Zoho made an interesting move today by adding support for using a Google or Yahoo! account to authenticate to their suite of online productivity tools. I wonder what the OpenID community will think of this?
I’ve been following the OpenID space for the last little while, and this marks a curious turn in the development. OpenID has been promoting the idea of decentralized system that would allow users to minimize the number of usernames and passwords they need to login to the various web-based applications they use. It’s a great idea, but as I did some research for a client recently I concluded that the conflicting incentives for OpenID stakeholders may prove to be a barrier to adoption.
The core challenge is that while everyone wants to control users’ information by becoming an OpenID identity provider, there’s less enthusiasm towards becoming a relying party that accepts OpenID credentials. This is not especially surprising – controlling users’ information is the means that corporations maintain lock-in, and derive competitive advantage that they use to drive revenues. Hence, the move by many large web portals to act as OpenID identity providers, but not relying parties, has been viewed as an underhanded means to exploit the interest in the OpenID standard.
What’s curious about the Zoho move is that the company has obviously made the decision to accept third-party authentication credentials in a bid to lower the barriers to adopting its products. Google’s Docs and Spreadsheet offerings are a major competitor to Zoho’s offerings, so it makes sense to try minimize the pain of switching from Google to Zoho products. However, the decision to include Yahoo! accounts in the mix confuses things somewhat. Given Yahoo’s current problems, why would Zoho want to include those users? And if you’re going to go to the trouble of supporting yet another authentication scheme to reach a wider audience, why not go for OpenID?
Overall, it seems very strange that Zoho would exert the effort to support GAuth (used by Google) and BBAuth (used by Yahoo!). Both Google and Yahoo! are now OpenID identity providers, so why go down the path that requires roughly twice the effort required to support OpenID? You could do less work, and reach more users!
I can only guess that either this work began prior to Google and Yahoo!’s OpenID support was announced. However, there is one other troubling possibility: that while OpenID solves the technical problem, using a Google or Yahoo! account to authenticate to a third-party is more easily understood by users.