In my childhood, many of the bad guys in TV shows were corporate overlords. Tweed jackets and dark turtlenecks were the apparel of choice. They were ridiculously unctuous, spouting obliquely phrased threats like, "This Mannix fellow has become…Inconvenient."
These villains were the creation of TV studios trying to capitalize on the post-60s, post-Watergate hangover, during which corporate executives were about as trusted as…Well, about as trusted as they are today. Corporate goons may be even less popular today than they were a few decades ago, after wrecking the global economy, plundering their own companies, and cackling gleefully as they collected their obscenely large bonuses. Heck, Steve Jobs even has a penchant for turtlenecks.
Distrust of corporations is having a profound impact on an important issue in the technology industry, centralized authentication and identity management for the cloud. The more applications that go into the cloud, the greater the demand for a centralized mechanism for managing authentication across these systems. Most of the would-be guardians of authentication for the cloud are corporations like Google, Facebook, and Microsoft, which poses a dilemma for these companies and users alike.
The big weapon that vendors have in this competition is adoption. Facebook claims that 60 million users per month use the Facebook Connect API as an authentication service for some other application. Meanwhile, the well-intentioned OpenID project, still hasn't cracked the one-half of 1% barrier for adoption among websites.
What accounts for Facebook Connect's success? The fact that it's based on Facebook. People are already using the standard Facebook application to connect with friends, post status updates, and maintain their profiles. Facebook adoption sells Facebook Connect. OpenID has no comparable starting point. Instead, OpenID looks like yet another account that you need to create, yet another login that you need to remember.
Meanwhile, Facebook continues to proliferate across platforms. From your iPhone to your XBox, Facebook is there, easy to set up, easy to use. Other social applications, such as Twitter and Google are equally ubiquitous, so guess what? They're interested, too, in this authentication business. Google, for example, believes that Gmail and Google Apps provide a strong incentive for other sites to use their authentication service.
As impressive as the momentum behind these authentication services may be, the brick wall of distrust lies ahead. The companies that we've been discussing have all done something recently to increase anxieties about questions of access. Facebook keeps diddling with its privacy settings, sometimes to implement its own ideas of how people should use their services, at other times dealing with user complaints about these notions. While a single product group at Google may have been responsible for the Buzz goof, the backlash is directed at Google as a whole. Apple's decision to pull titillating content from the application store invites speculation about what other kinds of censorship it might exercise in the future. Microsoft's traditional problems getting people to trust them seem almost quaint.
Earlier this week, I argued that PM teams need a bit more security and risk expertise than they may have today. In companies that provide cloud authentication services, or use them in their applications, PMs need to deal with a complementary requirement that goes beyond purely technical details: trust.
[Cross-posted at The Heretech.]