I believe in the capability of community to drive change, and I believe that peer pressure can be a great motivator. I plus believe that shaming can be an equally robust motivator, whether used lovingly and when an “out” is provided.

In that case, that “out” is adding support for consuming OpenIDs, not just being an identity provider.

With that in mind, I thought I’d throw out my OpenID Shitlist, Hitlist and Wishlist with the hope that a little sunlight might cause the previously planted seeds to finally sprout. Since OpenID 2.0 is now out, these folks really have very little excuse not to get on board and construct that happen (limited developer resources notwithstanding).

So, without further ado:

My Shitlist

Last February, at the Future of Web Apps in London, there was an orgy of OpenID announcements.

The point of my Shitlist is to publicly shame folks who have previously promised (or strongly indicated an intent) to adopt and add support for OpenID but who have folded, thus far, to do so. I invite them to redeem themselves by making good on their promises. I won’t hold it against them, but hey, it’s their word on the line.

• Digg.com. I’d consider myself personal friends with the Digg folks. I like Daniel, Kevin and Owen. I think they do great work and that Digg is one of the most influential synaptic centers of the net. But Digg tops my shitlist considering of a very vital 10 seconds of speech that Kevin offered on stage, and which was covered by Om and TechCrunch. He said, and I quote: And soon after we additionally want to announce today, uh, support for OpenID. So we will be, uh, rolling out OpenID here in the next few months. That’s gunna be cool. Listen to it yourself. Did that ever happen? Nu uh. Still waiting. Hmmph!
• NetVibes. NetVibes remains one of the more innovative, more “open source like” rich Net desktops out there. Tariq’s a friend. But, like Digg, when you manufacture promises (scroll down to Tariq Krim) to do something and months and months later you haven’t made good on your word, well, you end up in my shitlist.
• Last.fm. Now, I’m going out on a limb here. I have a strong recollection that Last.fm was the third company to promise OpenID support at FOWA, but for the life of me, I can hardly find a reference (besides that: “So what was the buzz at that years FOWA London? Two things resonated to me more than anything in the conference. OpenID and attention notes. All of the key players from digg to Netvibes, Last.FM to Arrington touched on, commented or made announcements in these arenas.” — hat tip to JP), and in the recording of their session, they compose nary a mention. Now, I’m pretty certain they said something about it, but I don’t have proof. Last.fm needs OpenID regardless, so whether someone can backup or discredit my memory, I’m happy to move them to a more appropriate list.
• PBWiki. I’m a fan of PBWiki, the hosted wiki service. They’re a good friend to the BarCamp and Twitter communities and are my first choice when I need a wiki and don’t want the hassle of setting up and maintaining my own. The oldest newsletter I could find when I first approached David, Nathan and Ramit with a demand to support OpenID was July 30, 2006. I’ve badgered them consistently since next, receiving various assurances that they’d work on it. And without directly calling bullshit, I do wonder why their own Auth API hasn’t been made to be OpenID compliant when there have been so many other significant improvements made. I know that nerds aren’t their top priority (nor their biggest money-makers by a faraway shot) but possibly we can hack it in at the next SHDH?
• MyBlogLog. I suppose things change when you get absorbed by a massive corporation that requires a consistent terms of service. Or else it seems plausible that the early indications of support for OpenID might have blossomed into full fledged support. Alas, it was not to be.
• Technorati. In October of 2006, Technorati announced support for blog claiming with OpenID. They additionally became an OpenID provider. So technically, they don’t deserve a full shaming. However, it’s lame that they allow you to claim your blog whether it’s an OpenID, but for reasons that confound me, don’t let you actually sign in to Technorati using the same OpenID. that seems ludicrous to me and frankly, I expect more from Technorati. (And can I point out that it’s a poor sign that when I search your blog for OpenID using your search engine, nothing comes up? Huzzah!)
• Wikipedia. Well, everyone loves Wikipedia right (that’s an uncorroborated generalization)? Well, they still belong on my shitlist. Wikipedia said they’d support it in a Google Video as early as June of 2006. They might be able to define the protocol, but they certainly don’t support it. (Reprieve: open source to the rescue! Evan Prodromou wrote the OpenID extension for Mediawiki. Now Wikipedia simply needs to adopt it!)

