Comcast Property Sees 92% Success Rate With New OpenID Method
The most-watched geek event of the day has to be the OpenID UX (User Experience) Summit, hosted at the Facebook headquaters. The most discussed moment of the day will surely be the presentation by Comcast's Plaxo team.
Plaxo and Google have collaborated on an OpenID method that may represent the solution to OpenID's biggest problems: it's too unknown, it's too complicated and it's too arduous. Today at the User Experience Summit, Plaxo announced that early tests of its new OpenID login system had a 92% success rate - unheard of in the industry. OpenID's usability problems appear closer than ever to being solved for good.
This experimental method refers to big, known brands where users were already logged in, it requires zero typing - just two clicks - and it takes advantage of the OpenID authentication opportunity to get quick permission to leverage the well established OAuth data swap to facilitate immediate personalization - at the same time, with nothing but 2 clicks required of users.
Plaxo, primarily known for the noxious flood of spam emails it delivered in its early days, is now an online user activity data stream aggregator owned by telecom giant Comcast. The Plaxo team has been at the forefront of the new Open Web paradigm best known for the OpenID protocol.
The Flow
The method Plaxo has been testing is called an OpenID/OAuth combo, in collaboration with Google. What does that mean, in regular terms? It means that Plaxo told users they could log in with their Gmail accounts as OpenID by clicking a link to open a Gmail window, then Google asked for permission to hand over user contact data using the OAuth standard protocol. Once login was confirmed, whether contact data access was granted to Plaxo or not, the Gmail window closed and users were returned to Plaxo all logged in. No new accounts, no disclosure of Gmail passwords to Plaxo, no risky account scraping and no need to import or find friends on the new service before immediate personalization could be offered.
This is a very different flow than most OpenID "relying parties" have followed before - but it won't be for long.
The Success Rate
Plaxo reported today that it has seen a staggering 92% of users who clicked on the "log-in with Gmail" button come back to Plaxo with permission to authenticate their identities via Gmail granted. Of those who returned, another 92% also granted permission for Plaxo to access their contacts list. Only 8% of the people who clicked to log in with a standards based 3rd party authentication ended up deciding to bail instead. That's the kind of ease-of-use that people presumed only Facebook Connect could provide.
When Plaxo engineers moved to turn off the short-term experiment, the business team said no way.
We expect to see this basic flow get iterated on even further. We hope it will ensure that every OpenID provider has some exposure and not just the big email providers, and we expect the pop-up action to be made increasingly unobtrusive.
This could be the day when OpenID became a far more realistic prospect than it has seemed before.
Share
Facebook
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts
I don't really see the utility of OpenID. Lately everything with the "Open" prefix sounds cool, even if there's no use for it =)
Managers Magazine
Very exciting demonstration of compelling benefits for end users, website operators, and OpenID providers. Well done to Google and Plaxo.
Posted by: bkkissel.myopenid.com
|
February 10, 2009 3:52 PM
Maybe I don't entirely understand the innovation here, but isn't most of the simplicity in the user interface being achieved by concentrating on a single OpenID provider? In other words, isn't this just swapping Facebook for Google, rather than Facebook for OpenID?
jeremiah, if that's the case then the big news is just the oauth integration. I don't think this has to be a case of "simple because choice is removed" - I think that multiple known brands could be offered as choices with room for any provider. The innovation is in the simple clicks to authorize information, the use of known entities, etc.
This presentation -- and some of the comments left above -- feels much more like marketing than research. Who cares what the protocols under the covers are? The demonstration could've been done with LDAP.
There's nothing new here. Of course it's possible to improve the user experience by requiring(or at least, making it exceptionally difficult not to use) a few major providers. That's been done a thousand times over.
We're no closer to solving truly distributed federated identity than we were, and this if anything pushes us actively further away. I want to see interface work can serve the world, not the one or two big players in one sphere.
ndk - thanks for putting that out there. I'd like to see what some of the folks involved have to say about your comment.
