He talks about a problem that most people don't have, and then goes on to state nerds turn a nose up at "security vulnerabilities".
At the core, it's a problem that most people do in fact have, it just is not presented to them in a fashion that is easy to digest, or even tasty enough to consider ordering from a menu. The typical computer user doesn't think about what happens to their password in transit, they enter it, hit enter and say a short prayer that they didn't typo so they can get where they want to go, and get on with life.
If the openID marketing initiative focused MORE on the "stop remembering passwords" a little harder than they had, maybe it'd still be relevant outside of tech circles.
And furthermore, building on the "solution [...] to a problem that most people don't really have"
Didn't Facebook essentially go about solving that "problem" themselves, albeit packaged up in a nice wrapper with your friends and social profile as the adhesive tape?
OpenID was failed from the start, and that's ignoring all the problems that happened around the project (e.g. at SXIP).
For one, it was too limited in scope: it assumed it would operate only within a traditional browser, that cookies are the only place you ever need to store information and that the user is always there to authorize every single action. You can't use OpenID to delegate or automate anything and OpenID just doesn't work well e.g. in desktop apps or on mobile devices. It's locked to one particular interaction flow, and it's not even a good one.
For another, the whole thing was designed by and for people who run websites. 99.99% of the world does not have their own personal domain and the idea of using a URL as their identity was just confusing and weird. Features like delegating your identity using HTML Meta tags on your site are misguided toys for tech nerds with no real world relevance.
Finally, the parts of OpenID that would actually be interesting, i.e. the selective, automatic sharing of information between sites to avoid long signups, never went anywhere, ensuring there would be no actual benefit for the end user for using OpenID.
Facebook didn't just bring a solution that solved all of this, with Facebook Connect and OpenGraph, but they also delivered the user-base to go with it. Think of all the bad privacy PR that Facebook has gotten... has it dented their image? Nope. Because FB connect is too valuable in keeping the barrier of entry low. When given the option, people prefer FB connect.
The point about security isn't that it doesn't matter, but that OpenID is a completely secure solution that nobody really wants to use. Anyone who knows crypto can design a secure handshake, but it takes a lot more to design something that people actually want to use.
Facebook didn't just bring a solution that solved all of this, with Facebook Connect and OpenGraph, but they also delivered the user-base to go with it. Think of all the bad privacy PR that Facebook has gotten... has it dented their image? Nope. Because FB connect is too valuable in keeping the barrier of entry low. When given the option, people prefer FB connect.
EXCELLENT rebuttal, I hadn't thought to look at FB Connect like this with my original comment.
He talks about a problem that most people don't have, and then goes on to state nerds turn a nose up at "security vulnerabilities".
At the core, it's a problem that most people do in fact have, it just is not presented to them in a fashion that is easy to digest, or even tasty enough to consider ordering from a menu. The typical computer user doesn't think about what happens to their password in transit, they enter it, hit enter and say a short prayer that they didn't typo so they can get where they want to go, and get on with life.
If the openID marketing initiative focused MORE on the "stop remembering passwords" a little harder than they had, maybe it'd still be relevant outside of tech circles.
And furthermore, building on the "solution [...] to a problem that most people don't really have"
Didn't Facebook essentially go about solving that "problem" themselves, albeit packaged up in a nice wrapper with your friends and social profile as the adhesive tape?