.NET and me Coding dreams since 1998!

Windows LiveID – Microsoft red headed stepchild?

I personally believe Microsoft is missing (if not already missed) the opportunity to monetize serious potential of Windows LiveID.

For years already, there are more then half a billion user accounts (which surpasses current number of Facebook accounts) which Microsoft could’ve use to create serious advertisement revenue the same way Facebook is doing now. The value proposition for users is the fact that they don’t have to remember “yet another user name and password” which is a definite win – at least for me. For identity holder (Microsoft/Facebook), getting information on activities user makes across the web is clearly a win from marketing and advertisement perspective. It is such an obvious case of win-win scenario, that I don’t want to spend any more words on selling it to you, dear reader.

Microsoft (as with many other cool things – Ajax etc) pioneered the Sing sign-on concept more then a decade ago but didn’t do much with it allowing to OpenID, OAuth, Facebook Connect etc to emerge as industry standards.

The reason behind LiveID failure to reach world domination in identity space is related to the poor developer story which prevented wider adoption of the LiveID as “the one online identity”./ Having in mind we are speaking about the Microsoft  as developer oriented company I find that to be quite hilarious in one hand and a proof of lack of Microsoft strategic vision in this area. In other words, I believe no one cared(s) in Microsoft so much about getting the benefits from Windows LiveID as some startup might try to (who said Facebook Connect?).

Why Microsoft failed to dominate with Windows LiveID

Here are couple of reasons why I think thinks are like they are right now…

Year 2003, Microsoft attempts rolling out LiveID (at that time called Passport) to couple of big companies (including eBay and Monster) which dies in 2004. Whatever the reasons were, loosing two of such a big adopters in 2004 is (IMHO) VERY stupid because if it did happen I bet we would be all using LiveID across the web right now “with not much of an alternative”.

Year 2006, MS had a STS running on http://sts.labs.live.com. I can not imagine a reason why would something like that die but there’s no such thing today.
Having an STS (web service auth token issuer) is all I would personally care about in order to adopt LiveID in my apps.

On Mix 2008, they announced Windows LiveID SDK CTP which was up until yesterday the only way of integrating Windows LiveID with client apps and sites. They have also announced on the same mix that LiveID would become OpenID provider, but that didn’t long last too.

Beside this efforts, Microsoft was trying also to pitch LiveID in parallel using its own strongest weapon: Windows.

Microsoft's Windows XP has an option to link a Windows user account with a Windows Live ID (appearing with its former names), logging users into Windows Live ID whenever they log into Windows. To me that sounds very nice (I’ve already auth myself logging on my PC and established a trust relationship which for most of the web sites out there should be sufficient). The only problems with this is that is almost unknown feature. I did a smoke test asking 10 people I know which use Windows Live Messenger on day to day basis if they use it – none of them even knew about it. I don’t even have clear understanding how this thing gets installed other then guessing it gets bundled in Live essentials installer .

Then, there is CardSpace which is industry correct and secure way of handling our online identity information. All great, except for the fact that it is quite a mystery “how to use it” . In 2007, there was a beta of  CardSpace LiveID integration but after that nothing happens.CardSpace being a part of most of Windows apps is such a untapped potential that it is hart for me to believe that no one is trying to utilize it more seriously.

Couple of things I hope Microsoft will do with LiveID in the future

Microsoft still has some chance to emerge as one of the leaders in identity space but to do that they might consider doing some of the next things:

• promote “LiveID” to become a 1st grade citizen in Windows.
  
  Ask for LiveID to be entered during the windows installation process (most of us have it anyhow). Windows Live service would then (during the install process itself) issue Card Space managed card for a user. Right from the moment system would be installed, that card should be used on every LiveID site.
  Even better put that card on my Live SkyDrive so it could roam with me while I work on different computers. If not possible to be built in Windows (ether Win7 SP1 or Win8), can we at least consider building it in Internet Explorer 9?

  I know this could be probably breaking some monopoly law, but lets face it – MS didn’t become what it is playing fair but playing bold.
  Apple integrating MobileMe and Chrome integrating google bookmarks and Flash are doing exactly that.

• Use LiveID on ALL of the Microsoft sites. No excuses. Period.
  Just check out last post on windowsteamblog.com which (ironic isn’t it) introduces newest LiveID “Messenger Connect” API.
  To post a comment you need to Sign In
  
  but that is not using the LiveID 
  

  If you don’t trust in it, why should we?

• Spread it across the web similar to Facebook ‘Like’ button (‘Post with Messenger’) 
  Here’s a sample of how Bing can be used to collect ‘Likes’ by adding a ‘Post With Messenger button’ which would send it to people on messenger contact list andor Facebook, MySpace etc… Even this would end with forwarding it to Facebook as ‘Like’ there is still value in collecting those data associated with LiveID…
  
  

Do the same with as much as possible social networking sites.
Aggregate the data and share it with us developers so we can personalize better our content (not only ads)..

• Stay away from hustling users as much as you can
  Force me to log in only once in 24 hour or more.  I ‘m sure this goes against best security practices etc. but for most web sites it really doesn’t matter. Otherwise you shift from "login screen” to “nag screen“
• Support other browsers the same you do with IE.
  What’s the story with the FireFox and Windows Live? One of my friends, decided to use DropBox instead of LiveMesh (even offered 250% more storage space) just because he hates LiveID. Reason: he uses Firefox and it looks like that “Remember me”check box on Firefox has slight dementia so the login screen is quite annoying  
• Support other security protocols
  LiveID as OpenID provider, OAuth etc… The more adapters the merrier.

Last but not the least - respect us developers

I got personally interested in this topic because I choose WPF for my LOB application I am playing lately and I decided to use LiveID for authentication (everyone I know has one – regardless how they use it).

My preferred approach to building this app is S+S (which I am not sure if is still official MS way to go) where a desktop client application gets powered by services from the web/cloud getting with this approach best of both worlds: best user experience on windows machines + data in the cloud.

I was so naïve when I decided to try tout LiveID to expect to find some LiveID STS web service to which I would pass user name + password + ApplicationID and get back in response membership token. Naïve because I didn’t even consider the possibility that such thing doesn’t exist which ended as a true case.I really don’t understand why there is no such offering by Microsoft as we speak.
 
The second in favor solution is “acceptable” experience Microsoft has in its own Live Essential suite tools.Here’s a sample of how to do it.

As you can see it is a simple client app window which I am not sure what it does on “Sign in” but whatever it does (POST or web service) I am ok with using it too.

What I don’t want:

• login control being a web browser control showing the special windows live login html page
• generic control where I can not change the text (my app + folks not speaking English)

Reasons why I don’t accept those two things are I guess exactly the same as the one Microsoft came up with  when deciding not to use it in their own products.

If Microsoft expects me to use LiveID in my WPF apps they have to provide me a way to get the same user experience they have in dealing with the same problem.

Yesterday Microsoft released new Messenger Connect SDK which contains a sample WPF application and WPF template which is encouraging. In order to run the sample, one need to register application with windows live which right now is done through connect where you fill the request form and someone sometime would consider it.

Based on a quick glance over the sample there are no obvious ”skinning” capabilities – no control just a direct call to some function. The only thing I could do while waiting (hopefully) to get an LiveID was to run the sample as it is out of the b ox and this is the result I got “HTML in a box” – not very encouraging.

I’ll wait for the application key before I make a final call but so far it doesn’t look like Microsoft cares about WPF + LiveID integration experience..

Keeping fingers crossed but not holding my breath …