Peter Campbell not only asks, "What does OpenID mean to Non-Profits?", as he says, but really "Is OpenID a net-positive or net-negative for my business?" His thoughts are equally applicable to for-profits and deserve to be treated seriously:
Well, unless I’m missing something, [OpenID is] possibly a threat, and it will probably put orgs in a bit of a catch 22. Like most companies, you want to capture contact data from your web visitors. It’s key to your CRM strategies. Supporting OpenID removes the most compelling reason for them to give you that info – access to your interactive web services that require authentication. You’re going to have to beef up the begs and rewards for sharing more data if you support it. But, if you don’t support it, and it becomes a widely-spread standard, you’re going to look unethical.
In nutshell, he says that by allowing site visitors to bring their OpenID, instead of having to sign up for a new account, the site gets less data about them; and many sites’ success depends on having that data. If that was indeed the case, then I would agree, OpenID would represent a disadvantage to those sites (possibly, but not necessarily always balanced by the increased user convenience, improved security through fewer passwords etc.).
But that’s not necessarily the case:
- A site might collect a lot of information from its users when requiring them to fill out a bunch of forms before they can get an account. But very often, the information that visitors provide is intentionally wrong. (I’m sure we all have done that between 0 and 100% of the time). So collecting that information may not be all that it is cracked up to be, unless the business can validate it as a matter of course, which most sites can’t. There is clearly a trade off between quantity and correctness of provided information.
- Because users can provide their OpenID that they also have provided to other sites, the site can actually learn more about the user — which other websites they frequent, for example. (Of course whether or not that correlation is possible is up to the user by deciding which OpenID to give to a site). Personally, if I have a choice between knowing a URL pointing to your blog, and having the information you typed into a web form that I put up, I take the blog any time. (That might even be true if the form’s data was all correct!) That is not data that your typical CRM system knows how to manage, but as we all know in the blogosphere, extremely valuable to gain some view on the user’s social network and reputation and interests.
- Because user-centric identity puts the user in control, the user can feel more confident in the relationship with the site. Admittedly, we are still missing some broadly deployed technology for this (like enforceable link contracts). But the promise is clear: if I, as the user, can decide when to share what information with a site and when to revoke it, I am far less reluctant to share correct information in the first place. That’s probably true for most of us. (Assuming we can trust that the site indeed honors the contract.)
- Most importantly, making single-sign-on easier allows the site to have some (although a weak) relationship with their visitor much earlier, before the visitor decides to invest the time, and trust, to share more (true) information about them with the site. That effectively adds another customer/visitor segment to the existing visitor segments: instead of just registered and anonymous, we now get registered-with-shared-information, known by their OpenID, and anonymous. The relationship between site and user in the OpenID category may be less strong and durable than others, but it’s valuable in its own right, in particular when combined with the other points.
OpenID clearly requires some rethinking on what constitutes Customer Relationship Management by companies, non-profit or for-profit. Which is why it creates both challenge and opportunity. But I want to be very clear that on balance, OpenID is a net win-win for both user and site; or at least those sites that take advantage of it properly.