Blue Ocean

With the increasing visibility of OpenID, VeriSign gets often invited to conferences to discuss the implications of this new technology. One of the questions that I often get from the audience borrows a line from Jerry Mc Guire: "When technology is based on IP-free open standards, how do identity vendors and service providers make ends meet?" In other words: "Show me the money!" Broad question, so I thought I would get on the record to describe a few of the popular business theories around OpenID and discuss their respective merit.

The IDM Software Business Model:

The first answer is to observe that OpenID is a federation protocol and as such, it fits well within an identity management suite (very much like SAML, or WS-*). Vendors in that space are well known: CA, HP, IBM, Microsoft, Oracle, Sun, etc. IDM vendors derive revenue by licensing their identity management software to large enterprises. Single-Sign-On across enterprise applications still remains an unsolved problem within many enterprises. Because of it is ligthtweightness, OpenID carries the promise of simpler integration across many internal Web applications (enterprise portal, SAP, Oracle Web apps, etc...), making it an attractive IDM solution component and a must-have for most IDM software vendors.

The Service Aggregator Business Model:

OpenID is especially best suited for managing identities across consumer services. So, the natural early adopters will be consumer service aggregators, such as Mobile Network Operators and MSOs. Indeed, these companies view their millions of subscribers as an untapped strategic asset. The ability to leverage OpenID to more easily up-sell and cross-sell subscribers across a growing portfolio of services and channels (wireless, broadband and TV) has strong business appeal. In other words, federating within the walled garden makes good business sense: one unified identity, one converged brand experience, one view of the customer and the ability to subscribe existing customers across new services in one single click, whilst charging them on one single bill.

The Security Business Model:

As a consumer, if you have one consolidated identity for use across many Web services, you are more likely to want to protect that unique identity. It is also easier to do so, since only the identity provider needs to deal with the complexity of any additional security technology. In a shared identity eco-system, security solutions such as strong authentication become more cost-effective since the price of securing identities can now be shared across all the relying parties. In other words, economies of scale can be realized. This is exactly the VeriSign identity protection model that we introduced in early 2006. At that time, OpenID did not exist, so the chances of sharing a complete identity were pretty slim. Therefore, we decided to adopt a simpler sharing model where only the security (the second authentication factor) is shared across sites. Authentication services such as VIP are a good fit for OpenID as they make it relatively easy to turn any IDP into a strong IDP. Beside, if accepting a name and a password from a third party may not provide much additional value over a self-issued name and password, the idea that an identity provider will provide a more secure and stronger identity could well be a compelling value proposition for sites to start accepting OpenID as relying parties.

The Insurance Policy Model:

Building on the idea that what makes accepting a third-party as an identity provider is a stronger identity, arises the identity assurance model. In that model, the identity provider becomes a risk underwriter. Basically, the IDP "insures" the relying party on the validity and knowledge that it has about a given identity. The identity risk profile allows the IDP to make some explicit guarantees (e.g. "no charge back") and be compensated for it. For example, a bank who knows a lot about a consumer identity and purchase behavior could vouch for a consumer transaction to be trustworthy and underwrite the risk based on the consumer risk-profile that it has accumulated over time.

The Lead Generation and Advertising Model:

In OpenID everyone is focused on Single-Sign-On. The truth is that the real money-maker may be more about attribute exchange than simpler login. By attribute exchange, I mean the ability to seamlessly transmit a subscriber's registration profile and payment information in real-time. In that context, I can see OpenID become an enabler for CPA-based advertising. In the CPA model, the publisher and the ad network (IDP) get paid when the user registers with the advertiser (lead acquisition) or purchases from the advertiser (impulse buy). By removing the typing, OpenID can enable a much more effective CPA model where the user only needs to login into their identity provider to authorize a registration or a purchase. The ability to register a new customer and allow them to pay from any device within 1-click could prove a significant enabler for direct response advertising.

Of course, all these business models remain somewhat theoretical and unproven. However, the intuition is that there are many angles to consider when approaching OpenID from a business perspective. Interestingly, the breadth of opportunities should make the emerging standard more relevant to many leading Internet companies. This may explain the broad and growing attraction for federated identity, and OpenID in particular. That is all good news for the technology, as without business drivers, it will remain a technology construct that makes conferences headlines but is ignored by business minded leaders. That would be a shame of course as the best ideas are the one that can seduce consumers, technologist and those who follow the same three directives day after day: "Show me the money, show me the money, show me the money!"

Posted by Nico Popp at 10:38 AM | Permalink | Comments (0) | TrackBacks (0)

We have all heard about it. On Wednesday, Microsoft invested $240M into Facebook, beating Google to the punch, and giving the folks on University Avenue a $15B valuation ("yes, mini-me, $15B dollars...") and a war chest large enough to start buying a few buildings even in Palo Alto.

