Google announced today that everyone using Google Apps enterprise or education editions can now use their organization’s domain as a federated single sign-on. That means that millions of schools, businesses and other organizations can now use their Apps accounts as an OpenID.
For a movement that has seen adoption held back because of confusion or just plain unfamiliarity among consumers, this should be a huge boost. However, a few prominent developers and advocates feel that Google’s approach is not entirely acceptable. They are critical of the use of vendor-specific extensions and APIs instead of the open standards that are so important to OpenID.
Sponsor
The Sound & Fury
The concern that some OpenID developers have expressed publicly is in regard to the way that OpenID discovery occurs. The crux of their concern is not whether Google’s solution will work; it’s about the whether Apps OpenID will function as a provider that gives people full control of their online identity.
Independently of the OpenID Foundation, Google has rushed to use their own methods. Unlike OAuth, the discovery is currently a part of the OpenID core, even if it isn’t related to how the actual authentication functions.
In order to be redirected from their domains to Google’s OpenID service, relying parties will have to use an extension developed by Janrain, despite work that is well underway by the Foundation on a standard independent of any one vendor.
Google, Your New Identity Hub
Now that the Apps OpenID has been released, another issue has arisen. It’s related to how the Google will become an identity hub for SaaS partners which want to let their users login with their Apps accounts. Early partners in this program that were announced in the blog post by Google today include Ping Identity and Manymoon.
Some have taken issue with Google’s API even being the fallback system should a normal request fail. But for these partners, it looks as if the API is not the fallback system: it’s the default. By cutting corners and not using a more neutral method, Google is unlikely to get the support from the OpenID Foundation they want.
In a phone call today, Google’s Eric Sachs said that though the company has no control over how partners choose to implement the system, it was necessary to use the API if they choose to present it to users as a way to log in directly with Apps.
Thin Ice
It would seem that despite best intentions for an exciting project, there are some issues that could curtail support for the initiative. The announcement of the plan was accidentally leaked to the public earlier this month, and it revealed fears by Google that the project could be viewed as an attempt to co-opt OpendID by the community.
To Google’s credit, they’ve been talking with the OpenID Foundation to try and address any concerns. “We definitely do want to work with the community on this.” said Sachs.
Still, any opposition from the OpenID Foundation or the community at large about how Google is implementing OpenID could damage its “don’t be evil” credibility, at the very least.
Related posts:
- OpenID Ends 2009 With 1 Billion Users At the close of a whiz-bang year, OpenID has a...
- Japan’s Largest Telco Goes OpenID NTT docomo, the telephone provider patronized by approximately half the...
- Meet the New OpenID Foundation Board Members OpenID, the open standard for federated user identity across multiple...
- Etelos Adopts OpenID For Business Applications Sold Through Its Marketplaces Etelos is adopting OpenID and Single Sign On(SSO) for its...
- US Government Reviewing OpenID to Log In to Some .Gov Sites Top government IT officials and representatives from online identity services...
Related posts brought to you by Yet Another Related Posts Plugin.