[OpenID] Facebook support for OpenID. Where?

Wed May 20 02:30:26 UTC 2009

Andrew,This is not only a farce, unfortunately it is also extremely bad news
for OpenID.
1) Requiring one ID (Facebook ID) to use another ID (OpenID) is ridiculous
to say the least. It is going to give a wrong impression about OpenID to all
the Facebook users.
2) It will also give an impression that OpenID is something for accessing
users data from another provider. Really this is the work of OAuth.
3) It gives the impression that OpenID is something like "twitter ID" which
it is not. Again this is OAuth domain.
4) What impression do you think this is going to give potential RP's? Are
you going to show Facebook as a great example of OpenID implementation?

I am not buying the argument that this is only a trial phase etc. If they
really wanted to try OpenID they should have tried a beta for limited users.
That is what most RP's do. If anything this will thoroughly confuse
everybody about what OpenID is. This is going to cause more damage to OpenID
than anything constructive.

I beleive OpenID MUST be on the users "log in" page and not buried somewhere
in his "settings" page. I have already said many many times that RP's like
these cannot implement OpenID correctly without an email address. But at the
same time I dont want RP's to go ahead and implement something half baked
and give the wrong impression to everybody. And Facebook implementation is
going to remain more or less like this until the day emails are accepted as
OpenID's.

On Wed, May 20, 2009 at 7:04 AM, Andrew Arnott <andrewarnott at gmail.com>wrote:

> Santosh,
>
> This isn't a farce at all, IMO.  Facebook is a very big web site and
> they're rolling out OpenID RP support slowly.  Right now their UI has
> experienced almost 0 change and yet they're able to start collecting data
> without intruding on the users who don't know what OpenID is.  As they
> collect usage data and test interoperability with various OPs, they gain
> confidence that they can add some UI to the login and account creation pages
> so that eventually a password will no longer be required to create an
> account.
>
> I think it's a perfectly reasonable first step.
>
> I don't like that Facebook requires access to my Contacts to hook up with
> Google.  But if you don't like that, type in your own OpenID that is from an
> OP that doesn't have contacts and FB can't force you to give up your
> Contacts.  That's one of the pillars of OpenID: choose your OP.  And yes,
> FB's auto-login feature works with any OP (not just Google, notwithstanding
> the blog posts implying otherwise), as long as that OP supports
> checkid_immediate, which most do.
>
> As far as Facebook being email address centric, I don't think that has been
> a blocker with Facebook becoming an RP at all.  And I'm looking forward to a
> future Facebook where email address is optional, and it comes automatically
> with OpenID if I say it should while logging in.
>
> --
> Andrew Arnott
> "I [may] not agree with what you have to say, but I'll defend to the death
> your right to say it." - S. G. Tallentyre
>
>
> On Mon, May 18, 2009 at 9:08 PM, Santosh Rajan <santrajan at gmail.com>wrote:
>
>>
>> I am seeing tweets and blog posts about Facebook support for OpenID. I had
>> already suggested in an earlier post that it is going to be a farce. And
>> that is what it exactly is.
>>
>> You see, I have always maintained that it is impossible for Web site's who
>> base their user identity on email addresses to support OpenID in the
>> current
>> form. And let me list out the problems with the so called Facebook OpenId
>> support.
>>
>> You can't log in into Facebook with your OpenID unless you are already
>> logged in to another OpenID provider. So if you fire up your browser and
>> go
>> straight to Facebook, sorry!
>>
>> You cannot create a Facebook account with OpenID. You need to create your
>> Facebook account with your email address, and then log in to your account,
>> and then go to settings, and then link your OpenID account.
>>
>> Ok, so I decided to link my Google Account. I found that I could not link
>> to
>> my Google Account without me handing over all my Google contacts! In other
>> words Google log in was useless for me.
>>
>> When I tried to log in with Yahoo and I got the famous Yahoo message
>> "Warning: This website has not confirmed its identity with Yahoo! and
>> might
>> be fraudulent. Do not share any personal information with this website
>> unless you are certain it is legitimate."
>>
>> And what I find most embarrassing is the so called "Openid evangelists"
>> going "gaga" over this release. Maybe it is "Facebook" so they better say
>> good things, no matter whatever they do.
>>
>> -----
>>
>> Santosh Rajan
>> http://santrajan.blogspot.com http://santrajan.blogspot.com
>> --
>> View this message in context:
>> http://www.nabble.com/Facebook-support-for-OpenID.-Where--tp23609450p23609450.html
>> Sent from the OpenID - General mailing list archive at Nabble.com.
>>
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090520/15f3797b/attachment.htm>