Jay Eye Sea

Ian Leader: Today’s announcement that Google apps will be an OpenID authentication provider is a welcome step forward for Open ID.  For those not familiar with , it’s like corporate single sign-on for the web:  you can use the same user ID / password on multiple sites owned and run by different organisations, provided those sites are OpenID-enabled.

And there’s the rub – unless the sites you actually use are OpenID-enabled (wordpress.com where we host this blog is, the FT subscription-only web site isn’t), it’s not much use. Google’s move increases the pool of users who have OpenIDs, and will generate publicity that may push more sites to support it, but what would really change things is if Google decided to accept other providers’ OpenIDs to access  GMail, Google Calendar and so on. If that happened, it would close the circle and make OpenID genuinely useful for a huge number of users.

Unfortunately, I don’t think that the big players are going to be comfortable doing that unless something happens in the market to push them.  Right now, I think they want to have the trust relationship with the end user, and are probably nervous about bad publicity if there’s a security breach due to the failings of a 3rd party OpenID provider.

That said, a related announcement today may go some way to addressing this with around 60 SaaS corporate apps apparently being OpenID enabled.

Another interesting point is that according to the announcement, this has only been enabled for Google apps, not normal Google accounts. Over the last 10 years we’ve got used to consumer web technology being adopted by the corporate space, not the other way round. Google went along with this, building services for consumer first, then transitioning them to apps. Is this a fundamental shift in approach, or simply increased focus on investing where there are direct revenues? More on these topics in another post…