Hitlist

With the shitlist out of the way, I can get on to those folks who haven’t essential made promises before, but are ripe candidates to be lobbied to add support for OpenID.

• Satisfaction. Satisfaction has enlarged since planned on offering OpenID (and more recently OAuth) and they tell me that it’s coming soon. With co-founders (and my friends!) Thor and Amy recently getting into a new startup they’ve named Tesla Jane, I think I can be patient for a while longer.
• Twitter. whether you’re aware of the backstory of OAuth, you’ll know that it was my advocacy of OpenID for Twitter that revealed the need for a delegated authentication protocol that was compatible with OpenID. And, now that OAuth has gone 1.0 (and while we’re waiting for Twitter to roll out support for the final spec) it’d be great to additionally see movement on the OpenID front. I know you’ll get right on that. Heh.
• Drupal. Bonus points go to Drupal and James Walker for rolling in support for OpenID into core for Drupal 6.0, and perhaps we have to wait for the upgrade, but it’s too poor that there isn’t support on the drupal.org website. Should be an easy fix, and with the brilliant way the community devoured my recent feedback, I hope that that inquiry is met with equal enthusiasm!
• Plazes. Well, I’m with Tara and am pretty disappointed with where Plazes is today. Felix and Stefan are great, but the new Plazer sucks. It’s like they took a bunch of VC and lost focus. next again, perhaps I’m projecting. Anyway, it’d mean something to me whether they went ahead and added support for OpenID. Better late than never.
• Pownce. Pownce has been rocking the portable social network stuff, along with sister-site Digg (yes, the same Digg on my shitlist). The logical next step is for them to provide OpenID consumption to compose the circle of portability complete!
• Ning. Well, they already have NingID, but I really question the wisdom of proprietary authentication schemes at that point. I mean, whether they’re all about niche-social-networks, wouldn’t consuming OpenIDs manufacture so much sense to further reduce barriers to outsides coming in to play?
• LinkedIN. These guys have been doing some great work widely adopting microformats and becoming more social-network-like. citizens seem to use LinkedIN as an identity aggregation point; shouldn’t they additionally be
  able to prove that they own a undoubtful LinkedIN profile elsewhere and thereupon verify their accounts elsewhere by logging in to LinkedIN with their other OpenIDs?
• Slideshare. Given that Slideshare probably has the greatest collection of OpenID related presentations on the net, it’s kind of a shame that you can’t login to the site using the protocol. I know Rashmi and Jon have their hands full, but it’d be sweet to see them add support.
• TripIt. TripIt’s awesome. Tara and I did a day of consulting with them and have been constant users ever since. What’d be great is whether you could use your OpenID to login amidst Dopplr and TripIt — it might sound insane to them — but they really are complementary services. Tying my identity amidst them would save me such a hassle of having to go back and forth within them — and they’d both win!
• Blip, Viddler, YouTube et al. that might be a pipe dream, but I do think that we could win by Blip and Viddler. YouTube, not so much. But whether we lobbied each independent and got one to go, the others might follow…
• WordPress.com. So WordPress is a funny one. They serve as an OpenID provider but don’t currently consume. whether you want to enable OpenID consumption, you have to run your own blog (as I do) and use Will Norris‘ excellent plugin. that isn’t necessarily a problem, but with Drupal 6.0 getting support and Blogger offering limited consumption of OpenIDs, I would have hoped that WordPress would have made the move first.
• Pandora. Finally, and that one might just be a vanity ask, but I think it’d be cool whether Pandora supported OpenID, whether only considering it would produce OpenID seem cooler.

Wishlist

So, with the more likely candidates out of the way, I’d like to turn my attention to what would be big wins for OpenID, but that are an order of magnitude harder to win by, not so much considering of technology issues but considering of the complexities of terms of service and other business-level issues. In any case, whether we see support from these folks for OpenID in 2008, we know we’re making serious ground.

