Blue Ocean

With the increasing visibility of OpenID, VeriSign gets often invited to conferences to discuss the implications of this new technology. One of the questions that I often get from the audience borrows a line from Jerry Mc Guire: "When technology is based on IP-free open standards, how do identity vendors and service providers make ends meet?" In other words: "Show me the money!" Broad question, so I thought I would get on the record to describe a few of the popular business theories around OpenID and discuss their respective merit.

The IDM Software Business Model:

The first answer is to observe that OpenID is a federation protocol and as such, it fits well within an identity management suite (very much like SAML, or WS-*). Vendors in that space are well known: CA, HP, IBM, Microsoft, Oracle, Sun, etc. IDM vendors derive revenue by licensing their identity management software to large enterprises. Single-Sign-On across enterprise applications still remains an unsolved problem within many enterprises. Because of it is ligthtweightness, OpenID carries the promise of simpler integration across many internal Web applications (enterprise portal, SAP, Oracle Web apps, etc...), making it an attractive IDM solution component and a must-have for most IDM software vendors.

The Service Aggregator Business Model:

OpenID is especially best suited for managing identities across consumer services. So, the natural early adopters will be consumer service aggregators, such as Mobile Network Operators and MSOs. Indeed, these companies view their millions of subscribers as an untapped strategic asset. The ability to leverage OpenID to more easily up-sell and cross-sell subscribers across a growing portfolio of services and channels (wireless, broadband and TV) has strong business appeal. In other words, federating within the walled garden makes good business sense: one unified identity, one converged brand experience, one view of the customer and the ability to subscribe existing customers across new services in one single click, whilst charging them on one single bill.

The Security Business Model:

As a consumer, if you have one consolidated identity for use across many Web services, you are more likely to want to protect that unique identity. It is also easier to do so, since only the identity provider needs to deal with the complexity of any additional security technology. In a shared identity eco-system, security solutions such as strong authentication become more cost-effective since the price of securing identities can now be shared across all the relying parties. In other words, economies of scale can be realized. This is exactly the VeriSign identity protection model that we introduced in early 2006. At that time, OpenID did not exist, so the chances of sharing a complete identity were pretty slim. Therefore, we decided to adopt a simpler sharing model where only the security (the second authentication factor) is shared across sites. Authentication services such as VIP are a good fit for OpenID as they make it relatively easy to turn any IDP into a strong IDP. Beside, if accepting a name and a password from a third party may not provide much additional value over a self-issued name and password, the idea that an identity provider will provide a more secure and stronger identity could well be a compelling value proposition for sites to start accepting OpenID as relying parties.

The Insurance Policy Model:

Building on the idea that what makes accepting a third-party as an identity provider is a stronger identity, arises the identity assurance model. In that model, the identity provider becomes a risk underwriter. Basically, the IDP "insures" the relying party on the validity and knowledge that it has about a given identity. The identity risk profile allows the IDP to make some explicit guarantees (e.g. "no charge back") and be compensated for it. For example, a bank who knows a lot about a consumer identity and purchase behavior could vouch for a consumer transaction to be trustworthy and underwrite the risk based on the consumer risk-profile that it has accumulated over time.

The Lead Generation and Advertising Model:

In OpenID everyone is focused on Single-Sign-On. The truth is that the real money-maker may be more about attribute exchange than simpler login. By attribute exchange, I mean the ability to seamlessly transmit a subscriber's registration profile and payment information in real-time. In that context, I can see OpenID become an enabler for CPA-based advertising. In the CPA model, the publisher and the ad network (IDP) get paid when the user registers with the advertiser (lead acquisition) or purchases from the advertiser (impulse buy). By removing the typing, OpenID can enable a much more effective CPA model where the user only needs to login into their identity provider to authorize a registration or a purchase. The ability to register a new customer and allow them to pay from any device within 1-click could prove a significant enabler for direct response advertising.

Of course, all these business models remain somewhat theoretical and unproven. However, the intuition is that there are many angles to consider when approaching OpenID from a business perspective. Interestingly, the breadth of opportunities should make the emerging standard more relevant to many leading Internet companies. This may explain the broad and growing attraction for federated identity, and OpenID in particular. That is all good news for the technology, as without business drivers, it will remain a technology construct that makes conferences headlines but is ignored by business minded leaders. That would be a shame of course as the best ideas are the one that can seduce consumers, technologist and those who follow the same three directives day after day: "Show me the money, show me the money, show me the money!"

Posted by Nico Popp at 10:38 AM | Permalink | Comments (0) | TrackBacks (0)

When Google tells the world it is going after the mobile way, one should always take notice. So, after weeks of procrastination, I finally took a look at Android. My timing was not too far off, since the first Android phone only made its appearance at GSM this week.

In a nutshell, Android is a mobile platform that builds on top of Linux but bundles additional layers such as a web browser (Webkit), a set of applications services (e.g. telephony and messaging) some libraries and a homegrown runtime (ala Java VM). The marketing brochure says that Android is Open (and most of the components are).

