[OpenID] Musing on FaceBook, OpenID and the next mountain to climb

Dick Hardt dick at sxip.com
Fri Aug 1 22:40:18 UTC 2008 

Hi Paul

While Facebook  could take the silo approach, they are interested in  
seeing how open standards could be used. They participated in the Open  
Web Foundation launch and when I was at their office earlier this  
week, they expressed serious interest in OpenID. See my blog post  
(which had to be run by them as it was an NDA meeting).

http://identity20.com/?p=155

Given the state of OpenID tech right now, I do not think it could be  
used to solve what they wanted to solve in a way that would deliver  
the clean user experience they desired -- but I would be happily  
proved wrong! ( I do think they could have used OAuth though)

As I mention in my post, this is an opportunity for the community to  
work with Facebook.

Myself, I think the technology needs to be enhanced and evolved so  
that it has features that Facebook Connect does not have in addition  
to the existing features.

If the community just sits back and says that all the bits are there  
-- just use them -- then this community is no different from other SSO  
communities that have told the creators of OpenID that they were  
reinventing the wheel.

-- Dick

On 1-Aug-08, at 2:09 PM, Paul Trevithick wrote:

> The problem is that this isn’t a technical issue. FB currently has  
> no business incentive to use open technologies that, among many  
> other things, would allow users to be able to retrieve and store  
> their own profile data and friends lists (as currently violates the  
> FB TOS). They are still enjoying the virtuous cycle of the closed  
> mega silos: more users begets more users. OTOH FB will open up if  
> and when there’s a reason to do so. But for now, and for a good  
> while, I’d say FB isn’t a good prospect for open, user-centric  
> technologies.
>
> Paul
>
> On 8/1/08 3:28 PM, "Allen Tom" <atom at yahoo-inc.com> wrote:
>
>> David Recordon wrote:
>> > Is there really anything that Facebook did that couldn't be
>> > accomplished with OpenID Authentication 2.0 and OpenID Attribute
>> > Exchange?
>> Facebook Connect has a nice set of libraries/apis that RPs can just  
>> drop
>> in relatively easily on their site. The JS libraries implement much  
>> of
>> the sign in flow (displaying inline sign-in forms as well as a
>> permissions screen) which means that the FB Connect user experience  
>> is
>> consistent across all RPs.
>>
>> They also seem to have implemented Single Sign Out, because signing  
>> out
>> of FB seems to also sign you out of the RP.
>>
>> Additionally, FB Connect also authorizes the RP to write to the  
>> user's
>> FB News Feed, so there's an authorization component as well. The
>> authorization seems to expire when the browser session is closed, so
>> it's not quite like OAuth.
>>
>> And finally, FB Connect requires that the RP pre-register with FB  
>> to get
>> an api key which presumably allows FB to authenticate the RP, and  
>> also
>> gives FB the ability block the RP if necessary.
>>
>> Unlike the OpenID/OAuth/AX services currently in the wild, the FB
>> Connect stack is highly integrated, with built in privacy controls  
>> and a
>> standard UI. But as you correctly stated, I believe most, if not  
>> all, of
>> the stack could have been built upon open standards.
>>
>> Allen
>>
>>
>>
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080801/6c25de84/attachment-0002.htm>

More information about the general mailing list