Yesterday was an important day for OpenID and business on the net. Before yesterday, OpenID was an intriguing, but largely irrelevant technical curiosity for web business. Since yesterday, it’s viable for business. And in a short while, it will be a key weapon in the fight for customer attention and market share.

Starting yesterday, it’s time for web businesses to pay attention to OpenID.

Let me explain … and I need to start with describing what advantages OpenID brings to a website that implements it in a business-friendly manner:

• First-time visitors to the site have to type their OpenID to register and authenticate, but no password. That’s one text field, instead of at least four (desired user name, desired password, password repeat, e-mail address). Removing one field from a sign-up form increases sign-ups by how many percent? What about removing 3 out of 4 text fields? Substantial…

  Net result: an increase of sign-ups to the site.

• Repeat visitors to the site do not have to type anything, neither OpenID nor password nor anything, and they are instanteneously and securely authenticated. This compares to a username and a password: either or both will often have been forgotten by the visitor. How is zero compared to two and a click? Compared to several clicks and a password reset, waiting for the e-mail to arrive, resetting the password and so forth? Even if the customer remembers, it’s still a lot more work. And customers might not do it because of a fear of phishing, which in this case, does not exist for OpenID.

  Net result: a dramatic increase of authenticated visitors. Which means a dramatic increase of visitors that can be sold to with one click, that can be targeted with just the right advertisements, to which the site can be customized as well as possible. In other words: a lot more revenue.

These are great benefits, and I won’t be too surprised if some sites managed to double — yes, I said double — their business some time down the road by having migrated their user base to OpenID authentication.

But these benefits, before yesterday, were theoretical. Because while it’s great to have 63 million AOL users with OpenID and so many million from Orange and LiveJournal and so forth, a site’s P&L does not change if life is better just for a small part of their user base. So sites didn’t jump the hurdle of implementing OpenID, and nobody can fault them for it.

So what happened yesterday? Yahoo! happened, that’s what happened. Yahoo! brought a quarter billion new OpenIDs on-line. Which completely alters the picture:

Instead of being a technical curiosity, web businesses can now assume that the majority of their visitors have an OpenID. Okay, Yahoo and AOL and Blogger and all of the existing implementations don’t add up to more than 50% of internet users, but you can bet that more telcos become OpenID providers for their broadband customers, as Orange showed, and that all major internet portals, Microsoft and Google included, will offer OpenIDs with each of their accounts shortly. (It’s easy for them to do, and they don’t want to lose even one of their subscribers for the reason that they didn’t add a small bit of code to their site, that, boy, might even benefit them strategically, and not just create competitive parity.) It’s a very safe assumption for web businesses that by the time they can do anything about OpenID, regardless how fast they move, more than 50% of their visitors will have an OpenID, and Yahoo!’s move yesterday made that a virtual certainty.

Since yesterday, the strategic planning assumption is: most of my important customers and prospects have an OpenID. Likelihood: indistinguishable from 100%.

The questions for web businesses are simple:

• Do I want to increase the percentage of first-time visitors who sign up with my site? Answer: yes, of course: a delta of X creates X times more average lifetime revenue per customer for my site. With zero more marketing dollars.
• Do I want to make it easier for existing customers to buy things on my site? Answer: yes, of course: a delta of Y increases the lifetime revenue per customer by Y. With no reduction in security.
• Do our customers have OpenID? Yes!!, they do because yesterday happened.

Final question: can I take this to the chief marketing officer? You bet. He’d be insane not to listen. While yesterday, I would have been insane to take it to him.

That’s what changed yesterday. This is why it is Day 1 for OpenID in a business sense. And that’s why Yahoo!’s announcement is hugely significant. It completely changes the dynamics of business on the web.

And guess what happens to your competitors who don’t get this as fast as you do. Or if they OpenID you. But that’s the subject of another post some other time.

[Shameless pitch: contact me if you do business over the web.]

I’m in the market for a new mobile phone. I thought this one might be a good choice.