Like the first Google phone, Android seems to be a work in progress. A few hours of digging into the developer site and the examples, followed by a sudden crave for caffeine that interrupted my progress, eventually left me with mixed impressions. Yes, I would have to admit that Android was rapidly falling short of my high expectations. After all, the mobile brainchild of a company with such technical talent as Google had to be second to none.

It is not that Android is technically bad. It is quite the opposite, actually. Technically, Android is extremely sound and brings some interesting innovations. It is just that it does not seem very Google-like to me. In particular, it does not fit the Web-centric programming model that you would expect from the inventors of AJAX and precursors to the Web 2.0 movement. Why Google would decide to err so far away from the development model that made their success was really a big surprise to me.

Take for example, Android's application component model. It relies on the new concepts of "Activity" and "Intent". The idea is to enable an application to easily mix different components from other applications within its own view (way back then, Microsoft called this Object Linking and Embedding (OLE)). Great idea, right? Yes, especially, in a mobile environment where users frequently need to switch between messaging, contacts, and calendaring. But then again, why not enabling widgets and mashups as a simpler GUI and component model for mobile? After all, Apple just did that for MAC OS X. instead of making the Web and mobile come together, Android is introducing yet another programming model. As good as it may be, it sounds like a missed opportunity to do what Google does so well: pushing complexity to the cloud, and simplicity to the client in order to enable the largest developers community.

This is my sole disappointment, really. Android does not try hard enough to enable the Web programming model into the mobile. Instead, like any traditional mobile OS company, it makes it a second-class citizen. In doing so, Android confines most of the Web developers to the browser. That kind of traditional device-top approach is exactly what you would expect from non-Web companies like Nokia, Sun or IBM, but from Google? Where are the XHTML, CSS, JavaScript and all the REST (pun intended) of the Web 2.0 technologies that made us scream "WOW" the first time we saw that Google map drag along the mouse?

Yet, Google is standing strong behind Android. Therefore, I would expect Android to enjoy a long and prosper future. It just seems strange that in the end, Google decided to opt for a development model that is foreign to its own DNA. Ah! But on the other hand, they did call it Android, didn't they?

Posted by Nico Popp at 02:47 PM | Permalink | Comments (0) | TrackBacks (0)

Today, Google, Microsoft, Yahoo!, IBM and VeriSign are joining the OpenID Foundation board. After the OpenID deployment from Yahoo! and Google earlier this year, this is one more piece of good news for the OpenID afficionados. I know that all of us involved with OpenID at VeriSign are really excited with the latest developments. Since OpenID is a key element of VeriSign's identity strategy, I thought I would take a minute to discuss the role and the importance of the Foundation moving forward.

IP Free Open Technology:

If we have learned one thing form the success of DNS and SSL, it is the importance of Intellectual Property (IP) free open standards to the success of any new Internet technology. Without them, the chances of broad adoption for any new Internet technology are as good as the odds for a wild card team to win the Superbowl extremely slim. Identity services are no exception to the rule. So, the Foundation's primary goal will be to ensure that OpenID always remains open and free to the Internet community. Concretely, this means that the Foundation will work with identity vendors and the community to protect OpenID Intellectual Property Rights and its free usage policy. Technologies always evolve and improve; we needed a body to exercise ongoing vigilance. There cannot be any compromise on this point. The good news is that everyone on the board has already embraced this idea as a fundamental principle.

Where the Ying and the Yang Meet:

OpenID is essentially a grassroots technology. So far, the specification and the implementation have been mostly driven by the technical community. I would argue that it is a good thing. Had the vendors be involved too early, the technology may not have ended up as brilliantly simple and as easy to deploy, and OpenID may not have enjoyed the initial community enthusiasm and rapid deployment (remember Liberty Alliance?). This grassroots model has proven to work so we must keep it moving forward. At the same time, as large identity service providers and software vendors join the OpenID bandwagon, we needed an entity to facilitate the exchange of ideas and product requirements between the grassroots and business communities. A Yahoo! or a Google may need specific product enhancements. A VeriSign may ask for some additional security elements. At the same time, the OpenID technical community needs to be able to keep on innovating and take the technology into new directions. The Foundation will be the place to facilitate the debate and prioritize the efforts.

Creating a Second to None OpenID Experience:

With Google, AOL and Yahoo! deployments, OpenID is off to a great start. 350M users have now access to the technology. One challenge remains: very few of these 350M consumers are using OpenID or are even aware that the technology exists. This leads to one of the important roles for the Foundation: to drive consumer adoption. The Foundation will own the Open ID brand and logo. It will define and protect its proper context of use. More importantly, the Foundation will need to make these assets to be synonymous to "insanely great user experience' in the mind of the consumers. There is little doubt that the success of OpenID will be tied to the quality of the user experience it brings to millions of consumers. Yahoo! already improved that user experience. The Foundation will take it further and enable a true "one-click" or even "zero-click" user experience for login, registration, payment and all other forms of Internet activities that require identity information exchange. The Foundation will be the place to funnel the best ideas from the community and set the best deployment practices.

