OpenID Foundation Customer Research Committee November 11, 2008

18 Organizations 8 OpenID Providers (OPs), 8 Relying Parties (RPs)

18 Organizations

8 OpenID Providers (OPs), 8 Relying Parties (RPs)

Ranking Areas of Interest

Positive Feedback OpenID is viewed positively: open, lightweight, extensible, etc. OpenID addresses an important market need, OpenID (or something like it) will have broad adoption sooner rather than later Strong market adoption from net savvy technologists, people with early adopter values, user-generated content websites and small Web 2.0 companies Market drivers Move to open web, interoperable framework Growing on-line activity levels (research, e-commerce, social networks, etc.) Increasingly web savvy consumers Move to user-centricity, growth of user-generated content

OpenID is viewed positively: open, lightweight, extensible, etc.

OpenID addresses an important market need, OpenID (or something like it) will have broad adoption sooner rather than later

Strong market adoption from net savvy technologists, people with early adopter values, user-generated content websites and small Web 2.0 companies

Market drivers

Move to open web, interoperable framework

Growing on-line activity levels (research, e-commerce, social networks, etc.)

Increasingly web savvy consumers

Move to user-centricity, growth of user-generated content

Positive Feedback (cont.) Technology enablers Acceptance of open source software, software as a service (SaaS) Matured web technologies Business benefits cited Allow consumer users to move from website to website easily and seamlessly, manage their web identity in one place, get personalized info in a “trusted” way Provide SSO federation across multiple web properties within a ‘family’ of sites (“internal”) Provide federated SSO with partner sites (“external”) Holy Grail: Consumers will be able to move seamlessly across all sites on the web in an authenticated session Streamline registration, reduce drop-off rate of potential visitors at registration, increase conversion rates of site visitors to registered users Reduce customer care costs associated with password maintenance Provide a higher-quality brand experience; get consumers more easily engaged and interacting; retain them better, longer Learn more about consumer users via “user-centric identity tools” (SREG, AX, OAuth, MySpace Data Availability, Portable Contacts, etc.) Enable revenue-sharing arrangements between OPs and RPs

Technology enablers

Acceptance of open source software, software as a service (SaaS)

Matured web technologies

Business benefits cited

Allow consumer users to move from website to website easily and seamlessly, manage their web identity in one place, get personalized info in a “trusted” way

Provide SSO federation across multiple web properties within a ‘family’ of sites (“internal”)

Provide federated SSO with partner sites (“external”)

Holy Grail: Consumers will be able to move seamlessly across all sites on the web in an authenticated session

Streamline registration, reduce drop-off rate of potential visitors at registration, increase conversion rates of site visitors to registered users

Reduce customer care costs associated with password maintenance

Provide a higher-quality brand experience; get consumers more easily engaged and interacting; retain them better, longer

Learn more about consumer users via “user-centric identity tools” (SREG, AX, OAuth, MySpace Data Availability, Portable Contacts, etc.)

Enable revenue-sharing arrangements between OPs and RPs

Areas for Improvement User Experience “ Over complicated” user experience UI design, sign-on flow, attributes, URL as identifier, inconsistent user experience across OPs and RPs, reconciliation of multiple user accounts, sign-off, etc. Lack of consumer understanding of OpenID Data Many large OPs not sending SREG data today, email is most requested field Lack of a flexible international data scheme with ability to adapt it to local customs, business models, etc. Business/Legal Not all business managers fully understand the business benefits of OpenID Legal and regulatory frameworks not fully developed Security/Trust/Privacy issues require further development Possible need for some kind of OP certification program Adoption Few large companies have implemented it broadly yet OpenID supporters and Foundation Board members appear to be more focused on the technology than the business applications and needs

User Experience

“ Over complicated” user experience

UI design, sign-on flow, attributes, URL as identifier, inconsistent user experience across OPs and RPs, reconciliation of multiple user accounts, sign-off, etc.

Lack of consumer understanding of OpenID

Data

Many large OPs not sending SREG data today, email is most requested field

Lack of a flexible international data scheme with ability to adapt it to local customs, business models, etc.

Business/Legal

Not all business managers fully understand the business benefits of OpenID

Legal and regulatory frameworks not fully developed

Security/Trust/Privacy issues require further development

Possible need for some kind of OP certification program

Adoption

Few large companies have implemented it broadly yet

OpenID supporters and Foundation Board members appear to be more focused on the technology than the business applications and needs

Initiatives Underway UX Yahoo, Google, AOL, Microsoft, MySpace, Facebook, JanRain, Vidoop, Plaxo and others met at Yahoo for a user experience (UX) summit to discuss ways to improve the OpenID user experience between OPs and RPs. Yahoo streamlined their OP login process, Google LSO initiative, JanRain RPX Data Google is providing verified email via AX, Yahoo and AOL evaluating SREG deployment, MySpace to provide profile and friends data, Plaxo supporting Portable Contacts Legal Framework Yahoo and Google are developing templates for legal and business agreements governing OP/RP interchanges NRI leading on Trusted Data Exchange (TX) extension Security The PAPE authentication security standards have been officially submitted for public review and final ratification OIDF Security Committee has been formed, chaired by Tony Nadalin of IBM

UX

Yahoo, Google, AOL, Microsoft, MySpace, Facebook, JanRain, Vidoop, Plaxo and others met at Yahoo for a user experience (UX) summit to discuss ways to improve the OpenID user experience between OPs and RPs.

Yahoo streamlined their OP login process, Google LSO initiative, JanRain RPX

Data

Google is providing verified email via AX, Yahoo and AOL evaluating SREG deployment, MySpace to provide profile and friends data, Plaxo supporting Portable Contacts

Legal Framework

Yahoo and Google are developing templates for legal and business agreements governing OP/RP interchanges

NRI leading on Trusted Data Exchange (TX) extension

Security

The PAPE authentication security standards have been officially submitted for public review and final ratification

OIDF Security Committee has been formed, chaired by Tony Nadalin of IBM