[OpenID] Musing on FaceBook, OpenID and the next mountain to climb

Nat sakimura at gmail.com
Fri Sep 5 11:02:04 UTC 2008 

OpenID is not quite mobilebfriendly in the sense that it carries a lot  
of information through browser redirect. We should define something  
akin to the artifact binding of SAML. You know. Typical Japanese phone  
browser can only carry 128bytes in their get requests. We should  
leverage more on direct communication. That is one of the reason that  
we are working on proposed TX spec since last November. I am planning  
propose a WG within a month, so if you are interested, please chime in.

=nat at Tokyo via iPhone

On 2008/09/05, at 7:37, John Panzer <jpanzer at acm.org> wrote:

> tom wrote:
>>
>> Couldn't agree more Eran.....
>>
>> I feel like the community is a little like a rabbit staring into the
>> proverbial headlights over this. I see no reason to either look up to
>> Facebook or attempt any copy of Facebook closed technologies.
>>
>> Social networks come and go (sixdegrees=hype1:1997,
>> friendster=hype2:2002). One of the reason that Facebook is  
>> experiencing
>> limited competition is that the real "social network cashcow" is in
>> mobile networks. Let me throw this at you:
>>
>> Facebook users click on an advertisement 0.04% of the time - yes,  
>> just
>> 400 clicks in every 1 million views one of the lowest returns on  
>> the web
>> today.
>> Source:
>> http://valleywag.com/tech/advertising/facebook-consistently-the-worst-performing-site-242234.php
>>
>> eMarketer forecasts that over 800 million people worldwide will be
>> participating in a social network via their mobile phones by 2012, up
>> from 82 million in 2007.
>> Source: http://www.emarketer.com/Report.aspx?code=emarketer_2000489
>>
>> Now if anybody wants to focus on mobile OpenID, OAuth integration and
>> making it very simple to overlay open formats (such as a social
>> networking syndication format) by making our extensions documented to
>> look more like a developers API I am listening;)
>>
>
> Open Social and Portable Contacts are attempting this (with  
> synchronization on people list formats).
>
>
>> Tom
>>
>>
>> Eran Hammer-Lahav wrote:
>>
>>> A few facts:
>>>
>>> Facebook Connect could have been built on top of OAuth.
>>>
>>> Facebook did not participate in the Open Web Foundation launch – 
>>>  Dave
>>> Morin was involved as an individual.
>>>
>>> Facebook has been talking about their desire to open and learn more
>>> about open specs for a year now, with nothing to show for it.
>>>
>>> Facebook has been invited and engaged in conversations with the
>>> community with nothing but a waste of time to show for it.
>>>
>>> ---
>>>
>>> The fact that on the same day they announce support for the OWF,  
>>> they
>>> also announce a product that is ignoring all the work done by this
>>> very same community they claim to be supportive off, is to me, a
>>> mockery. I would be happy to be proven wrong but for a year now seen
>>> nothing to make me believe it.
>>>
>>> EHL
>>>
>>> *From:* general-bounces at openid.net [mailto:general-bounces at openid.net 
>>> ]
>>> *On Behalf Of *Dick Hardt
>>> *Sent:* Friday, August 01, 2008 3:40 PM
>>> *To:* Paul Trevithick
>>> *Cc:* david at sixapart.com; OpenID
>>> *Subject:* Re: [OpenID] Musing on FaceBook, OpenID and the next
>>> mountain to climb
>>>
>>> Hi Paul
>>>
>>> While Facebook could take the silo approach, they are interested in
>>> seeing how open standards could be used. They participated in the  
>>> Open
>>> Web Foundation launch and when I was at their office earlier this
>>> week, they expressed serious interest in OpenID. See my blog post
>>> (which had to be run by them as it was an NDA meeting).
>>>
>>> http://identity20.com/?p=155
>>>
>>> Given the state of OpenID tech right now, I do not think it could be
>>> used to solve what they wanted to solve in a way that would deliver
>>> the clean user experience they desired -- but I would be happily
>>> proved wrong! ( I do think they could have used OAuth though)
>>>
>>> As I mention in my post, this is an opportunity for the community to
>>> work with Facebook.
>>>
>>> Myself, I think the technology needs to be enhanced and evolved so
>>> that it has features that Facebook Connect does not have in addition
>>> to the existing features.
>>>
>>> If the community just sits back and says that all the bits are there
>>> -- just use them -- then this community is no different from other  
>>> SSO 
>>> communities that have told the creators of OpenID that they were
>>> reinventing the wheel.
>>>
>>> -- Dick
>>>
>>> On 1-Aug-08, at 2:09 PM, Paul Trevithick wrote:
>>>
>>>
>>>
>>> The problem is that this isn’t a technical issue. FB currently h 
>>> as no
>>> business incentive to use open technologies that, among many other
>>> things, would allow users to be able to retrieve and store their own
>>> profile data and friends lists (as currently violates the FB TOS).
>>> They are still enjoying the virtuous cycle of the closed mega silos:
>>> more users begets more users. OTOH FB will open up if and when  
>>> there’s
>>> a reason to do so. But for now, and for a good while, I’d say FB 
>>>  isn’t
>>> a good prospect for open, user-centric technologies.
>>>
>>> Paul
>>>
>>> On 8/1/08 3:28 PM, "Allen Tom" <atom at yahoo-inc.com> wrote:
>>>
>>>
>>> David Recordon wrote:
>>>
>>>> Is there really anything that Facebook did that couldn't be
>>>> accomplished with OpenID Authentication 2.0 and OpenID Attribute
>>>> Exchange?
>>>>
>>> Facebook Connect has a nice set of libraries/apis that RPs can  
>>> just drop
>>> in relatively easily on their site. The JS libraries implement  
>>> much of
>>> the sign in flow (displaying inline sign-in forms as well as a
>>> permissions screen) which means that the FB Connect user  
>>> experience is
>>> consistent across all RPs.
>>>
>>> They also seem to have implemented Single Sign Out, because  
>>> signing out
>>> of FB seems to also sign you out of the RP.
>>>
>>> Additionally, FB Connect also authorizes the RP to write to the  
>>> user's
>>> FB News Feed, so there's an authorization component as well. The
>>> authorization seems to expire when the browser session is closed, so
>>> it's not quite like OAuth.
>>>
>>> And finally, FB Connect requires that the RP pre-register with FB  
>>> to get
>>> an api key which presumably allows FB to authenticate the RP, and  
>>> also
>>> gives FB the ability block the RP if necessary.
>>>
>>> Unlike the OpenID/OAuth/AX services currently in the wild, the FB
>>> Connect stack is highly integrated, with built in privacy controls  
>>> and a
>>> standard UI. But as you correctly stated, I believe most, if not  
>>> all, of
>>> the stack could have been built upon open standards.
>>>
>>> Allen
>>>
>>>
>>>
>>> _______________________________________________
>>> general mailing list
>>> general at openid.net
>>> http://openid.net/mailman/listinfo/general
>>>
>>> _______________________________________________
>>> general mailing list
>>> general at openid.net <mailto:general at openid.net>
>>> http://openid.net/mailman/listinfo/general
>>>
>>> --- 
>>> --- 
>>> ------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> general mailing list
>>> general at openid.net
>>> http://openid.net/mailman/listinfo/general
>>>
>>>
>>
>>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080905/cb0d1099/attachment-0002.htm>

More information about the general mailing list