Last month at the first Content Provider Advisory Committee meeting in New York, several media companies and affinity groups identified two desired areas for improvement around OpenID: the user experience as it reaches mainstream adoption and the increased ability to exchange profile information given user consent. Since then, the OpenID Foundation, its members and the wider community have been working hard to understand what it will take to make OpenID more usable by mainstream users and why the larger OpenID Providers have not been quick to support OpenID Attribute Exchange.
As a quick aside, AOL has just launched My MapQuest which sports a great new OpenID login experience. It's worth noting that in the process of signing up for a MapQuest account using OpenID, you're also creating what seems to be an account at AOL too. Additionally, AOL requests profile information from your OpenID Provider meaning that in some cases you're able to sign up for a new account without having to type your email address, name, nickname, etc. AOL is the first large internet company to support OpenID sign in on a non-blogging product and while they don't yet let you use your OpenID to sign in on AOL.com, it's seems clear that is the direction they're headed.
From the user experience front, Yahoo! hosted the first OpenID User Experience Summit where nearly forty people came together sharing what they've learned around usability, user experience, and various interface designs for OpenID and OAuth. In the following weeks, more work has been underway focused on implementations that improve the intuitiveness of OpenID registration and login. At the Internet Identity Workshop in Mountain View the week before last, sessions were held around many different aspects of OpenID; technical, business and user experience, among others.
The general approach to improving user experience over the past year has been the idea of graphically representing various larger OpenID Providers. The main critique is that it will only scale to a fixed number of providers since not every logo can be displayed. That said, it represents the approach taken on an increasing number of OpenID enabled sites, by Facebook Connect, and is being productized by companies such as JanRain with their RPX interface.
As Google continues their usability research around federated login, they've built a login widget which allows the user to enter their email address and say that they don't have a password but need help logging in. This then allows the site to see if they recognize the email address within their own login database or if it belongs to a domain such as @gmail.com or @yahoo.com which also acts as an OpenID Provider. The ability to use an email addresses within OpenID is currently a highly discussed topic that is leading to the formation of a new technical working group to better understand the motivations and challenges, while also proposing a technology solution.
On the data side, Yahoo! has just announced a controlled beta of support for the Simple Registration extension (SREG) which provides full name, nickname, email address, gender, language, and timezone if the user chooses to share it. AOL has also just announced preview support for SREG profile information transfer of email, nickname, country, date of birth, gender, and postal code if the user chooses to share it. Additionally, Google's OpenID Provider supports the transfer of a validated gmail.com email address via Attribute Exchange if the user chooses to share it. This trend of being able to more easily and securely exchange profile information via OpenID is one that we expect to increase through 2009.