@jeremiah, while this experiment was done specifically between Plaxo and Google, I agree with Marshall that multiple known brands could be involved and that the real innovation was simplifying and combining the steps of logging in and granting access to your data.
This experiment combines 1) creating a new account on Plaxo and entering profile data, 2) verifying your email address and 3) granting Plaxo access to your address book. Before the combination of OpenID and OAuth, you would be sent to Google two or three times: first to login with your Google Account, second (if you didn't use OpenID) to Gmail to verify your email address and third to grant Plaxo access to your Gmail address book.
Rather, this experiment with a hybrid of OpenID and OAuth combines these steps so that the creation of a new account always includes the verification of your email address and you're telling Google that you wish to provide Plaxo with access to your address book.
@ndk, I'd love to see an example of this being done with LDAP, including the granting ongoing access to an API resource (the address book). I obviously strongly disagree with your view that, "we're no closer to solving truly distributed federated identity than we were," but doubt that comments are going to be the best way to understand each other's viewpoints.
I agree with ndk. Sure this could be done for other well-known brands... but note that caveat carefully. Now tell me how having a few known brands be the ones that make OpenID easy to use is a good thing.
OpenID is still a solution in search of a problem for most individuals. We use our browsers' ability to remember credentials combined with cookies and a limited set of passwords to address this. If I only have 1 or 2 username/password combinations to remember anyway... what's the advantage of OpenID again?
I think this is a really big deal. (But I'm biased, as I'm involved in it.)
This is the first time we're seeing OpenID that is driving our core business metrics. It's good for users, good for Plaxo, good for Google, and implemented in a way that can be replicated by any other sites of the web.
I obviously strongly disagree with your view that, "we're no closer to solving truly distributed federated identity than we were," but doubt that comments are going to be the best way to understand each other's viewpoints.
You're probably right, David, but I'll restate my point more fully for posterity here. Because:
1) It's extremely difficult to craft a good UX for N providers, making the button path -- used by social bookmarks and the demonstration above alike -- very appealing;
2) The data necessary to build a value proposition, like a contact book, is not available consistently from all providers;
3) There is no trust framework to support a diversity of providers.
Whatever the protocol under the seams, if the three above points are not comprehensively addressed, I see an inexorable drift towards the "Top 4" that Joseph describes. Discovery is the toughest and most important.
I'd love to see an example of this being done with LDAP, including the granting ongoing access to an API resource (the address book).
This is tangential; I'm just pointing out that I'm not emotionally attached to protocols. They grow, evolve, and die, but in the end aren't always that different from each other.
If you wanted to get imaginative with LDAP, perhaps one would provision a service DN for each application, do LDAP auth of the user at the login page, change the user's contact list ACL to permit reading by the service DN, transmit the username + timestamp to the service in a query string encrypted using the service's public key, and then perform a simple LDAP query(an API for retrieving data about a username, after all).
Obviously a dirty hack inferior to application of OAuth + OpenID, vulnerable to a few more attacks by the service, and LDAP isn't viable for inter-realm use, but it'd work.
the username + timestamp
Brainfarted the slightly important "signed" word, sorry. :D But I'd rather not let that distract from the core issue that rick articulated better than I: the UX being demonstrated here naturally constricts the OP's to a select few, so I really don't think of it as progress.
Jeremiah and ndk what you're missing is that the bridge from identity to authorization to use the contacts was done through a set of open protocols, Being able to go from an email address to a known OpenID endpoint was a small part of the steps saved here.
If users can pick an identity provider from a list of obvious suspects or a known highly correlated one for that site, as well as having a type-in box, this flow means that they will be able to connect to a rich source of profile and contact information in one go, ratehr then the multiple stage back and forth currently needed.
Oh sure, the meeting at Facebook as massive implications, our identities will finally be in our control, the companies that attented will make billions more with that hybrid oauth/openid thingy, yadda, yadda, yadda...
