Vamshidhar Kommineni

August 20, 2007

Live ID SDK for third party sites (& the fight to host your identity)

Filed under: Microsoft — Vamshi @ 11:04 am

Saw this go by in my link bag of emails today:

Live ID SDK 1.0 Download

Live ID SDK Documentation

Of course, we wouldn’t be Microsoft if we didn’t have a long name for it: “Windows Live ID Web Authentication 1.0 SDK” :)

Kidding aside, this is a very interesting move that is necessary for Microsoft. Authentication & Identity is one of the few large problems that needs to be solved for the Web. The current notion of everyone having their own sign-on mechanism is simply untenable. Things wrong with it are:

  • Terrible experience for users: How many accounts and passwords do I need to remember? And every site uses slightly different username rules or password rules.  
  • Poor protection of a customer’s identity: Every site now has a chance to lose their customer’s information to malicious hackers. Even if common code libraries are used, they may not be kept patched as vulnerabilities are discovered. Also, making users remember a lot of user/password combinations leads to very low strength passwords that may be easily cracked without security holes in the underlying implementation.

And why do companies like Microsoft, Google, Ebay, Amazon or Yahoo care about this? One answer: “Stickiness”. Next to where you maintain your  data (email, photos, etc.) and your “social network” (for old fogies like me: it’s my Messenger buddy list in IM or email address book; for the new kids, it is Facebook/MySpace style profiles), the notion of who you are on the web is the stickiest piece of information. Build a good enough platform and get enough third parties (i.e. web sites) to build on your platform, and you’ve got a very good customer value scenario as well as a good analytics scenario for serving relevant ads.

It’s why Google went from the simple Search based model to adding on Gmail/Gtalk/Picasa/Checkout, etc based on Google user accounts. I would argue that the value to them is having you be a sticky user of their platform (your identity is tied into them as is your data), and being able to track how you use their services in order to build a better profile of you. The fact that they provide a good email, chat or photo sharing services is simply the value proposition to us as the customer to store our data and identity there versus storing it elsewhere.

Microsoft tried this many years ago with Passport, but weren’t successful for a number of non-technical reasons (at least as I understand it from an outsider’s perspective, I have no insight into that team). Their new effort seems much better, at least from skimming through the SDK and seeing how easy they’re trying to make it for web service developers. For starters, they’ve released the code library to do authentication in Perl, Python, Ruby, PHP & Java in addition to ASP.net which is a huge step forward in terms of language/web dev platform interoperability. They’re also pitching it as a chance for sites to leverage the huge user base that MSN/Live Messenger & Hotmail provide, which is the right thing to do, since the most valuable thing in any of these platforms is the user base that uses it.  

Check out the documentation for the SDK and see what you think about it or where the general identity issue is headed. An alternative to a company driven identity platform is OpenID, which any company can implement support for. It’s an interesting alternative, but a very big loss of control for any of the big web platform companies. Microsoft seems to be taking the lead here, with a commitment to support OpenID 2.0 in Vista with CardSpace. I don’t know the details of this any more than you do.

Note: I’m almost certainly confusing a bunch of specific concepts together in this post, like identity vs authentication, etc. I tried to write this post purely from the 10,000 foot level for customers or companies, rather than use a very good semantic framework.

Technorati tags: , , ,
Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: