In July of 2018, StackExchange ended support for allowing people to login via OpenID. One tenth of one percent of their users were logging in using OpenID, and I was one of those last remaining people. In an era where every website allows people to create accounts and login using other websites (e.g. Facebook, Twitter, Google, Github, et. al.), OpenID was an attempt to create a standard to allow anyone to use any identity provider to login to web applications.

Unfortunately OpenID has slowly fallen out of use. Several major OpenID providers have gone offline over the years, leaving some users stranded without a login to services they use. Websites like Woot, Slashdot and Pypy, all which supported OpenID at some point, have slowly (and often silently) removed support. Other sites such as Freecode and Gitorious supported OpenID until they closed down. Although we are entering an era where more people in tech are pushing for distributed systems for content and social networking, the era of federated authentication via OpenID is most likely at a dead end.

We’re all familiar with the following sign-up prompts. We’re told we can login to a website using some other site we most likely have an account on.

Creating an account with a Third Party Identity Provider

At one time, some of these logins may have been made via OpenID. Today, they are a mix of OAuth 1, OAuth 2 or other proprietary single sign on protocols.

I currently run SimpleID as my OpenID identity provider. It runs out of a Docker container and is provisioned using Bee2. Unfortunately, the last release for SimpleID was version 1.0.2 in December of 2016. There are references on the official website to SimpleID 2, but it doesn’t appear as if this version was ever released.

Site OpenID Support Status *.stackexchange.com/users/authenticate/ (15 sites) Discontinued OpenID Support (July 2018) deletionpedia.org/w Discontinued OpenID Support freecode.com/ Service discontinued / Read only Archive (2014-06-18) gitorious.org Service discontinued / Acquired by Gitlab (2015-06-01) www.openid-ldap.org/test.php Unreachable (2018-10-01) www.openstreetmap.org Online / Accepts OpenID Authentication pypi.python.org/openid_login?realm=realm Online / OpenID Access Removed sealion.club Online (GNU Social) / Accepts OpenId Authentication slashdot.org Online / OpenID Access Removed

Out of all the websites I had created accounts for, or authenticated using my self-hosted OpenID provider, the only websites which still allow OpenID logins are OpenStreetMaps and instances of GNU Social. There have been attempts to replace OpenID over the years. Mozilla briefly created a tool called Personas (confusing, given it was also the name of the Firefox theme system) which attempted to provide a decentralized method for signing into websites, but after low adoption rates it was eventually scuttled in November of 2016.

OpenID originated from Brad Fitzpatrick, the creator of LiveJournal. Like that previous generation of social networking, OpenID was part of an Internet culture built around the idea of open standards. Major companies such as Yahoo!, Google, Facebook, Microsoft (Windows Live ID) and MySpace introduced support for either OpenID logins, using their service as an identity provider, or both. In recent years these companies have abandoned open standards, with both Google and Facebook removing standardized XMPP support for their messaging services, and with all of them removing all OpenID support.

The large players have mostly abandoned open standards, realizing there is more revenue available in closed and proprietary services within their walled gardens. Even when they are required to interact with open standard, Microsoft and Google have still managed to make e-mail unreliable.

Although OpenID may be in decline, several other open standards for distributed services are starting to solidify and have been implemented by several projects. The ActivityPub protocol, used by federated social networking applications such as Mastodon and Pleroma, is now an official W3C recommendation. Both Mastodon and Pleroma also support the OStatus protocol used by GNU Social.

Personally, I rarely use social logins and opt to create new accounts when prompted for sign-up/sign-in options on a website. However, I am in the minority as 70% ~ 80% of web users prefer using social logins over creating new accounts. Self-hosted, independent OpenID providers are used by a tiny fraction of Internet users, growing even smaller and fewer and fewer services support it. Even as we witness the slow death of OpenID, I hope it isn’t pushing us further away from the dream of an open web.