But without a doubt, the best thing to come from the meeting was this pic:
http://www.flickr.com/photos/wnorris/3270176733
...oh yeah, and on the serious tip:
ndk said:
"...If you wanted to get imaginative with LDAP, perhaps one would provision a service DN for each application, do LDAP auth of the user at the login page, change the user's contact list ACL to permit reading by the service DN, transmit the username + timestamp to the service in a query string encrypted using the service's public key, and then perform a simple LDAP query(an API for retrieving data about a username, after all)."
Exactly! That's what I want to write an Oil Can script to do, for all Android phone's ( address books in Android phones automatically sync'ed to Gmail BTW ). Decentralized and spread out out, no single point of failure.
"...A distributed architecture for social networking? Existing social networks usually employ a "hub and spoke" model, where the website is the hub of all activity within the network, and where there is a "client" and a "server". Since all traffic must pass through the hub, that site may become a bottleneck. Furthermore, each transaction must pass up one spoke to the hub, and then down another spoke, when the people interacting may be much closer to each other (in network terms) than either is to the hub site...
There is the opportunity to create an architecture that distributes the load to the devices sitting in our coats and pockets, rather than solely on massively scalable Web sites. Such an architecture would require better interoperability between social networking sites and mobile devices than we have today, and should remove any dependence on an "always-on" network connection."
http://www.w3.org/2008/09/msnws/papers/nokia-mobile-social-networking.html
thanks.
For some reason I seem to get nervous when something is so wonderful that everyone buys into it. Nothing is perfect. The real question is what are they not telling you about this new system. We need enough information to decide if we want something or not. If all we get is the good side, the other side could be worse than we can handle. This is the same mistake that too many people made when investing with Madoff! Stop trying to hussle us and tell us the real deal.
Prior to the work I'm currently doing with OpenID, OAuth, et al, I was deeply involved with LDAP, SAML, and worked with ndk (commenter above) directly for a number of years. He makes an excellent point based on this article. Unfortunately, this article covers only a small facet of what was discussed at the UX Summit yesterday.
I think the thing to take away from the Plaxo numbers that Joseph presented is this: if we can make the user experience as simple as two button clicks (that's really all it is), the ROI for relying parties is incredible. The beauty of the Plaxo/Google demonstration was made possible by open protocols (that really could have been anything, including LDAP), but more importantly intelligent OP discovery. It demonstrated ONE way of doing intelligent discovery -- that is, assuming that if the user used Google for their email, then there's a decent chance that they would want to use Google as an authentication provider. As their numbers show, this was a pretty accurate (although not 100% true) assumption.
The point is, if we can do intelligent discovery, the payback is huge. The true challenge, and this is what was left out of the article, but was discussed during the rest of the UX Summit, is how to do this discovery. No one is suggesting that the Plaxo/Google approach, or even the "big four buttons" approach is the end-all, be-all solution to discovery. No one is saying that. Plaxo's demonstration only underscores the importance of discovery, and it's problem we have yet to solve.
Posted by: willnorris.com
|
February 11, 2009 2:03 PM
@willnorris said "if we can make the user experience as simple as two button clicks (that's really all it is), the ROI for relying parties is incredible"
I think that's the key. Until yesterday, there had been little public discussion about streamlining the OpenID login process for those not knowledgeable of what "OpenID" is. At the end of the day, most users won't know that they're interacting with something that is using the OpenID protocol, which is the way it should be.
Facebook Connect has proven that engagement rises and that there is a higher rate of new registrations. The Plaxo example confirms this even more. This is great to see and I think we are on the verge of a breakthrough which will make all registrations as simple as two-clicks. This is awesome. OpenID ftw
No one is suggesting that the Plaxo/Google approach, or even the "big four buttons" approach is the end-all, be-all solution to discovery. No one is saying that. Plaxo's demonstration only underscores the importance of discovery, and it's problem we have yet to solve.
Thanks, Will. Your entire message is very much the right one to carry forward here, and since I wasn't present, I'm glad to hear that more was present at the summit than just the "Top 4" buttons.
