Update: We’ve been contacted by members of the OpenID community who argue that we’ve mischaracterized the controversy in this post. Additional complications not discussed here include the now-ceased process of whitelisting domains that could use Google OpenID.
After we wrote about Google becoming an OpenID provider yesterday, a number of reports suggested that Google was not following the OpenID guidelines closely and that it was basically forking OpenID to suit its own agenda.
The problem with Google’s implementation of the OpenID protocol was that users could not just use their Gmail accounts to log into any OpenID enabled site and that Google itself did not accept OpenID to let users log into Google’s own services. Now, Google has published a blog post to its Google Code Blog that explains why Google chose this implementation and how it will address these concerns in the future.
Normally, when you use your email address as your OpenID credential, the OpenID enabled site (the ‘relying party’) goes back to your OpenID provider and looks for a specific file (XRDS) on the server. However, Google chose not to implement this part of the OpenID ecosystem when it launched its OpenID implementation yesterday and made developers rely on Google’s own API instead.
Now, however, Google has announced that it will start publishing XRDS files ‘as quickly as possible.’ For the time being, you can use ‘https://www.google.com/accounts/o8/id’ to sign up for OpenID enabled sites.
Why Google Doesn’t Accept OpenID Itself
One other issue many people raised yesterday was that Google itself did not accept OpenID for letting users sign in to its own properties. According to today’s blog post, the reason for this is purely technical, as « all Google rich-client apps would break if we supported federated login for our consumer users. » Google, however, is looking at possible solutions for these problems and is enlisting the help of the OpenID community.
It is good to see Google acknowledge these issues head-on. Despite these growning pains, we still think that Google’s support for OpenID will drive its widespread acceptance, especially once Gmail users can just use their accounts to effortlessly create accounts and log into third-party services.
Note: Yesterday’s espiode of TheSocialWeb.tv has some more in-depth detail about the development of Google’s OpenID implementation and features an interview with the developers.