Summary of research from OpenID Foundation Content Provider Advisory Committee and other primary market research.

1. OpenID Foundation Customer Research Committee November 11, 2008

2. 18 Organizations 8 OpenID Providers (OPs), 8 Relying Parties (RPs)

3. Ranking Areas of Interest

4. Positive Feedback OpenID is viewed positively: open, lightweight, extensible, etc. OpenID addresses an important market need, OpenID (or something like it) will have broad adoption sooner rather than later Strong market adoption from net savvy technologists, people with early adopter values, user-generated content websites and small Web 2.0 companies Market drivers Move to open web, interoperable framework Growing on-line activity levels (research, e-commerce, social networks, etc.) Increasingly web savvy consumers Move to user-centricity, growth of user-generated content

5. Positive Feedback (cont.) Technology enablers Acceptance of open source software, software as a service (SaaS) Matured web technologies Business benefits cited Allow consumer users to move from website to website easily and seamlessly, manage their web identity in one place, get personalized info in a “trusted” way Provide SSO federation across multiple web properties within a ‘family’ of sites (“internal”) Provide federated SSO with partner sites (“external”) Holy Grail: Consumers will be able to move seamlessly across all sites on the web in an authenticated session Streamline registration, reduce drop-off rate of potential visitors at registration, increase conversion rates of site visitors to registered users Reduce customer care costs associated with password maintenance Provide a higher-quality brand experience; get consumers more easily engaged and interacting; retain them better, longer Learn more about consumer users via “user-centric identity tools” (SREG, AX, OAuth, MySpace Data Availability, Portable Contacts, etc.) Enable revenue-sharing arrangements between OPs and RPs

6. Areas for Improvement User Experience “ Over complicated” user experience UI design, sign-on flow, attributes, URL as identifier, inconsistent user experience across OPs and RPs, reconciliation of multiple user accounts, sign-off, etc. Lack of consumer understanding of OpenID Data Many large OPs not sending SREG data today, email is most requested field Lack of a flexible international data scheme with ability to adapt it to local customs, business models, etc. Business/Legal Not all business managers fully understand the business benefits of OpenID Legal and regulatory frameworks not fully developed Security/Trust/Privacy issues require further development Possible need for some kind of OP certification program Adoption Few large companies have implemented it broadly yet OpenID supporters and Foundation Board members appear to be more focused on the technology than the business applications and needs

7. Initiatives Underway UX Yahoo, Google, AOL, Microsoft, MySpace, Facebook, JanRain, Vidoop, Plaxo and others met at Yahoo for a user experience (UX) summit to discuss ways to improve the OpenID user experience between OPs and RPs. Yahoo streamlined their OP login process, Google LSO initiative, JanRain RPX Data Google is providing verified email via AX, Yahoo and AOL evaluating SREG deployment, MySpace to provide profile and friends data, Plaxo supporting Portable Contacts Legal Framework Yahoo and Google are developing templates for legal and business agreements governing OP/RP interchanges NRI leading on Trusted Data Exchange (TX) extension Security The PAPE authentication security standards have been officially submitted for public review and final ratification OIDF Security Committee has been formed, chaired by Tony Nadalin of IBM