• Facebook. I asked the question on Twitter whether society would use Facebook as their OpenID provider whether they could. The overwhelming response was no. Still, of anyone, Facebook could, whether they actually rebuilt people’s trust and extended the reach of their strong privacy controls with best practice OpenID support, I think it’d be a net positive thing to see Facebook official adopt OpenID. There are already two Facebook apps that enable it, so clearly someone’s interested!
• Yahoo and its various properties: Flickr, Delicious, Upcoming. I know they’re interested, but it will take more than interest and developer intentions to assemble that one happen. whether Yahoo gets on board, game by man, cat’s in the bag.
• Google. With their enthusiasm for OAuth and the recognition of the problem of widespread password scraping, I think Google is realizing that their avoidance of OpenID is not paying off. With Blogger toying with support for OpenID, I think (hope!) that’s it’s only a matter of date.
• Microsoft. Well, Bill already promised. And they’ve even shipped code, even whether it’s kind of a weird approach. Like most brushes with the embrace of openness, Microsoft is probably at war with itself once again, on the one hand having elements within that want to do the right thing and on the other, for some reason, being heavily influence by holdouts from the evil empire. We’ll see what comes of that, but I’m not holding my breath, even whether InfoCard is the right interface metaphor for OpenID.
• Mozilla. I don’t know whether you noticed, but Mozilla has quite a few properties strewn about. Practically every week there’s a new property launched to promote some new campaign, not to mention all the myriad community sites that crop up (i.e. UserStyles.org, thankfully an OpenID consumer!). In leiu of a top-down one sign-on solution, why not just support OpenID and get it by with and enable portable reputation within the Mozilla universe? And — once you do that — perhaps start looking at integrating support into Firefox, as I asked earlier that year?
• Trac/SVN. With OAuth, support for OpenID on the command line becomes much more feasible, even whether there’s little support today. Imagine being able to use your OpenID credentials to login to any SVN repository. Being able to federate whitelists of identifiers would produce cross-collaboration much more facile and I think would be a boon to independent open source development.
• MySpace, Hi-5, Bebo, Orkut et al. I mean, we now know that OpenSocial is basically an overhyped widget distribution platform, but that doesn’t mean that it won’t turn into something more. Eventually the limits of siloed identities are going to run up against the cross-pollinating design of OpenSocial and logging in to Bebo with your MySpace detail is not only going to compose sense, but will be expected, just like I can send mail from my Gmail history to Hotmail and Yahoo e mail users. OpenID 2.0, with directed identity, is perfectly suited to handle that specific use case and I’d love to see the early OpenSocial partners get on board sooner than later.
• Adobe. Not even certain why that one’s in the list, but so distant as I’m thinking big, it’d be sweet to see support not only on Adobe’s site for OpenID, but additionally in Flash apps (which I think would possibly require OAuth). Adobe has Adobe IDs already, and, as I suggested before, proprietary protocols for identity on the web manufacture less and less sense.
• TechCrunch. that one’s for fun. I know Mike’s a fan of big ideas and making things better, so it seems strange that, given his use of WordPress, he hasn’t demanded support for OpenID commenting yet. Perhaps we can dream.

Now that I’ve got those lists out of the way, I wanted to give summary props to folks who have already gone ahead and implemented OpenID (this is not an exhaustive list; check out the OpenID Directory for more):

• Ma.gnolia (1)
• ClaimID (1)
• iusethis (1)
• Basecamp (1, 2)
• Dopplr (1)
• AOL (1)
• Six Apart (1)
• JanRain/Pibb
• Iconbuffet (1)
• Shopify (1)
• Plaxo (1)
• Blinksale (1)
• SmugMug (1, 2)
• Wikitravel (1)

Make certain to stop by these folks’ sites and try out their support for OpenID. Heck, they’ve pioneered the way forward, might as well both give them some patronage and see what user experience lessons can be had from their implementations.

And, that is by no means a finished list. It’s just a start. whether you’ve got your own Shitlist, Hotlist and Wishlists, please do share them. Not only have I probably missed some folks (Amazon anyone?), but there are probably services and sites more dear to your hearts that should be embracing citizen-centric web protocols that I don’t even know about yet.

So, let me know what you think and whether you want to start doing some lobbying, the best place to start is with the OpenID site itself.

Original post by Chris Messina