I'll argue that RP promiscuity (in which the RP cares little about which specific OPs it partners with) works just fine in situations where both of the below are true
- the resources the RP protects are such that the RP assumes no different levels of risk in accepting authentication claims from different OPS
- there is no other factor that differentiates OPs
At least currently, OpenID is being used in low value (money & sensitivity) applications. When there is little risk to start with, an RP will feel little different about how various OPs change that risk. So, for now, #1 is true.
And #2 has been true. Except for varying levels of support for particular authentication methods (e.g. Infocards) or different extensions (e.g. Simple Reg or PAPE), the different OPs are a level playing field from the RPs point of view.
And then Vidoop has to tip the apple cart and skew the above balance by announcing that they, as an OP, are going to start paying RPs by sharing their advertising revenue. No longer is #2 true - even if #1 is still equal (i.e. no risk differential), an RP will now be motivated for favour Vidoop as an OP, above other OPs that don't pay.
I predict two consequences
- RPs will attempt to guide users to Vidoop in order to maximize revenue (e.g. "I'm sorry, the OpenID you presented doesn't seem to work. Would you like to use/create a Vidoop OpenID?")
- Other OPs will be forced to match the Vidoop revenue sharing model in order to restore the balance and ensure they are not excluded by RPs at selection time. There will be a bidding war as OPs fight to ensure market. A single OP with big pockets will emerge.
I think I'll go reserve 'paulmadsen.openid.passport.microsoft.com'. Maybe they can reuse the old code.
Tags:
No comments:
Post a Comment