Blue Ocean

With the increasing visibility of OpenID, VeriSign gets often invited to conferences to discuss the implications of this new technology. One of the questions that I often get from the audience borrows a line from Jerry Mc Guire: "When technology is based on IP-free open standards, how do identity vendors and service providers make ends meet?" In other words: "Show me the money!" Broad question, so I thought I would get on the record to describe a few of the popular business theories around OpenID and discuss their respective merit.

The IDM Software Business Model:

The first answer is to observe that OpenID is a federation protocol and as such, it fits well within an identity management suite (very much like SAML, or WS-*). Vendors in that space are well known: CA, HP, IBM, Microsoft, Oracle, Sun, etc. IDM vendors derive revenue by licensing their identity management software to large enterprises. Single-Sign-On across enterprise applications still remains an unsolved problem within many enterprises. Because of it is ligthtweightness, OpenID carries the promise of simpler integration across many internal Web applications (enterprise portal, SAP, Oracle Web apps, etc...), making it an attractive IDM solution component and a must-have for most IDM software vendors.

The Service Aggregator Business Model:

OpenID is especially best suited for managing identities across consumer services. So, the natural early adopters will be consumer service aggregators, such as Mobile Network Operators and MSOs. Indeed, these companies view their millions of subscribers as an untapped strategic asset. The ability to leverage OpenID to more easily up-sell and cross-sell subscribers across a growing portfolio of services and channels (wireless, broadband and TV) has strong business appeal. In other words, federating within the walled garden makes good business sense: one unified identity, one converged brand experience, one view of the customer and the ability to subscribe existing customers across new services in one single click, whilst charging them on one single bill.

The Security Business Model:

As a consumer, if you have one consolidated identity for use across many Web services, you are more likely to want to protect that unique identity. It is also easier to do so, since only the identity provider needs to deal with the complexity of any additional security technology. In a shared identity eco-system, security solutions such as strong authentication become more cost-effective since the price of securing identities can now be shared across all the relying parties. In other words, economies of scale can be realized. This is exactly the VeriSign identity protection model that we introduced in early 2006. At that time, OpenID did not exist, so the chances of sharing a complete identity were pretty slim. Therefore, we decided to adopt a simpler sharing model where only the security (the second authentication factor) is shared across sites. Authentication services such as VIP are a good fit for OpenID as they make it relatively easy to turn any IDP into a strong IDP. Beside, if accepting a name and a password from a third party may not provide much additional value over a self-issued name and password, the idea that an identity provider will provide a more secure and stronger identity could well be a compelling value proposition for sites to start accepting OpenID as relying parties.

The Insurance Policy Model:

Building on the idea that what makes accepting a third-party as an identity provider is a stronger identity, arises the identity assurance model. In that model, the identity provider becomes a risk underwriter. Basically, the IDP "insures" the relying party on the validity and knowledge that it has about a given identity. The identity risk profile allows the IDP to make some explicit guarantees (e.g. "no charge back") and be compensated for it. For example, a bank who knows a lot about a consumer identity and purchase behavior could vouch for a consumer transaction to be trustworthy and underwrite the risk based on the consumer risk-profile that it has accumulated over time.

The Lead Generation and Advertising Model:

In OpenID everyone is focused on Single-Sign-On. The truth is that the real money-maker may be more about attribute exchange than simpler login. By attribute exchange, I mean the ability to seamlessly transmit a subscriber's registration profile and payment information in real-time. In that context, I can see OpenID become an enabler for CPA-based advertising. In the CPA model, the publisher and the ad network (IDP) get paid when the user registers with the advertiser (lead acquisition) or purchases from the advertiser (impulse buy). By removing the typing, OpenID can enable a much more effective CPA model where the user only needs to login into their identity provider to authorize a registration or a purchase. The ability to register a new customer and allow them to pay from any device within 1-click could prove a significant enabler for direct response advertising.