At VeriSign, we are truly excited to be board members of the Foundation and support its mission. Bill Washburn, a former colleague, and a friend is heading the Foundation, and I cannot think of a better person to help drive consensus across so many distinct personalities. That certainly makes it yet more reasons to be excited. Let us get to work!

Posted by Nico Popp at 08:42 AM | Permalink | Comments (0) | TrackBacks (0)

Last week, Yahoo deployed OpenIDs, basically allowing 250 millions of Yahoo! accounts to be turned into OpenIDs. This was great news for federated identity, an old idea by Internet time standards, that is finally gaining some traction with the big guys (Google now supports OpenID commenting on Blogger). The only question that remains is whether consumers will join the party and will decide to turn their Yahoo! ID into an OpenID. After all, is there enough for them to care?

First things first: big kudos to Yahoo! for showing leadership on the identity front. Yahoo!'s implementation is actually quite elegant. For one thing, they fixed one of the big shortfalls of OpenID's user interface. Instead of a clumsy URL, you simply type yahoo.com and get redirected to Yahoo!'s sign-on page. The brand marketers will appreciate! I also suspect that typing a brand name as familiar as yahoo.com is much more palatable to consumers than typing a lengthy URL.

Not only is Yahoo! showing leadership, they are doing something really smart by attempting to capitalize on their very large digital identity asset, which will prove critical in the strategic battle for mobility and personalized advertising. If Yahoo! can become the trusted identity provider for 250 millions consumers, greatness and new revenue opportunities will certainly follow. The only question is whether Yahoo! is going far enough to move the needle. After all, consumers tend to be extremely demanding customers. They are creatures of convenience and only seem to care about being able to do new things with more ease and more speed. As long as OpenID only lets them do what most of them are already doing (login in across multiple sites), with relatively little gain in convenience (many users already use one single password for all their sites and mashups), adoption and usage may well remain limited.

So great start, but let us hope this is only the tip of the iceberg. Let us hope that Yahoo! is working hard on adding innovative new services to my new OpenID. Let us hope that consumers will adopt it in mass. What will these services be? Truly a question for Yahoo! product brain trust, but if the Yahoo! Fairy was to visit me tonight, I would make three wishes:

1. Mobility:
My world is becoming more and more Web centric and less and less desktop centric. New devices such as X-Box, Apple TV, BlackBerry are taking a larger chunk of my connected life. I need a consistent but simple way to access and personalize services and content across all these different network devices.

2. Security:
My identity is precious to me and any identity theft is a violent crime against me! Migrating to a portable identity provides the opportunity to make my identity stronger. Fairy, think V.I.P., of course!

3. Activity:
Yahoo! mail has 80% of my social address book, Flickr has most of my pictures, but many other sites have my comments, my blog, my videos. Aggregating and controlling my personal content across all these sites could benefit from a federated access and authorization mechanism.

Voila! Easier said than done. But the point is that for OpenID has to become an enabler for new user experiences, and go well beyond being a patch for "too many names and passwords". OpenID needs to focus on enabling what consumers will want to do tomorrow not on optimizing what they did yesterday. Short than that, consumers may not care and OpenID will be yet another missed opportunity for enabling and protecting digital identities on the Internet.

Posted by Nico Popp at 11:31 AM | Permalink | Comments (2) | TrackBacks (0)

The Internet is the foundational infrastructure that will transform the 21rst century. It has revamped commerce and entertainment, altered society, and will eventually break all geo-political barriers, changing the ways million of human beings communicate and live around the world. Of course, these words would only remain corny cliches if, from time to time, we did not stumble upon a new Internet service that makes them sound so vibrantly true.

That happened to me last weekend, when a friend of mine introduced me to a non-profit service called Kiva.org. We have all heard of micro finance. This concept became mainstream when Muhammad Yunus, recipient of the 2006 Nobel Peace Prize, formulated the practice of micro-loans in Bangladesh. Kiva builds on this powerful idea by combining it with the global and cost-effective nature of the Internet, essentially creating a global micro-loan financial network. Similar to Yunus's vision, Kiva has allowed men and women all around the developing world to connect with millions of people willing to upstart their businesses, ranging from carpentry to wine making.

Kiva leverages the power of micro-loan and P2P networks to create the first global bank for the poor. Saying that Kiva is a generous endeavor, a big idea and a brilliant use of the Internet would be an understatement. It is a life changing service for the under-privileged men and women who now have instant access to millions of socially minded individuals all around the world. Of course, don't take my words for it. Go meet Pascuala from Mexico, and Ngheam Nghor from Cambodia as well as hundreds of their peers. Their stories are equally compelling and moving. So join Kiva.org, tell all your friends, and fall in love with the Internet all over again.

Posted by Nico Popp at 08:55 AM | Permalink | Comments (0) | TrackBacks (0)