BT

InfoQ Homepage News OpenID Loses Major Proponent, StackOverflow

OpenID Loses Major Proponent, StackOverflow

Bookmarks

OpenID has lost one of its largest proponents. Stack Exchange, the company behind StackOverflow and other Q&A websites, will be completely eliminating support for OpenID on July 25, 2018. This continues a long running trend of websites eliminating OpenID from their offerings.

Joe Friend, product manager at Stack Exchange, cited several reasons for the change. The primary reason is cost; the number of people using OpenID is very small compared to the effort required to keep it functioning. At last count, only 13K users logged onto Stack Exchange in the last 12 months. This is out of over 9.5 million accounts, or “roughly one-tenth of a percent”. He goes on to say even with inactive accounts there is still only 2.9% of users choosing OpenID.

The idea behind a universal login for all websites continues, but that universal login will be controlled primarily by two major players: Google and Facebook. This is in stark contrast to the goal of OpenID, which was to offer a universal sign-in system where no one player was allowed to dominate. In theory anyone could create an OpenID provider and many people made their own rather than relying on a publicly available offering.

Over the years we have seen OpenID providers shut down, much to the frustration of their users. Joe Friend cites two examples of providers they’ve had to remove from their site: ClaimID and myOpenID. Stack Exchange’s own OpenID provider will also be shut down, though the exact timeline hasn’t been published yet.

All of this should raise serious concerns for websites relying on Google or Facebook. What happens if they decide to shut down their universal login services? While removing it completely is unlikely, they could choose to disable universal logins for a particular website for any number of reasons including:

  • A legal or financial dispute between Google or Facebook and the website
  • Accusations, real or false, of inappropriate or illegal activity on the website
  • Changes in the law regarding data use and sharing
  • Trade disputes between two nations
  • Censorship of Internet traffic at the national level (e.g. the Great Firewall of China)

While there is no reason to panic, it is essential that any company relying on a universal login provider include contingency plans as part of their overall disaster recovery plan. If login services are unavailable, it can potentially cripple a company for weeks as they develop and notify their users of alternate login options.

Rate this Article

Adoption
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Community comments

  • OpenID Connect will still be used

    by Matt Raible /

    Your message is awaiting moderation. Thank you for participating in the discussion.

    It should be noted that OpenID Connect (OIDC) will still be used by Stack Overflow. If you're logging in with Google or Facebook, chances are you're using OIDC. OIDC is the third generation of OpenID technology.

  • Very Low Quality Article

    by Ikemoto Hideki /

    Your message is awaiting moderation. Thank you for participating in the discussion.

    This article confuses OpenID and OpenID Connect.

  • Re: Very Low Quality Article

    by Jonathan Allen /

    Your message is awaiting moderation. Thank you for participating in the discussion.

    I'm not sure why you say that, as this article doesn't mention OpenID Connect at all. OpenID Connect, which is a successor to OAuth, was designed to solve a very different problem than the original OpenID.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

BT

Is your profile up-to-date? Please take a moment to review and update.

Note: If updating/changing your email, a validation request will be sent

Company name:
Company role:
Company size:
Country/Zone:
State/Province/Region:
You will be sent an email to validate the new email address. This pop-up will close itself in a few moments.