OpenID, Trust, Vendor Locking and Delegation

There is a lot going on about OpenID these days and a lot of claims are being raised which prevents greater adoption of OpenID by users.

One of these claims is about Trust and Vendor Locking. How can I trust a certain OpenID vendor? after all, gaining access to my OpenID account will give access to all of the sites I’ve signed in/up using OpenID.

This is a legitimate claim, since it reminds everyone of how Microsoft Passport.NET Live ID is not that successful being a one vendor, non transferable identity.

One of the key elements of OpenID is that it’s decentralized and there is no one body that controls it but if a user signed up to a certain OpenID vendor they are essentially locked into that vendor unless they have the proper skills or items that allows them to perform delegation.

Having delegation is exactly the thing to make all of these claims go away since delegation give the power back to the user. The underlying OpenID vendor will supply the service but everything MUST go through the user’s domain to get to the vendor, thus allow the user to change vendors without being locked in.

The problem with delegation, however, is that it requires a certain amount of preparation. You either need to have your own site/blog and add the necessary <head> tags or you need to use a service like (I’ve previously written about it here) which gives you a URL composed out of your name (using the .name domain).

The problem with the solution of is that its only one .name vendor that provides this service. Although they are responsible for the whole .name TLD it is still a sort of vendor locking. If all .name providers will support such a service, things will look much better.

To sum things up, a possible answer for the claims about OpenID, Trust and Vendor Locking is to simply highlight the benefits of delegation and provide all of the necessary technical means needed to make this as easy as possible.

Below is a list of a couple of ideas I thought about (some are more of a wishful thinking since it doesn’t depend on the OpenID community alone) which might make things easier for everyone:

  • Support for OpenID for .name domains available with all the .name providers
  • Built-in support for Delegation in blogging platforms including hosted ones such as, Blogger, TypePad and the rest (for WordPress blogs that you are on your own server/domain you can use my OpenID Delegation plugin :-) )
  • Support for migrating existing accounts in existing sites to an OpenID account, thus allowing users to consolidate their various accounts on various sites into an OpenID account.
  • Support for migration of accounts between OpenID vendors including support in the OpenID spec to figure out a permanent redirection and perform a necessary fix up (similar to a permanent redirection performed in HTTP).

Technology is suppose to make things easier for everyone and lower the barrier of participation so that everyone, regardless of their skills, can use technology for their benefit. Let’s lower the participation barrier for OpenID and let everyone claim their own identity.