Fearing that the company is effectively taking over control of the open standard

Jul 30, 2009 14:32 GMT  ·  By

Google has announced that its implementation of the OpenID login standard, Google OpenID Federated Login API, has been extended to support Google Apps. This will allow individuals who have accounts on a service or application deployed by a business, school or other organization on Apps to use their login credentials on any site that supports OpenID. This should greatly boost the standard's reach but there are those in the community who are apprehensive about Google's approach.

“Google Apps can now become an identity hub for multiple SaaS providers, simplifying identity management for organizations. For example, when integrated with partner solutions such as PingConnect from Ping Identity, the Google Open ID Federated Login API enables a single Google Apps login to help provide secure access to services like Salesforce.com, SuccessFactors, and WebEX — as well as B2B partners, internal applications, and of course consumer web sites,“ Yariv Adan, Google Security Team, wrote on the Google Code blog.

OpenID aims to provide a unified login experience over various services online by allowing users to have just one set of credentials that would work on any site. There are a number of similar products, some proprietary, like Facebook Connect, but also open standards, but OpenID is the open-source project that shows the most promise. The major problem for it, and other similar products, is that most people, even the tech savvy, find it hard to understand and cumbersome to use and this has generally staved off growth.

So a move like Google's, which boasts one million domain names on Apps, should be very welcomed by OpenID. However, it's not what the search giant is doing but how it's doing it that has risen the greatest number of concerns. In order to provide the functionality the company had to use a non-standard library. The extension, developed by Janrain, allows relying parties, the sites that will allow Google Apps users to login with those credentials, to redirect to the Google OpenID service.

There is work already being done to create and support an open standard that provides similar functionality, which is where the criticism comes from. Google has been concerned about this as well, as evident from a leaked post meant only for internal OpenID developers, and the company says it will support the new standard when it will become available.

Another problem that has arisen is how Google is supporting SaaS partners who want to use the system. By providing them with the custom system most partners have bypassed more open implementations and use the Google one as a default, essentially locking out other players. In Google's defense, it has no control over how independent sites choose to use the API and the company said it had to use the custom solution as it was the only viable one for the moment.