: April Allard, Tim Baur, Johnny Bufu, Peter Eller, Pooya Karimian, Jennifer Harland, David Huska, Michael Oswell, Calvin Liu, Lori Pike, Darci Robinson, Weston Triemstra, Chris Turra, Graeme Worthy, and Roger Zimmermann (updated: and Barry Ferg) contributed directly to the development of Sxipper. Everyone of you should be proud of what we accomplished with Sxipper.  (my apologies to anyone I have not acknowledged, drop me a note so I can provide the recognition you deserve)

I’d also like to thank the many members of Vancouver’s web 2.0 community that gave us invaluable feedback on the pre-release. As a young puppy, Sxipper initially was somewhat misbehaved and would show up where he was not wanted. Fortunately, the initial Sxipper users gave us lots of constructive feedback, and the team successfully trained Sxipper to be more respectful in user interactions. At the peak, there were over 100,000 active users of Sxipper.

Sxipper’s initial home was at Sxip Identity. Unfortunately, a few of Sxip’s investors were unwilling to cooperate in a restructuring of Sxip (more on that in later post), and I was forced to place Sxip into bankruptcy. Some members of the team transitioned to Sxipper’s new home: Sxipper, Inc. Roger, Calvin, Michael, David, April, Tim and Jennifer all kept working in some way on keeping Sxipper alive for the past 3 years. Michael DeSandoli helped considerably in the administrative transition. Sxipper and I thank each of you for all your effort in preparing his new home, and keeping Sxipper alive the past three years. Even though Sxipper is being put down, you did a great job and more than I could expect to keep Sxipper going.

The ease of use in filling in forms and logging into sites that Sxipper pioneered has yet to be duplicated by any of the competitive products. A high bar was set, and I hope for the sake of internet users everywhere, that the lessons Sxipper learned are remembered and become part of everyone’s internet experience, and that a little bit of Sxipper continues to live on.

UPDATE

There are a number of comments asking to open source Sxipper. Just uploading the Sxipper code to an open source repository and hoping someone picks it up would be like leaving Sxipper at the hospital entrance hoping someone would save him and find the funds to operate the sxipper.com server. Sxipper’s demise should be done with honour.

It would be great if a group of people gathered together and were committed to a open source project around maintaining and operating Sxipper. I’d be very interested in a proposal that would enable Sxipper to get a new life.

 

 

 

OpenID: Identity Service or Identity Platform

Thursday Dec 16 2010 | 2 Comments

At the last OpenID Foundation board meeting I gave the presentation below. I had hoped to have posted this sooner, but my dearth of video skills meant recording to video was significantly harder than creating the presentation — which was non-trivial itself. Unfortunately Joseph Smarr and I will not be on the OIDF board this year due to some confusion on when nominations ended. While I will miss being able to contribute to OpenID at the board level, I won’t miss the politics.

But back to the presentation. I have been trying to articulate my concerns with OpenID Connect, and this presentation captures my current thinking. OpenID Connect is not a user-centric architecture. It is a useful identity service, but it does not enable an identity network that could be a generative platform for new kinds of digital identity claims to be created and consumed. This is why user-centric identity is important — it enables us to create an identity platform instead of an identity service.

Is OpenID Connect the Future of Identity? Similar to Jonathan Zittrain’s book, “The Future of the Internet and How to Stop It”;  do we need to redirect identity services towards an identity platform; or forego the digital identity innovation?

Product Categories: Vitamins, Painkillers and Viagra

Thursday Jan 28 2010 | 1,296 Comments


Vitamins are products that provide a customer peace of mind. You get no immediate results from taking a vitamin. The benefits (if any) are sometime in the future. Insurance is a vitamin product. Home security systems are a vitamin product. When selling vitamin products, timing is everything. Most home security systems are sold when the customer moves, or when a neighbour’s house is burglarized. Vitamins tend to be sold when the customer is experiencing lots of FUD.

Painkillers are products that remove a customer’s pain. If the benefit of removing the pain is higher than the opportunity cost of the painkiller, customers will buy the painkiller. To sell a painkiller, you have to find the customers with the pain you can solve, and can afford the painkiller. It is much easier to sell a painkiller than a vitamin. … continue reading »

« Older Entries