[OpenID] Musing on FaceBook, OpenID and the next mountain to climb
Johannes Ernst
jernst+openid.net at netmesh.us
Fri Aug 1 23:33:27 UTC 2008
So what about we build it then?
We don't have to call it OpenID Connect, though ;-)
On 2008/08/01, at 12:28, Allen Tom wrote:
> David Recordon wrote:
>> Is there really anything that Facebook did that couldn't be
>> accomplished with OpenID Authentication 2.0 and OpenID Attribute
>> Exchange?
> Facebook Connect has a nice set of libraries/apis that RPs can just
> drop in relatively easily on their site. The JS libraries implement
> much of the sign in flow (displaying inline sign-in forms as well as
> a permissions screen) which means that the FB Connect user
> experience is consistent across all RPs.
>
> They also seem to have implemented Single Sign Out, because signing
> out of FB seems to also sign you out of the RP.
>
> Additionally, FB Connect also authorizes the RP to write to the
> user's FB News Feed, so there's an authorization component as well.
> The authorization seems to expire when the browser session is
> closed, so it's not quite like OAuth.
>
> And finally, FB Connect requires that the RP pre-register with FB to
> get an api key which presumably allows FB to authenticate the RP,
> and also gives FB the ability block the RP if necessary.
>
> Unlike the OpenID/OAuth/AX services currently in the wild, the FB
> Connect stack is highly integrated, with built in privacy controls
> and a standard UI. But as you correctly stated, I believe most, if
> not all, of the stack could have been built upon open standards.
>
> Allen
>
>
More information about the general
mailing list