Live ID SDK launches
I’ve been playing around with the beta that was launched at MIX07 and can confirm that it works pretty seamlessly. If you use live ID auth you get an identifier that uniquely identifies a user on your site. That’s all you get though – and that’s where my doubts about the service start. If I want more information about the user then I have to ask them for it. Ordinarily that isn’t a problem but the user may take the opinion that "I’ve already supplied my personal details to Windows Live, why do I have to give them again to this site?" I usually judge these things by answering "Would my computer illiterate parents understand what is happening here?" and I daresay they wouldn’t. It’ll be interesting to see whether or not people like Live ID auth or not.
What I would really like to see is us being given access to other information (e.g. name, Address, phone number) that Microsoft hold about their Windows Live ID holders. Even better, allow people to store custom information in their Live ID account. Why would that be useful? Think about this scenario: Suppose my website wants to send notifications to a person’s twitter account. if that information were stored with my Live ID account then not only would I have access to it (and any changes) then so would any other website that utilise sWindows live ID auth. In essence Microsoft would manage a centralised profile and I as a website owner it would mean I don’t have to maintain that information myself.
All you receive is a pairwise ID for the user. You must collect and store profile info for these users on your own. This is to protect the user’s PII (personally identifiable information). According to the academics, identity bloggers etc… the future of the identity meta-system will all be this way and will be based on pairwise ID and no information sharing. – Josh Brown, Microsoft.
Doubts or not, this is big big news from Windows Live. Bigger than any of the recent announcements like skydrive, updated hotmail, Wave 2 UI, updated mobile search client etc… Whenever Microsoft talk about Windows Live they extol the virtues of single sign-on and with good reason. The single biggest asset Windows Live has got is the Windows Live ID and the 380m+ people that that gives them access to. By opening up that Live ID to other parties and making it easy for people to authenticate on those sites they are hugely increasing the value of live ID and increase the stickiness of Live ID. Lack of stickiness is the biggest worry that competitors in this space like Google have.
Other info about Live ID auth. I asked whether ASP.Net Forms Authentication would be able to leverage Live ID and whether sample code would be provided. This time the reply (from Josh again) was better news:
That’s in the pipeline for consideration in a future release. We know this is a feature that is in demand and are working to provide the right tools. Stay tuned!