Of course, everybody is wondering why paying so much for so little ($240M for 1.6% of the company). With revenues around $150M and 50M registered users, elementary school maths already tells a lot about Microsoft's fascination for Facebook. According to Microsoft, Facebook is worth 100 time current revenue or $300 per registered user. Such multiples would make any VC sell their mother and first born. So, let us try to understand this Balmerian burst of generosity (or desperation depending how you look at it).

The OS theory.

The first theory is the Operating System theory. In the last year, Facebook has been very successful attracting developers to build applications using its APIs. Facebook must therefore be the new operating system. Microsoft being the incumbent OS dominatrix, it must pay to control the new Web OS. Hum...The theory is daring but not quite convincing. Although Facebook as a widget platform is definitely powerful, it is not the entire Web OS. Social networking is an important primitive but it is only one facet of the Web. Facebook applications are great but none of them truly measure to Microsoft Office. So, Facebook as a programming platform is certainly part of the attraction but there has got to be more to the story.

The International theory.

The second theory is International growth. 60% of Facebook users are non US. Since Internet growth is faster outside the US, the deal gives Microsoft a stronger position in the race for global domination over the fast growing advertising market. No doubt that the foreign dimension of Facebook is strategically valuable to Redmond. Nevertheless, despite the fast growth and a 30M foreign user base, this alone cannot justify the numbers either.

The conspiracy theory.

The third theory is a conspiracy theory. All along the negotiations, Google raised the stakes to drive the price higher. Then at the last minute, they withdrew, leaving Microsoft all alone at the bidding table with an insanely high bid. I know that guys are Google are smart but this sounds more like a James Bond movie than corporate development to me. It is clear Google was at the bargaining table. It is likely that they bargained hard, forcing Microsoft to move aggressively. However, I have to believe that it takes more than such a simple trap for Mr Ballmer to sign such a large check.

Ok, so what is it? Clearly, it must be about advertising. Advertising is a soon to be $80B market. It is one of the few markets large enough to move the Microsoft needle. This is also the oxygen tank of Microsoft's #1 rival, Google. In plain English, advertising is a highly strategic market to Microsoft. You don't win strategically by being cheap, especially when you are the underdog.

Think AD Sense 2.0 and Facebook deportalization.

Microsoft views Facebook as as an advertising platform, the asset that can help Redmond make up for the lost time to Google in search. An interesting fact about Facebook is that they know a lot about their users. With Facebook, folks like you and me expose their complete profile well beyond ZAG (Zip code, Age and Gender). Many reveal their personal interests by joining specific groups and registering to special events. So, Facebook has deep segmentation and behavioral information about consumers. Such consumer intelligence should allow them to do more precise ad targeting. In turn, relevant targeting should allow them to command a premium in advertising rates.

How does it compare to Google? Google draws advertising relevance from queries and hyperlink rank. In fact, Google is the undisputed king of the hill when it comes to contextual advertising. However, outside of search, contextual match may not always provide the most effective targeting. In many ways, demographic and behavioral targeting may prove more effective when it comes to videos and the long tail of content available on the internet. Behavioral targeting is where the advertising balance of power could eventually shift, creating a chip in the Google armor. That chip alone may well be worth $15 billion dollar to Microsoft.

Interestingly, social networking sites such as Facebook may not be the best place to advertise. The rumor is that Google AdSense has led to abysmal click-through on MySpace. After all, when interacting with friends, one has little attention span for ads. So,maybe, the true leverage of Facebook may be to evolve it into an advertising network for relying party sites such as MSN. After the Facebook application platform would come the Facebook advertising platform: a behavioral and social ad network to drive improved monetization outside of Facebook.

Today, AdSense is the only real game in town and a significant driver of revenue growth for Google. With 245M of new R&D dollars, fueled by identity intelligence, but respectful of user privacy and trust, Facebook may well hold enough assets in hands to become the alternative ad platform. IDSense anyone? Easier said than done of course, but at least, this perspective sounds like a worthwhile $15 billion bet to me.

Posted by at 10:46 AM | Permalink | Comments (0) | TrackBacks (0)

Digital Rights management is like Aesop's tongue. It can be the worst or the best of all things depending on who you ask. For consumers, it is often a synonym for big brother, second grade product experience and content usage restriction. For big music labels and movie studios, it is their best insurance policy against content piracy on the Internet, a distribution medium that fascinates and scares them at the same time.

A few months ago, Apple's Steve Jobs published His "thoughts on music" advocating the need for a DRM free world. The letter was accompanied by the release of iTunes Plus that provides DRM free EMI content to iTunes users. Of course, skeptics may find Steve Job's new credo too convenient. Indeed, these new thoughts appear to coincide with an increasing scrutiny from European regulators, who worry about the proprietary nature of FairPlay, Apple's homegrown DRM technology. iPod users however, already know that there are insanely greater reasons to stick to Apple music products than Apple's DRM lock on their tunes. Skepticism aside, Apple makes the compelling argument that music should be DRM free, arguing that consumers want DRM free content as it simplifies improves their user experience. Better user experience will drive more sales of digital content online, which should also be good news for the content owners, says Apple. Judging by the number of DRM free MP3 on my iPod and the constantly growing amount of traffic on Bittorrent, Steve Jobs may well have a point.

