[OpenID] About Facebook, MySpace and OpenID

Brian Kissel bkissel at janrain.com
Fri Apr 3 16:33:39 UTC 2009

At the Content Provider Advisory Committee we heard from several RPs that the most important data they wanted from OPs was email address, followed by age or date of birth for any sites that had COPPA compliance goals.  Further, if the OP can pass a "verified" email address so that RPs don't have to go through the 2 step registration dance of waiting for users to "verify" their email address, that improves registration success rate.  There's a big drop off from email registration due to verification emails going to spam folders or users just forgetting to go through the last step to verify an account.

If all OPs would pass a verified email address (with end user consent) I believe all RPs would certainly prefer it.


Brian Kissel
Cell: 503.866.4424
Fax: 503.296.5502

From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of Andrew Arnott
Sent: Friday, April 03, 2009 8:58 AM
To: santrajan
Cc: general at openid.net
Subject: Re: [OpenID] About Facebook, MySpace and OpenID


I really don't understand this obsession you have about how OpenID is a useless "extra step" without an email address being part of it. Any shopping mall web site that requires a login will need to take a username+password, plus email verification, or an OpenID, plus email verification.  There's no extra step -- it's an exchange of one step for a different step.  And yes, it absolutely makes sense to do this because customers won't have to create yet another username and password.

I really don't care too much about jumping to my email client for an email verification step. I don't mind that.  What I really mind is remembering another username and password because that lasts a long time.

I'm not disagreeing that skipping email verification would be convenient, but geez, man, how long can you beat this dead horse?
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire

On Fri, Apr 3, 2009 at 8:43 AM, santrajan <santrajan at gmail.com<mailto:santrajan at gmail.com>> wrote:

I am posting the full text of my blog post with the same subject here.

MySpace recently announced there support for OpenID. The idea here is that
MySpace users will be able to log in to third party sites with their MySpace
Id's. MySpace users needn't get too exited about it too soon.

Consider this. A MySpace user would like to log in to her favorite shopping
site with her MySpace Account. The shopping site is unlikely to support
MySpace Logins. The simple reason being that shopping sites need the email
addresses of their authenticated users for various reasons (communicating
orders, delivery, new stock etc etc). It doesnt make sence to the shopping
site to authenticate using MySpace (An extra step) and then run the user
through another email verification process. This will also be true for many
other web sites that require their users to login.

However  MySpace could have made the users email available to the shopping
site (Ofcource with the users consent only) via a provision in the OpenID
specifications called SREG. So then why didnt MySpace choose to support

This is not a problem for MySpace alone. When Facebook decides to support
OpenID it will be faced with the same dilemma. It is really a frightening
thought for social networking sites to hand over their users email address
to a third party. For social networking sites keeping the users bound their
network is of primary importance.

However an equally frightening possibility for social networking sites is to
see their users start using Google accounts and Yahoo accounts to log in
into third party sites! They could start loosing users in that case too.

The jury is out on what these guys should do.

But I am clear on what MySpace should have done. Facebook being the no 1
social networking site can wait this one out a bit more. However MySpace
should really have capitalized on this opportunity. Supported SREG and tried
to rope in third party sites to support MySpace logins, and tried to build a
small advantage over Facebook on this account.

View this message in context: http://www.nabble.com/About-Facebook%2C-MySpace-and-OpenID-tp22871070p22871070.html
Sent from the OpenID - General mailing list archive at Nabble.com.

general mailing list
general at openid.net<mailto:general at openid.net>

__________ Information from ESET NOD32 Antivirus, version of virus signature database 3985 (20090403) __________

The message was checked by ESET NOD32 Antivirus.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090403/2a700902/attachment-0002.htm>

More information about the general mailing list