The nice folks at Yahoo! indeed know how to be nice in a collaborative community, (i.e. the OpenID community). Their big Yahoo! OpenID Provider service now available as a public beta announcement today acknowledges a lot of people … to quote:

We’d like to take this opportunity to thank the OpenID community for educating us over the past 1 year and helping us make this happen. In particular, we’d like to say "Thank you" to Bill Washburn, Brian Ellin, David Recordon, Dick Hardt, Johannes Ernst, Johnny Bufu, Joseph Smarr, Josh Hoyt, Kaliya Hamlin, Kevin Turner, Larry Drebes, Mike Graves, Scott Kveton, and Simon Willison.

Not every company as big as Yahoo! would acknowledge all of us little guys. And so Shreyas and his team of Yahoos very much deserve a round of applause and thanks. (After the 248 million-strong applause has died down ;-)).

On a personal note, I gotta say I’m still very amazed. It was just over three years ago that I looked at that idea of a URL-based, decentralized, simple identity again that I had put aside a year earlier, and decided "perhaps there is something to this after all". And started blogging about it. Brad Fitzpatrick started the OpenID mailing list in the following May, putting 7 million LiveJournal users online with a URL-based identity shortly thereafter. Then VeriSign, and AOL, and France Telecom/Orange, even Google/Blogger. And now all of Yahoo … not exactly bad, from 1 to almost 400 million in just over three years?

Updated 2008-01-24 1:44pm

If you are interested in OpenID, OAuth, OpenAuth and related technologies, you may want to consider attending the WebGuild’s Web 2.0 Conference and Expo at the Santa Clara Marriott on January 29, 2008.

I have the honor of moderating a high-powered panel on this subject at 1:45pm. The panelists will be:

• George Fletcher, Chief Architect Identity Services, AOL (his post)
• John Panzer, Technical Lead Manager, Google (his post)
• Nico Popp, VP Authentication Services, VeriSign
• Added: Shreyas Doshi, Product Manager, Yahoo! Membership Platform

We will be exploring whether these technologies are ready for prime time and what’s coming, why Google, Yahoo!, AOL and VeriSign have implemented what they have already, and what’s in it for you as a web developer or web business.

If you have (good ;-)) questions you’d like to see asked, feel free to send them to me prior to the event. Hope to see you there!

It’s clear that companies like Yahoo! and AOL are natural OpenID providers. Telcos like Orange should also want to be OpenID providers (of course, they all are already).

But according to today’s news, the Telegraph (newspaper and website in the UK) is now also becoming an OpenID provider.

As somebody expressed in the comments said, it makes every sense for a newspaper to become an OpenID Relying Party, but why would they also want to host identities?

Nevertheless, it’s a bit gratifying to see that, because over a year ago I predicted exactly that: I thought that everybody and their brother was going to attempt to become the OpenID provider of choice for as many users as possible. Because everybody strategically minded would decide that they most certainly did not want their competitors to have that role, with them "merely" being relying parties, relying on the security of their competitors! And worse, letting their competitors see every time their customers authenticated with them.

My prediction for 2008: the already-long list of OpenID providers is going to grow substantially, and we’ll see many mainstream businesses, like the Telegraph, joining as OpenID providers. Some day, there will be a shake out, but it won’t be in 2008. It’s clear that there is some justification for the land rush, and first movers in any given market can hope to gain substantially on a strategic level over their competitors.

It also points to the adoption dynamic for relying parties: companies that believe to be the "gorilla" in their respective markets will push their business partners to accept OpenIDs from them, and preferably only from them. That will look like many closed federations for some time, but it’s inevitable that those will get opened — relying parties will see to that. This OpenID provider rush, and the push into closely affiliated relying parties, are going to be the primary business dynamics for OpenID for the next 18 months or so, in my view.

[Pitch: if you are facing this emerging business dyamic and want to figure out what your strategic options are, get in touch. We'd love to help you out.]