Federated login has been a goal of the
Internet community for a long time, but its usage is still quite low, especially in the
consumer space. This has led to the constant need for users to create yet another account to
log in to a new website, and most consumers use the same password across websites even though
they realize this is a poor security practice. In the enterprise space, many
software-as-a-service vendors such as Salesforce.com and Google Apps for Your Domain do
support federated login, but even those vendors encounter usability problems.
On September 12 the OpenID
Foundation held a meeting to gather feedback on how to evolve the best practices for
using OpenID so that it might be used by websites in a larger number of market segments. The
meeting included representatives from many mainstream websites including The New York Times,
BBC, AARP, Time Inc., and NPR. Google has been researching federated login techniques, and at
the meeting we showed how a traditional login box might evolve (see below) to a new style of
login box that better supports federated login.
We also shared a summary of our usability
research that explains how this helps a website add support for federated login for some users
without hurting usability for the rest of the website's user base. We hope that industry
groups, such as this committee in the OpenID Foundation, will continue to share ideas and
experiences so we can develop a model for federated login that can be broadly deployed by
websites and broadly used by consumers. If your company has experience or research that you
can share, we hope you will get involved
with the OpenID community and join the further discussions on this topic.