On 2008 Oct 27, the Live Services blog announced that Windows Live ID will become an OpenID provider. The announcement goes on to note that the initial release is a Community Technology Preview (CTP), not yet intended for users, but for web sites and developers, and that Windows Live ID’s OpenID support will be for the OpenID 2.0 protocol only.
A regular Windows Live ID account does support OpenID yet. You can test the service by registering for an account in the Windows Live ID Integration environment, which does not provide access to other Windows Live services.
Microsoft expect to release OpenID support in to their production environment in 2009.
Right on the heels of the Microsoft announcement came OpenID support from Google. Like Microsoft, Google supports the OpenID 2.0 protocol, but starts supporting it immediately.
The support for OpenID sounds great, but so far, both Microsoft and Google are only providing OpenID identifiers, so you can use your Microsoft or Google identity to log in to other services, but they are not accepting OpenID identifiers from third party yet
The OpenID idea is to have a single sign-on for all web sites. Until Microsoft and Google accept OpenID identifiers from third parties, they are not truly supporting OpenID.
OpenID hardly needs yet more OpenID providers, it needs OpenID consumers. We don’t need yet another credit card, we need the Microsofts and Googles of this world to accept each other’s credit cards.
Initial response to the Microsoft announcement was sceptical. Not only is Microsoft providing half-baked support, but Microsoft just isn’t the world’s greatest supporter of web standards, and has a history of embracing standards only to extended them with proprietary features.
But anyone who reads the Google announcement carefully will note that it is Google That’s messing with the OpenID standard. The details are in the developer documentation, but the blog announcement already talks about logging in with your email address, while OpenID users always log in with an OpenID url instead.
If you read the Google announcement closely, you may notice one somewhat
awkward sentence: We hope the continued evolution of both the technical
features of OpenID, as well as the improvements in user experience. will lead to a solution that can be widely deployed for federated login.
.
Continued evolution? Improvements in user experience? That’s a wishy-washy way of saying "Oh, by the way, we decided to mess with the protocol".
Using an email address and password to login may be slightly more familiar,
but it is not OpenID as we know it. OpenID users do not need to provide their
email address to the sites they visit.
A future version of the standard may provide the familiar email address &
password logon, there is plenty of talk about that possibility, but OpenID 2.0
does not.
To work as illustrated in Google’s example, a site must register with Google and add special code for Google users. If Google really supported OpenID, sites that already support OpenID would not have to do anything.
Neither Microsoft nor Google is truly supporting OpenID, but only want to be OpenID providers. Microsoft has pre-announced that service and is not really offering it. Google is offering their service immediately, but Google is not supporting OpenID. Google is promoting GoogleID instead.
Google has responded to the criticism by changing its service. It is no
longer necessary for sites to register with Google. Google will also publish the
necessary XRDS (Extensible Resource Descriptor Sequence) file on its server,
that allows OpenID users to merely type "gmail.com", just like users of Yahoo!’s
OpenID provider need only type "yahoo.com".
Google’s excuse for using an email / password combination instead of an OpenID
URL and being a provider only is that many desktop and mobile applications are
hard-coded to take an email / password combination, and that these would break
if they allowed federated login.
When you follow the old link to Live Services blog 2008-10-27: Windows Live ID becomes an OpenID Provider, you are presented with a 2011-07-19 blog entry in which Microsoft claims existing blog entries have been moved to the Windows Steam Blog. However, Microsoft seems to have deleted the old blog entries. The broken link has been removed.
Copyright © Tamura Jones. All Rights reserved.