It'd be great to get more earnest communication on innovative techniques being proposed to prevent OpenID from falling further into the social bookmarking solution. No such details have leaked out of the inner circles, and when all we see is presentations like this, the discomfort of commentators not directly invested in the future of this technology is probably understandable.
Some really interesting comments.
I have long predicted that the next wave of social networking will be ALL sites offering social elements so "friending" and commenting and the like is available everywhere.
This, to some degree, is already happening (I spend two hours every morning reading and commenting all over the web) but it typically requires a separate identity on each site. And if I wish to make my contacts aware of the article I need to drag their butts over to that specific site first. This is all a pain.
So socialising the web will become a lot easier if a SINGLE existing identity can be used by me across the whole web. OpenID offers this. What it doesn't do today, and what Facebook Connect DOES do, is enable me to easily share what I am doing across the whole web with my friends and contacts. Well, I say FBC does do it, no one is using it yet...
And a key reason is everyone would like to see something more "Open" allowing that so they aren't tied into Facebook, which doesn't have a great reputation for protecting investments for its third party developer partners.
What Plaxo and Google are showing is exciting, but is playing functional catch up with FBC and will only geat REALLY exciting once they issue some code which you and I can integrate into our sites to offer the same functionality.
By the way, I agree with the view that is arguably leading us down the wrong road ultimately, as I would prefer to see a trusted, independent, non-profit body holding identity and social graph information, which we then "lease" to sites we visit with a few clicks. Although W3C is putting together a team to investigate this, encouragingly, it is still some way off.
Ian Hendry
CEO, WeCanDo.BIZ
http://www.wecando.biz
Intereting article and exciting developments between Google and Plaxo. But ... I found the comments more informative.
I agree with Ian Hendry, we need "a trusted, independent, non-profit body holding identity and social graph information, which we then "lease" to sites we visit with a few clicks."
"The Plaxo/Google approach, or even the "big four buttons" approach" will become the "the end-all, be-all solution to discovery." and I'll no longer be able to use my blog as a self-provisioned OpenID.
Sicne the the user experience weill be "as simple as two button clicks (that's really all it is), the ROI for relying parties is incredible." - @williamnorris
This is pretty cool way to collaborate, but to me "crowdsourcing" implies a lot more democracy and broad based collaborative input. This seems more like an edited collection of short stories with similar theme and I'm guessing it'll read
These new properties make the get() methods largely redundant but the set() methods can be still be useful as most of them take multiple parameters; for example the full setHours() syntax looks like this:High Real Estate www.highrealestate.net
1) It's extremely difficult to craft a good UX for N providers, making the button path -- used by social bookmarks and the demonstration above alike -- very appealing;
2) The data necessary to build a value proposition, like a contact book, is not available consistently from all providers;
3) There is no trust framework to support a diversity of provider
Is there a blog or website which shows which towns have the lowest House rents…not apartments.
that is really good news for Comcast
great success; glad to hear that.
good idea; thanks for sharing!
so kind of you! thanks a lot!
Oh sure, the meeting at Facebook as massive implications, our identities will finally be in our control, the companies that attented will make billions more with that hybrid oauth/openid thingy, yadda, yadda, yadda...
For some reason I seem to get nervous when something is so wonderful that everyone buys into it. Nothing is perfect. The real question is what are they not telling you about this new system. We need enough information to decide if we want something or not. If all we get is the good side, the other side could be worse than we can handle. This is the same mistake that too many people made when investing with Madoff! Stop trying to hussle us and tell us the real deal.
Sessions will look at internal and external communications methods for both B2B and B2C companies and provide actionable takeaway items for attendees to immediately implement in their businesses. The forum targets business owners, executives, business communicators, key organizational stake holders, and anyone interested in gaining practical knowledge about social media.
very good idea.
Posted by: http://news.fhvac.ru/author/administrator/
|
October 2, 2009 12:34 PM
Oh sure, the meeting at Facebook as massive implications, our identities will finally be in our control, the companies that attented will make billions more with that hybrid oauth/openid thingy, yadda, yadda, yadda...
