Monday, February 05, 2007

Glad I didn't think of it

In the "dumb ideas I'm glad I didn't think of" category is this entry, "SMTP Service Extension for Yadis Discovery", proposed by Dmitry Shechtman in response to Byrne Reese’s pleading.

Reese, it seems, feels the hoi-polloi are too dumb to understand a URL/URI/XRI and need the "comfort" of an email address to use OpenID. The fact that most of the creators of the various parts of OpenID specifically rejected email address as an identifier seems to play no part in the discussion.

Most likely these same users that Reese is campaigning on behalf of are the same ones who buy v1agr@ from an email ad, and gladly let PayPal "security" have their username and password so that their account won't be suspended. Rather than pandering to these folks' ignorance, Reese (and Shechtman) might want to consider ways to educate them!

I am actually quite well versed in reasoning behind using a URL as an OpenID as one of the people who helped invent it. On a protocol level there is no better choice than a URL.

I think it is important to reiterate that I am NOT advocating that a URL shouldn't be used. What I am proposing is something that could help make OpenID a protocol and authentication system that my mother could use and understand without me having to explain it to her.

OpenID's achilles heel is the fact that I have to educate someone at all about it. OpenID should be something that is completely transparent. The moment you have to explain to someone why they need to provide you information in order to proceed with something as simple as logging in to a website, then the barrier is too high. Logging in anywhere is the last thing on the planet anyone should have to think about.

Simply put, and usability studies support this, that the average person does not understand how a URL could be used to login somewhere.

Furthermore, the average person doesn't think of a profile page on TypeKey, Flickr, Technorati, etc (if they even use those services, which they probably don't) as their URL, their "OpenID."

An email address on the other hand is already a common means to login to the most popular services. Plus an email address is something that people implicityly understand is theirs, and no one elses. Finally are far more accustomed to providing an email address to login somewhere then a URL.

Occam's Razor would suggest that a far simpler solution would be for the protocol to fit nicely into a pre-existing mental model, rather then trying to create an entirely new one.
If you want to get to what's simplest and what's most familiar to the most people - then that's username/password. And, suddenly, you haven't solved any problems.
Post a Comment

© 2003-2006 The Virtual Quill, All Rights Reserved


[Powered by Blogger]