Regarding the Yahoo!-specific button, its really up to a Relying Party to determine whats the right experience for its users. If the button doesn’t work for their website and target audience, they don’t have to install it. We’ve actually got good initial feedback from some Relying Parties about the buttons.

Finally, user education has been a paramount consideration for us and you will see that reflected all across the product. I believe we do a better job of educating users about the proper use of OpenID than just about any OP today.

However, I still don’t like the solution of a Yahoo-specific login button on 3rd party sites. Allowing users to type in “yahoo.com” is great, but I doubt most users will be aware of that feature.

The biggest problem with OpenID is educating the users. I do think it’s great that Yahoo is trying to make it easy for average users to use OpenID, but it will only be effective if users understand that OpenID is bigger than just Yahoo and a few sites that have “Sign in using Yahoo” buttons.

Now, the real question I have is does Yahoo plan on being a relying party so I can log in with my own OpenID? I’m guessing that’s unlikely…

Now, the reason we chose the auto-generated URL by default, and not the Yahoo! ID, is to protect the user’s email address from getting revealed by default on OpenID websites. Imagine a world where OpenID is used by every web user – if their OpenID URLs are being left all over the place (eg: while reviewing a restaurant), this can become a contextual spam target (as a spammer, I would know that you are interested in restaurants and I would spam you about restaurants by just parsing your OpenID URL and mapping that to your email/IM address). This is not possible with our auto-generated URLs, and hence, thats the default choice. This was discussed at length at a session I led at the Internet Identity Workshop 2007b and the general consensus in the group was that the user’s OpenID URL should not, by default, reveal the user’s email/IM address. You can find session notes here:

http://iiw.idcommons.net/index.php/OpenIDForLargeProviders

Our primary objective is to make OpenID easy to use for non-tech savvy users. Forcing all users on the web (i.e. all 1+ billion of them) to understand the concepts of URLs as identity endpoints is a non-starter in this respect. If, on the other hand, you do understand URLs as identifiers, and want to customize your URL, we do provide that ability, including allowing you to create a cool Flickr-based OpenID URL.

I hope this clears your confusion. If you have any other questions, feel free to send them over.

That’s correct, but my issue is that the URL is obscure by default and most average users won’t know that they can select an easy to remember OpenID, thus they won’t be getting a “true” OpenID experience. As a result, for a site to allow those users to log in via OpenID they must provide a Yahoo-specific button.

I don’t understand Yahoo’s decision to not use easy to remember OpenID URLs by default.

1) The OpenID URL can be anything you wish. It can be your Flickr URL (if you have an account there, of course) or anything else. Yahoo! makes some suggestions. When signing in to a relying party it’s sufficient to type in yahoo.com; everything else works in the background.

2) Relying parties are not required to use the Yahoo! sign-in buttons. You can also used the familiar OpenID sign-in boxes.