Log in

No account? Create an account

Previous Entry | Next Entry

On Google and OpenID 2.0

Following Microsoft on Monday, AOL last year, and Yahoo! earlier this year, Google is now an OpenID Provider. That said, people seem to like controversy...

Google is taking advantage of a feature in OpenID 2.0 known as "Directed Identity". This allows an OpenID 2.0 Relying Party to start the OpenID protocol flow using a known URL (Yahoo!'s is http://openid.yahoo.com/) to allow for "one click" style login dialogues. By performing discovery on this URL, using the XRDS XML format, the OpenID Provider advertises the OpenID Endpoint URL for the Relying Party to make a request against. Google is doing this correctly with the URL to perform discovery against being https://www.google.com/accounts/o8/id.

The piece that Google is currently doing differently is requiring pre-registration of each OpenID Relying Party before users can login to a given site. This does break the common deployment of OpenID on the web today, but Eric Sachs of Google has said on the OpenID mailing list that this is temporary as they work to stabilize their OpenID Provider:
We just need to do the standard scaling, stability, translation quality, etc. evaluation to make sure there are no major problems. If we are lucky, that won't take much time. However it is more then likely that we will need to tweak things in our user interface to make it easier to understand, and unfortunately translating any such tweaks into 40+ languages takes awhile.

As for using email addresses as OpenIDs, this is something the OpenID community is talking about quite a bit right now; Google included.