One of the most interesting pieces of the new Google App Engine is the identity piece.

I quote from The Users API on the Google App Engine site:

Google App Engine features integration with Google Accounts: Applications can have users sign in using their Google accounts, and know who is using the application during a session. With Google Accounts, your users can get into your application sooner by not having to create a new account, and your application can personalize the user experience without managing its own login system.

... and now you’re a sharecropper on the Google plantation.

What a devil’s bargain; Google will make your identity pain go away and qualify a high proportion of the world’s Internet users to use your app. But you’re gonna be on the plantation forever; deal with it.

Dana Gardner has an interesting angle on this: Gangsta cloud wars could pivot on the traffic-driving power of Google and Microsoft/Yahoo.

I have no idea, just totally no idea, how this is going to play out.

By way of contrast, read Garrick Van Buren’s Free & Open Is Its Own Lock-in.

[Update: Several people I respect have given me a hard time for using what they said were racially-charged metaphors. So I’ve re-written slightly.]


Comment feed for ongoing:Comments feed

From: Daniel Haran (Apr 09 2008, at 10:26)

It's a worrisome trend, to be sure.

What I find amusing is that someone already used App Engine to create an OpenId provider:


From: Doug Cutting (Apr 09 2008, at 10:27)

I still dream of a commodity cloud, where folks can build applications and separately choose where to deploy them, rather than first having to choose whether to build a Google, Amazon or Microsoft application.


From: Reg Braithwaite (Apr 09 2008, at 10:34)

I recall quoting you on this subject before:


From: Ryan Cousineau (Apr 09 2008, at 10:37)

Take away my ID concerns and hosting woes for free? Sharecropping never paid so good!


From: katre (Apr 09 2008, at 10:41)

Honestly, once you start developing using Google's new service, you're already tied in. Using their user management system is just icing on the shackles.

Your work is on their server, using their API. You can use their database layer if you want persistent data. You're not going anywhere once you start.


From: DeWitt Clinton (Apr 09 2008, at 10:44)


There is nothing, absolutely nothing, preventing application developers from using their own identity provider or using third party authentication for App Engine applications. We simply made it easy to use Google Accounts because that helps lower the barrier to developing scalable real-world applications. (And people would be asking why we left it out if we *didn't* do it!)

Over time I fully expect and hope for (and heck, would start developing myself) a rich ecosystem of third party identity systems that are easily integrated with App Engine. We've already seen OpenID integration, I know people who are working on easy OAuth libraries, and I imagine we'll see other third party identity mechanisms up and running in no time.

Also worth noting that lock-in is a non-goal! As I just wrote to a friend recently:

"The dev_appserver SDK is all open source (Apache licensed), and I hope and expect to see people write compatibility layers on top of other providers beyond just Google. And beyond the datastore interface, there are few parts of the stack that are all Google-specific (it is standard python, standard python libraries, etc). If there are other places you see a potential for lock-in, please don't hesitate to let me know and I'll look into how to address them."

But if there are particular suggestions you'd have about what we can do differently I'd love to hear them. I think we're in violent agreement that identity an area that deserves scrutiny and attention from the community.




From: Nelson Minar (Apr 09 2008, at 11:19)

I don't disagree with our point, Tim, but did you have to go straight to inflammatory racism metaphors?


From: Mark Allerton (Apr 09 2008, at 11:38)

Just to add to what DeWitt said, it seems fairly obvious to me that even if an application developer used GAE's identity system, it would be possible to migrate your user base away if need be.

Any non-trivial app will need to have its own user profile table anyway - and that you can migrate. You still have to move people away from Google IDs - but you could basically turn your GAE app into a temp password generator for your new ID scheme. If Google becomes an OpenID IdP you would not even need that.


From: d.w. (Apr 09 2008, at 12:08)

Sigh. I posted this almost exactly 5 years ago on my own blog, and I'm sad that I don't actually need to change a word of it to repost it here:

Sharecroppers performed backbreaking physical labor for almost no money, and existed in an environment where a bad harvest or a duplicitous landowner could spell the difference between a survivable (but meager) winter and near-starvation.

Software engineers work in air conditioned offices, usually for at least decent pay, and have freedom of movement, self-determination, and the opportunity for professional advancement.

My aunt tells a great story of the night her grandmother (my great-grandmother) and her family headed north out of Mississippi ahead of a lynch mob, having completely torched a crop of cotton in the fields because the landowner tried to cheat them out of the proceeds they’d earned that year. She’d have kicked your pansy coding ass. Mine too.


From: Justin Rudd (Apr 09 2008, at 12:20)

Yes it ties you even closer to them. But if I were to go to (the fictional) site - - and I had to sign in, I'd be happier to see that I can use my Google Account and be authorized by Google servers than some random Startup's servers. A startup that might go out of business and during a fire sale sell off the data.

It is not unlike why people offer PayPal links or Google Checkout, etc. I'd rather be diverted to a site I "trust", than put my credit card information in some random site.


From: Mark Allerton (Apr 09 2008, at 13:39)

BTW, coming back to your original "sharecropping" post, five years on - isn't it possible that developers like JetBrains, who have made major contributions to the state of the art, might see Sun's behaviour in the developer tools market in a similar light?


From: Mark (Apr 10 2008, at 01:02)

Users are not even going to know your site is hosted by Google unless you tell them. The Gmail log-in option is just that: an option.

Anyone who runs a Web site that requires a log-in for some features knows that most users flea once they see that registration page. Heck, even using BugMeNot is too much trouble for me.

I could see using the Gmail log-in option to hook users into a trial membership so they can sample the wares, but require them to adopt a different password (stored as a hash on your system) to continue or to access more features.

Once a user has entered data into your system or created a history of some sort, he's much more likely to go to the trouble to register, as long as you keep the registration simple (e-mail address, user name, period).


From: Len Bullard (Apr 10 2008, at 06:16)

Cluetrain for your readers from and Alabama po'boy: sharecropping was an equal opportunity employee.

I toted a cotton sack by the time I was seven years old and the stick for moving the snakes out of the way. It was common among the poor blacks and whites living in the agrarian states.

Deal with it.

Sometimes the brain-stupidity out there is so tremendous I wonder how they learned to breathe properly.


From: Francis Hwang (Apr 12 2008, at 06:18)

Also, if you think sharecropping is racial then you're not thinking internationally. My great-grandfather was a sharecropper in Korea, working on land owned by another Korean. No race issues there at all, just back-breaking poverty, which sucks no matter what your skin color.


From: Dan Brickley (Apr 14 2008, at 04:24)

On the other hand, it seems to have allowed OpenID to be layered on top quite nicely: ... so apps could always use OpenID and keep a bit of migratability.


From: Chris Anderson (Apr 14 2008, at 15:30)

I wanted to allay the lock-in concerns, so I released an open-source alternate App Engine host at It's just a proof of concept, but it should be easy for someone to bulletproof it and add real database support.


From: Tom Davies (Apr 14 2008, at 16:26)

I've written a simple app which uses Atlassian's Crowd SSO for authentication -- there is no lock in to Google's authentication unless *you* choose it:


author · Dad · software · colophon · rights
picture of the day
April 09, 2008
· Technology (87 fragments)
· · Identity (42 more)
· Business (121 fragments)
· · Internet (107 more)

By .

The opinions expressed here
are my own, and no other party
necessarily agrees with them.

A full disclosure of my
professional interests is
on the author page.