Archive for the 'oauth' Category

Why be an OpenID Relying Party?

Thursday, February 12th, 2009

Plaxo’s Joseph Smarr presented the following at the OpenID Design Summit at Facebook HQ yesterday:

This was a controlled experiment combining 3 technologies (2 of which from the Open Stack but hybridized) under the hood to create a streamlined signup experience that goes like this:

  1. Someone at Plaxo invites you to join by entering your Gmail address
  2. You get an invitation email from Plaxo
  3. You click on the link
  4. Plaxo knows that you’re a GMail user (and likely still signed in), so it presents you with the following screen:

    I believe that since Plaxo already has your Gmail address, it is already somehow encoded in here to save you from having to type it in, but I haven’t tried it so I’m not sure
  5. Clicking “Sign up with my Google Account” brings you over to Google with the following screen:
  6. Clicking “Continue Sign-in” tells Plaxo that you are indeed the holder of the Gmail address, at the same time authorizing Plaxo to import your address book from Google.
  7. That’s it! You’re signed up to Plaxo and your Gmail address book is available in Plaxo.

The result was a staggering 92% return rate (from the Google authorization confirmation screen above), of which 92% continued with the sign up and allowed Plaxo to import their contacts from their Google address book. The results were so impressive that Plaxo’s business folks stopped the tech folks from turning off the experiment!

Indeed these results are impressive by today’s standard of endless signup forms and social networking fatigue. I would whole-heartedly agree that through this clever experiment, Plaxo has met their goals of making it better for the user, the identity provider, as well as the relying site.

The technologies that made these possible were:

  • OpenID for proving who you are (to Plaxo that you do indeed own the GMail address.)
  • OAuth (implemented as an extension to OpenID) was used to grant Plaxo access to your contacts stored on Google; and
  • Google Contacts API for actually importing them into Plaxo (would be nice to see Portable Contacts being adopted by Google)

Individually, those technologies are good at what they’re designed to do but when combined with a simple hint such as “the user is a GMail account holder, and is probably still signed in to the service”, it could be very powerful.

Still, my biggest takeaway from the slides are:

  • 17% (of Plaxo signups) come from GMail account holders; and
  • 73% come from the top 4 (Yahoo, Microsoft, Google, and AOL)
  • all of them being OpenID Providers

This shows that you can already take advantage of the fact that a large percentage of users already own an OpenID, who may be more willing to sign up to your service than they otherwise wouldn’t have if faced with another tedious registration form.

While many (including myself) have criticized OpenID that there are more providers than relying parties, Plaxo has proven (with impressive numbers) that with a little ingenuity and optimization of UX, sites can reap the benefits of being an RP!