Search code examples
openidsingle-sign-on

If OpenID "is dead", what is out there to take its place?

Scott Hanselman (alternate link) suggested in a twitter tweet on November 18, 2010 that "OpenID might be Dead".

OpenID is Dead

If this were true (I'm not saying it is), what other options are there for universal sign-in (similar to OpenID)?

further info

I'm currently involved in a pretty good sized project, and it's public facing log-ins are completely OpenID driven (Using DotNetOpenAuth). If this is going to be too challenging for users (as per the comments made around Scott's original tweet), I'm going to need to know of some GOOD alternative solutions... if there even is one.

Any information would be appreciated.

edit

To clarify and rephrase. I'm not trying to launch a debate on "WHAT IS THE NEXT BIG THING"... I'm simply asking "What is there to take the place of OpenID, should it be dead". I'm also NOT saying that I think OpenID is dead, but merely asking the question based on a comment made by a well respected developer.

addition

As @marc pointed out in a comment. There is a pretty good rant/blog post by Rob Conery titled Open ID Is A Nightmare where the Rob makes some pretty compelling arguments as to why OpenID is not desirable. I have to agree that I don't want to be wasting a large amount of time recovering accounts for my users, my time is better spent in other places.

So back to the original question. What is there for alternatives? Is there a better "standard" out there that is "open" yet doesn't fall apart if a provider decides to change something? (changing API's or encryption logic for example)... but also one that can span across multiple providers and still recognize a single user?

Solution

  • In my thoroughly subjective personal opinion, OpenID is not dead precisely because there is nothing there to take its place.

    oAuth is often mentioned but that is completely orthogonal. OpenID is for humans logging into machines, oAuth is for machines logging into machines on behalf of humans.

    My fear is that it is going to be replaced with a proprietary technology like Facebook Login, Yahoo! ID, Live ID, etc., which would leave people like me who don't want all their sensitive information shipped off to a country with frankly less-than-third-world-level privacy standards unable to login.