Of course, all these business models remain somewhat theoretical and unproven. However, the intuition is that there are many angles to consider when approaching OpenID from a business perspective. Interestingly, the breadth of opportunities should make the emerging standard more relevant to many leading Internet companies. This may explain the broad and growing attraction for federated identity, and OpenID in particular. That is all good news for the technology, as without business drivers, it will remain a technology construct that makes conferences headlines but is ignored by business minded leaders. That would be a shame of course as the best ideas are the one that can seduce consumers, technologist and those who follow the same three directives day after day: "Show me the money, show me the money, show me the money!"

Posted by Nico Popp at 10:38 AM | Permalink | Comments (0) | TrackBacks (0)

Today, Google, Microsoft, Yahoo!, IBM and VeriSign are joining the OpenID Foundation board. After the OpenID deployment from Yahoo! and Google earlier this year, this is one more piece of good news for the OpenID afficionados. I know that all of us involved with OpenID at VeriSign are really excited with the latest developments. Since OpenID is a key element of VeriSign's identity strategy, I thought I would take a minute to discuss the role and the importance of the Foundation moving forward.

IP Free Open Technology:

If we have learned one thing form the success of DNS and SSL, it is the importance of Intellectual Property (IP) free open standards to the success of any new Internet technology. Without them, the chances of broad adoption for any new Internet technology are as good as the odds for a wild card team to win the Superbowl extremely slim. Identity services are no exception to the rule. So, the Foundation's primary goal will be to ensure that OpenID always remains open and free to the Internet community. Concretely, this means that the Foundation will work with identity vendors and the community to protect OpenID Intellectual Property Rights and its free usage policy. Technologies always evolve and improve; we needed a body to exercise ongoing vigilance. There cannot be any compromise on this point. The good news is that everyone on the board has already embraced this idea as a fundamental principle.

Where the Ying and the Yang Meet:

OpenID is essentially a grassroots technology. So far, the specification and the implementation have been mostly driven by the technical community. I would argue that it is a good thing. Had the vendors be involved too early, the technology may not have ended up as brilliantly simple and as easy to deploy, and OpenID may not have enjoyed the initial community enthusiasm and rapid deployment (remember Liberty Alliance?). This grassroots model has proven to work so we must keep it moving forward. At the same time, as large identity service providers and software vendors join the OpenID bandwagon, we needed an entity to facilitate the exchange of ideas and product requirements between the grassroots and business communities. A Yahoo! or a Google may need specific product enhancements. A VeriSign may ask for some additional security elements. At the same time, the OpenID technical community needs to be able to keep on innovating and take the technology into new directions. The Foundation will be the place to facilitate the debate and prioritize the efforts.

Creating a Second to None OpenID Experience:

With Google, AOL and Yahoo! deployments, OpenID is off to a great start. 350M users have now access to the technology. One challenge remains: very few of these 350M consumers are using OpenID or are even aware that the technology exists. This leads to one of the important roles for the Foundation: to drive consumer adoption. The Foundation will own the Open ID brand and logo. It will define and protect its proper context of use. More importantly, the Foundation will need to make these assets to be synonymous to "insanely great user experience' in the mind of the consumers. There is little doubt that the success of OpenID will be tied to the quality of the user experience it brings to millions of consumers. Yahoo! already improved that user experience. The Foundation will take it further and enable a true "one-click" or even "zero-click" user experience for login, registration, payment and all other forms of Internet activities that require identity information exchange. The Foundation will be the place to funnel the best ideas from the community and set the best deployment practices.

At VeriSign, we are truly excited to be board members of the Foundation and support its mission. Bill Washburn, a former colleague, and a friend is heading the Foundation, and I cannot think of a better person to help drive consensus across so many distinct personalities. That certainly makes it yet more reasons to be excited. Let us get to work!

Posted by Nico Popp at 08:42 AM | Permalink | Comments (0) | TrackBacks (0)

We have all heard about it. On Wednesday, Microsoft invested $240M into Facebook, beating Google to the punch, and giving the folks on University Avenue a $15B valuation ("yes, mini-me, $15B dollars...") and a war chest large enough to start buying a few buildings even in Palo Alto.

