OpenID Relying Party Software as a Service

As was recently discussed at IIW 2008b (and many other times over the last couple years), one issue with OpenID adoption is the lack of Relying Party support (a.k.a. web sites that accept OpenIDs). There are a number of issues with this and many have been discussed in the past (e.g. does the web site "trust" the OpenID Provider?).

However, one issue that hasn't really been discussed is the technical impacts of supporting OpenID as a Relying Party. Even though there is a lot of open source code available for OpenID, that code still has to be integrated into the web site code base. This is more than just including a few libraries and adding a few API calls. One of the reasons for this is that OpenID relies on shared secrets for security and these secrets need to stored in a database at the integrator's web site. Also, in many cases, integration of OpenID means that the web site will allow their users to associate an OpenID with an existing account. This means an additional database table to track the association.

A significant step forward for web sites that want to support OpenID but don't have the technical resources or budget to do so is OpenID Relying Party Software as a Service (SaaS). The SaaS model allows a web site to easily integrate OpenID support by implementing a couple simple REST APIs and allowing the provider to do all the "heavy lifting" with regard to databases, association, etc.

JanRain's recent release of RPX Basic is the first public offering of OpenID RP SaaS. This will make it a lot easier for many sites to integrate OpenID into their existing content and services and provide their features to a greater audience. I believe this is an important development in the adoption of OpenID and am hopeful that standards will develop around this capability.