I Can Haz OpenID?

who-am-i A couple of days ago I stopped by Fred Wilson’s great A VC blog.  I was living vicariously through his holiday vacation with his family in Europe, Paris and Milan, and was inspired to leave a comment.

Fred’s blog uses the Disqus comment system, which requires you to be verified before you can leave a comment.  I’d signed up before, but like many things I’ve forgotten my user name and password. I crafted my response, tried to post it, when confronted by the Disqus log in system.   Since I couldn’t remember my password, I opted for one of the other login options, in this case via my Google account.  Ooops, this is when the going got tough.  The Google connectivity software piece was apparently down, which caused Disqus to fail in a most unpleasant way.  The software munched up my post, and popped me back into a Disqus login screen.

But since I had no Disqus login, I was forced to recreate my post, and try to login again -  this time using my AIM ID.  Same problem.  Comment gone, and it was back to a Disqus fail. 

I’m obviously a glutton for punishment, since I went back and tried again, this time with my Yahoo account.  Again, my comment disappeared and I was pushed back to a Disqus login.

OK, I was not happy.  I’d written the same comment three times and it disappeared each time.  Although it appeared I could login via other, standard accounts, that functionality was broken.  A little digging, though, I and I discovered the problem.  Disqus was working with a company called "Clickpass", which delivered OpenID style functionality.  But Clickpass, apparently, was not working – and via a complex, Internet-version of telephone tag, I ended up writing the same comment three times, and in the end still didn’t get to post it.

It’s not as if the comment was brilliant.  It was some inane rambling about Europe and Milan – and the interweb is a better place without it.  No, what’s really got me riled up was the inexcusable programmatic behavior.

Look, even if your underlying software isn’t working correctly, what ever happened to the graceful fail?  Here’s what should have happened:  when Clickpass failed, which then caused a no-login event for Disqus, the commenting routine in Fred’s blogging platform should have retained the post, before giving me other options to log in.  What if I had, actually, written the greatest blog comment of all time?  It would have been lost for good.

And that gets me back to OpenID.  I love the idea of having one set of identification credentials that I can use around the web.  If it all works right, it’ll be awesome, birds will sing and the swallows will return to wherever they’ve disappeared from.  But it won’t all work right, not all the time.  We’re talking software here, and the internet, and the egos of childish web developers.  Occasional (or more often) fail is guaranteed.

It’s even worse than I feared.  A few days after my Disqus debacle I was talking with a developer friend of mine who was bemoaning the sorry state of OpenID implementations.  It seems that all the big sites have their own flavors, and the OpenID foundation just doesn’t have enough clout to force a single standard across the web.

That’s a bad state of affairs.  It guarantees more fail – and also guarantees epic finger-pointing.  Who will lose?  The users, first, who won’t be nearly as patient nor accommodating as I am.  But in the end the whole glorious promise of OpenID will be left in tatters, and we’ll be back to our walled-gardens of identification.  And that’s just too bad – because an open, interoperable identity system is actually one of the best ideas I’ve heard in a long time.  Too bad no one can get their act together to actually build it right.