Of course, everybody is wondering why paying so much for so little ($240M for 1.6% of the company). With revenues around $150M and 50M registered users, elementary school maths already tells a lot about Microsoft's fascination for Facebook. According to Microsoft, Facebook is worth 100 time current revenue or $300 per registered user. Such multiples would make any VC sell their mother and first born. So, let us try to understand this Balmerian burst of generosity (or desperation depending how you look at it).

The OS theory.

The first theory is the Operating System theory. In the last year, Facebook has been very successful attracting developers to build applications using its APIs. Facebook must therefore be the new operating system. Microsoft being the incumbent OS dominatrix, it must pay to control the new Web OS. Hum...The theory is daring but not quite convincing. Although Facebook as a widget platform is definitely powerful, it is not the entire Web OS. Social networking is an important primitive but it is only one facet of the Web. Facebook applications are great but none of them truly measure to Microsoft Office. So, Facebook as a programming platform is certainly part of the attraction but there has got to be more to the story.

The International theory.

The second theory is International growth. 60% of Facebook users are non US. Since Internet growth is faster outside the US, the deal gives Microsoft a stronger position in the race for global domination over the fast growing advertising market. No doubt that the foreign dimension of Facebook is strategically valuable to Redmond. Nevertheless, despite the fast growth and a 30M foreign user base, this alone cannot justify the numbers either.

The conspiracy theory.

The third theory is a conspiracy theory. All along the negotiations, Google raised the stakes to drive the price higher. Then at the last minute, they withdrew, leaving Microsoft all alone at the bidding table with an insanely high bid. I know that guys are Google are smart but this sounds more like a James Bond movie than corporate development to me. It is clear Google was at the bargaining table. It is likely that they bargained hard, forcing Microsoft to move aggressively. However, I have to believe that it takes more than such a simple trap for Mr Ballmer to sign such a large check.

Ok, so what is it? Clearly, it must be about advertising. Advertising is a soon to be $80B market. It is one of the few markets large enough to move the Microsoft needle. This is also the oxygen tank of Microsoft's #1 rival, Google. In plain English, advertising is a highly strategic market to Microsoft. You don't win strategically by being cheap, especially when you are the underdog.

Think AD Sense 2.0 and Facebook deportalization.

Microsoft views Facebook as as an advertising platform, the asset that can help Redmond make up for the lost time to Google in search. An interesting fact about Facebook is that they know a lot about their users. With Facebook, folks like you and me expose their complete profile well beyond ZAG (Zip code, Age and Gender). Many reveal their personal interests by joining specific groups and registering to special events. So, Facebook has deep segmentation and behavioral information about consumers. Such consumer intelligence should allow them to do more precise ad targeting. In turn, relevant targeting should allow them to command a premium in advertising rates.

How does it compare to Google? Google draws advertising relevance from queries and hyperlink rank. In fact, Google is the undisputed king of the hill when it comes to contextual advertising. However, outside of search, contextual match may not always provide the most effective targeting. In many ways, demographic and behavioral targeting may prove more effective when it comes to videos and the long tail of content available on the internet. Behavioral targeting is where the advertising balance of power could eventually shift, creating a chip in the Google armor. That chip alone may well be worth $15 billion dollar to Microsoft.

Interestingly, social networking sites such as Facebook may not be the best place to advertise. The rumor is that Google AdSense has led to abysmal click-through on MySpace. After all, when interacting with friends, one has little attention span for ads. So,maybe, the true leverage of Facebook may be to evolve it into an advertising network for relying party sites such as MSN. After the Facebook application platform would come the Facebook advertising platform: a behavioral and social ad network to drive improved monetization outside of Facebook.

Today, AdSense is the only real game in town and a significant driver of revenue growth for Google. With 245M of new R&D dollars, fueled by identity intelligence, but respectful of user privacy and trust, Facebook may well hold enough assets in hands to become the alternative ad platform. IDSense anyone? Easier said than done of course, but at least, this perspective sounds like a worthwhile $15 billion bet to me.

Posted by at 10:46 AM | Permalink | Comments (0) | TrackBacks (0)

Last week, the Wall Street Journal posted an interesting article. According to WSJ, Facebook is working on an advertising system that leverages the massive amount of information that people reveal about themselves on the site. The intent is clear: drive higher monetization of Facebook advertising real-estate. But could there be a bigger idea there? Can identity and real-time consumer intelligence do for social networks and identity providers what search and page ranks did for Google: drive ad relevance and become a formidable monetization engine for identity platforms?

Of course, this is not quite a new idea. Targeting ads based on location and demography has always been part of ad network bag of tricks. Today, behavioral ad networks use cookies to track our navigation events and derive a consumer profile that can be used to target ads across sites and web sessions. Google is also doing some of that with GMail, although many folks are worried that reading their email to target advertising is as close to doing evil as California sparkling white wine to French champagne.

Nevertheless, it is clear that none of the guessing can be as accurate as what consumers are genuinely willing to reveal about themselves. Of course, this is precisely what most of us do on Facebook: publicly share personal information and interests. So, yes! Social communities are different animals in the sense that users have are pre-disposed to talk about themselves and reveal a lot. But, no! That does not mean that these users consent to let that information be used to drive more targeted advertising.

As a matter of fact, a study from Forrester indicates that only a third of us would welcome personalized ads. The probable truth is that but many consumers may find the approach way too spooky and a dangerous intrusion of their privacy. Eh! I sure would. So, this means that Facebook and other need to be extra careful before crossing the Rubicon of personalized advertising. Of course, if you are a marketer, 30% is not a rounding error. Consumer intelligence can be a significant business asset. Therefore, the evil temptation will be there.

So, can it work? I think so, but only under one fundamental and very strict principle: let the user decide, let the user opt-in, let the user be in control. That is where Facebook and everyone else need to borrow a page from "user-centric" identity management and OpenID. The user needs to be making the decision. In other words, the trick is to motivate consumers to opt-into personalized ads. Transparency is key. Service providers should explain that only non-identifiable information is being used. Then, they should pause and take a hard look at answering the mother of all questions: what is in it for the user?

If users are in control, then identity intelligence sharing can become a monetization engine. On the Internet, the exchange of name and password has very little business value which is why we still live in a world of identity silos despite the technological coolness of OpenID and the likes. Finally, a business model to share identities. Yet, this is a double edge sword. There is a long devide between consumer trust and ad personalization. In the end, consumers will have to decide whether any profile information is worth sharing with marketers. Facebook and the future identity providers cannot be self-serving. Their community must agree to it and it must benefit the community. Otherwise, that same community is likely to revolt. Once again, the answer is simple: make it worth the user's while. Welcome to the user-centric Internet!

Posted by at 10:42 AM | Permalink | Comments (0) | TrackBacks (0)

The idea of identity as a service and identity federation is almost 10 years old. Happy birthday, identity people. If the protocols have changed a bit from SAML to WS-Federation, CardSpace and, OpenID, the vision of identity as a service has predominantly stayed the same. That is a good thing. Vision alignment inexorably drives technology convergence in the end. On the application, single sign and attributes exchange across identity providers and relying parties still dominate the use cases. Yes, after all this time, our show off moment is still a login demo! In the meantime, my content friends are wooing customer and analysts with HD quality movie streaming to the desktop. What is wrong with that picture?

What we need is a new demo. Jokes aside, there may lay a critical observation. Although an interesting feature, the brutal truth is that SSO is no killer app. Of course, the implications of a shared login are not to be underestimated. User convenience, increased trust and stronger security are important. Bien sur, reducing all these cool new technologies to access control is an unfair characterization. OpenID's user centric paradigm that puts consumers in charge of their identity may well be the foundation to a massive rethink of today's Internet services. As big as these ideas may be, however, no one in the industry has really been able to translate them into killer consumer services. Rarely does new technology succeed unless the experience and benefits it enables outweighs the status quo by an order of magnitude. So, If we truly aspire to mass deployment, we need to provide more value to consumers. We definitely need to go much farther than access control and attribute exchange.

Continue reading "Identity: It is the Network" »

Posted by at 11:52 AM | Permalink | Comments (0) | TrackBacks (0)