Although EMI has added strength to the argument, there are clear indications that the big content owners are about to throw the DRM baby with the digital content bath water (especially when it comes to video). However, DRM has made the digital content experience awkward at best. The competition between DRM systems and the lack of consistency in usage policy has led to a world of silos and content non-interoperability. This needs to be fixed or DRM will inevitably join the ranks of the powerful but extinguished technology dinosaurs. Labels and studios are fully aware of the stakes. To that end, in 2004, they created the CORAL consortium. CORAL mission was to provide interoperability between competing DRM solutions. The vision behind CORAL is powerful. It aims at re-creating the simplicity and elegance of the DVD model online. DVDs makes rights management invisible to the consumer's eye. One can buy a DVD from any store. DVD usage policies are simple and identical everywhere. One can run a DVD on any player from any manufacturer. It is simple and it just works. Yet, DVD content is not unprotected, proving that right management technology does not necessarily rime with bad user experience. CORAL has the right vision. Unfortunately, so far, it may have lacked the sense of focus and execution that has made the folks in Cupertino famous. But who knows, more than often, the second time may be the charm.

So DRM or not DRM? The prophecy is relatively straightforward. Content providers have one more shot at fixing the eco-system by creating an open marketplace for digital content. This marketplace should create interoperability across devices, and retail stores. Short than that, DRM will eventually disappear. The DVD has shown that a consistent format, DRM model and usage policy can lead to second to none user experience. There is still plenty of time to replicate the DVD model online. But it requires collaboration and coordination across the main industry stakeholders. In any case, the time has come to rethink the way digital content gets distributed online. Of course, it is not clear what formula will eventually triumph in the marketplace. Nevertheless, there is good news for you an me. Whether Steve Jobs or the content providers win, the DRM saga is heading towards a happy ending. At the end of this movie, consumers win, and that is all good.

Posted by at 06:14 PM | Permalink | Comments (0) | TrackBacks (0)

Last week, the Wall Street Journal posted an interesting article. According to WSJ, Facebook is working on an advertising system that leverages the massive amount of information that people reveal about themselves on the site. The intent is clear: drive higher monetization of Facebook advertising real-estate. But could there be a bigger idea there? Can identity and real-time consumer intelligence do for social networks and identity providers what search and page ranks did for Google: drive ad relevance and become a formidable monetization engine for identity platforms?

Of course, this is not quite a new idea. Targeting ads based on location and demography has always been part of ad network bag of tricks. Today, behavioral ad networks use cookies to track our navigation events and derive a consumer profile that can be used to target ads across sites and web sessions. Google is also doing some of that with GMail, although many folks are worried that reading their email to target advertising is as close to doing evil as California sparkling white wine to French champagne.

Nevertheless, it is clear that none of the guessing can be as accurate as what consumers are genuinely willing to reveal about themselves. Of course, this is precisely what most of us do on Facebook: publicly share personal information and interests. So, yes! Social communities are different animals in the sense that users have are pre-disposed to talk about themselves and reveal a lot. But, no! That does not mean that these users consent to let that information be used to drive more targeted advertising.

As a matter of fact, a study from Forrester indicates that only a third of us would welcome personalized ads. The probable truth is that but many consumers may find the approach way too spooky and a dangerous intrusion of their privacy. Eh! I sure would. So, this means that Facebook and other need to be extra careful before crossing the Rubicon of personalized advertising. Of course, if you are a marketer, 30% is not a rounding error. Consumer intelligence can be a significant business asset. Therefore, the evil temptation will be there.

So, can it work? I think so, but only under one fundamental and very strict principle: let the user decide, let the user opt-in, let the user be in control. That is where Facebook and everyone else need to borrow a page from "user-centric" identity management and OpenID. The user needs to be making the decision. In other words, the trick is to motivate consumers to opt-into personalized ads. Transparency is key. Service providers should explain that only non-identifiable information is being used. Then, they should pause and take a hard look at answering the mother of all questions: what is in it for the user?

If users are in control, then identity intelligence sharing can become a monetization engine. On the Internet, the exchange of name and password has very little business value which is why we still live in a world of identity silos despite the technological coolness of OpenID and the likes. Finally, a business model to share identities. Yet, this is a double edge sword. There is a long devide between consumer trust and ad personalization. In the end, consumers will have to decide whether any profile information is worth sharing with marketers. Facebook and the future identity providers cannot be self-serving. Their community must agree to it and it must benefit the community. Otherwise, that same community is likely to revolt. Once again, the answer is simple: make it worth the user's while. Welcome to the user-centric Internet!

Posted by at 10:42 AM | Permalink | Comments (0) | TrackBacks (0)