OpenID: Growing Quickly
I mentioned yesterday that David Recordon and Johannes Ernst had a great article posted on the ZDNet blog. It got picked up this morning by Slashdot based on some coverage from Internet Identity World yesterday.
While at IIW, I gave a talk on adoption rates of OpenID and some other trends we’re seeing in open source use. I mentioned that we’re seeing 5% growth of sites that are supporting OpenID every week. That means, we are seeing more and more new sites that support OpenID every week. As of this writing, that number is at 561 total sites. The key here, and I mentioned this in my talk, is that this is from the perspective of MyOpenID.com (this is the OpenID Identity Provider that we run). That means this is not all-inclusive. The odds are that there are actually more. See the above graph for clarification.
Given what appears to be an exponential growth in openid support on various websites – is there a danger of openid verification servers breaking under the load? If this stuff is free, then presumably someone is going to have to throw more h/w kit at this to keep up with the explosion of identity verifications? Who does this -and who pays for it?
Is there any danger of some logins taking 1-2 minutes due to lack of bandwidth?
Fortunately, the OpenID verification services are distributed and decentralized. In our case, MyOpenID.com is run on very robust infrastructure capable to scaling to many millions of users.
There are several other identity providers out there (a great list is here) and each one has to handle its own load accordingly. If your provider can’t keep up, they probably shouldn’t be your provider.
I also put this in the category of this-would-be-a-nice-problem-to-have. If we had so many users that we were having to deal with load issues, then OpenID would be an unequivocal success … :-)
I don’t think we’re in any danger of logins taking too long to happen.
Does Federated Identity sometimes require Federated Authorization? If so, how come this isn’t ever discussed. Maybe you could address in future blog entry…
Well I certainly do hope that OpenID does become an unequivocal success!
However, should that happen, then my question still stands.
If commercial businesses want to hook into this, then surely there must at lest a minimum level of confidence that openid servers aren’t going to drop off the net… Let’s say ebay and amazon takes up openid at the same time. Could myopenid.com handle x hundred auths/second. Or x/thousand auths/second for that matter?
I just don’t understand the business model. For example, if my online business takes off, and I happen to generate so many auths/second that your servers fall over – who is responsible? The site generating the load? If it costs JanRain another 150k to add more kit to cope with extra load – where is your ROI coming from?
Perhaps this blog entry is the wrong place for these questions… However I see the above graph as non-linear… It’s only a matter of time before your servers feel the pinch – and by that time – businesses will be relying on you!
Ian.
Ian: I really think this falls into the that-would-be-a-nice-problem-to-have category. If the graph continues on at the current rate, we’ll have some serious traffic on our hands. How do we deal with that?
MyOpenID.com is going to be delivering some premium features in the not-so-distant future that users can pay for. This is known as the “freemium” model. We’ll always provide the base level of service; free OpenID’s with personas, etc. Users can then buy the premium services for things like two-factor authentication, etc.
On top of that, we’re getting ready to launch some services that sit on top of OpenID. These are services that help us to take advantage of a world where users have one username and one password for all of the sites they visit. We’ll be launching some of these services in the next couple of weeks.
As for handling load, we’ve got a great team and fantastic infrastructure. We’ve built a solid service that can easily scale to thousands if not millions of authentications per day (or even hour). You can build this infrastructure and manage it for much less than you’d imagine these days.
James: great idea … will do in a future blog entry. The short answer; it hasn’t been discussed yet with respect to OpenID in the protocol but inevitably people will build their own federated networks using OpenID to do so in the near term.
Thankyou for your views.
I’m looking forward to seeing what you guys are going to deliver. I think offering 2-factor to an openid audience is an awesome concept – something that would be very relevant to my future business.
Best wishes in your endeavours.
I seriously see the http identification protocol as the stumbling block for the average web user… and average aside… any user… the concept of a web url being your identity is I think too abstracted.
@geekpunk: I think its easier to grasp than most people give it credit. Today so many people think in terms of URL’s already; I am my blog, I am my MySpace or Facebook profile page.
would it be possible to share different user profiles among social networks?…i mean, to link different profiles (flickr profile, youtube, blog) to an openID and when the user logs in one of those networks the profiles were visible for the community.