We're no closer to stüdyo solving truly distributed federated identity than we were, and this stüdyo if anything pushes us actively further away. I want to see stüdyo interface work can serve the world, not the one or two big stüdyo players in one sphere
OpenID is a great Tool for access many reputable sites and networks, really fantastic post.
Jenn
Seo Company
Well worth the read. Thanks for sharing this information. I got a chance to know about this.
Regards, Kevin Clasamente Fotbal
Miraremos a tres directores a que usted puede más o menos garantía proporcionará los regalos excelentes para los papás. Usted pone en marcha tan su computadora y carga sistemáticamente a todo su favorito MP3s a usted iPod. Cuando descubrieron a De Niro durante las calles malas, una película que Keitel también starred, el estilo arenoso y peligroso de Scorsese fueron personificados por el funcionamiento imprevisible violento del De proteico Niro. Usted necesita software registrar pandora bracelets en su computadora y muchos estos jugadores vienen con software. Utilizo el software de Nero que amo y que es también bueno para quemar los Cdes también.La condición de su lente del laser es de importancia crítica si usted confía en su impulsión de DVD por cualquier razón. Si la lente del laser se daña o tiene polvo en ella puede no poder realizar su básico funciona de leer las capas metálicas de los discos.Los servicios ofrecidos incluyen: La automatización audio-visual, casera, los servidores de los medios del dvd, la iluminación inteligente, los cines de la firma, los sistemas de control de alto nivel, las soluciones de la sala de reunión, la comunicación video, la gerencia del sitio de la función, el control de acceso y la seguridad, recursos programados, estructuraron el cableado, diseño de sistema. La tecnología de BD+ se diseña para comprobar independientemente de si pandora bracelets al jugador azul del rayo, y en caso de que si es verdad, transfiere los nuevos soportes lógico inalterable del Internet para fijar en modificaciones apropiadas. El nombramiento azul de los discos del rayo es levemente diferente de generalmente.1 - formato sano con ella micrófono. No hay SECAM DVD y quizás tal pandora jewelry nunca será producido. Gente en historia y el secreto. Ésta es característica excelente para cualquier persona que no sepa hacer una copia de un dvd se ha dañado que, pues es exactamente lo que se ha diseñado para hacer. Produce oportunidad a practicar su respiración enfocada, que es esencial durante de trabajo y entrega. La calidad de un dispositivo de la grabación se categoriza en base de marcas de fábrica, del tiempo llevado, de modos de grabación y de pocos otros factores. Distinguido solamente pandora bracelets principios, plasma y los LCDs de la exhibición han revolucionado básicamente las películas del reloj de la gente de la manera y las demostraciones de la TV en el país. DVDs con ninguna clase de los formatos previamente mencionados de la encripción no se puede copiar directo a la impulsión dura de su PC sin la ayuda del software para descifrarlos. La primera cosa que usted debe saber es que un dvd rasguñado no es una gran cosa. En lugar, mi DVD aerobio a estrenar acaba de decidir a añejo lejos en la esquina, recolectando el polvo mientras que continué estando un patata-sofá, creciendo más gordo y menos en forma. Usted puede conseguir las videocámaras digitales en otros formatos, pero los modelos de DVD están revolucionando la industria. Mucha gente que no es comprensión de la tecnología está buscando una videocámara digital que sea más fácil de utilizar y más intuitivo.Las transferencias directas japonesas del anime DVD parecen hoy ser más populares que compra convencional del anime DVD.
patata-sofá, creciendo más gordo y menos en forma. Usted puede conseguir las videocámaras digitales en otros formatos, pero los modelos de DVD están revolucionando la industria. Mucha gente que no es comprensión de la tecnología está buscando una videocámara digital que sea más fácil de utilizar y más intuitivo.Las transferencias directas japonesas del anime DVD parece
My question is whether these transfers are secure. There is NOTHING this transfer can and steal passwords? If so is tragic. Thinker adsense accounts.