[OpenID] Facebook support for OpenID. Where?

Wed May 20 05:17:46 UTC 2009

You're right, Santosh.  And I apologize.  You have a right to express your
views just as I do.

I guess the reason it's frustrating to read your arguments regarding email
addresses is that they're unconvincing.  You keep coming back to one of two
arguments, it seems:
1) until email addresses are OpenIDs, OpenID is useless, OR
2) until email addresses are guaranteed to be included in an OpenID login
for an RP, OpenID is worthless.

You hit these two points *really* hard, but I have yet to see a valid
argument to back up either of these arguments.  There are totally
legitimate, useful and *successful *RPs that either *really* don't want your
email address, or could take it or leave it based on the user's preference.
That by itself proves both your points as wrong.  Email addresses are
*not*the end-all of identifiers, and they are not always needed or
even wanted.

We *can* agree on the point that many RPs *do* want email addresses.  And I
am *for* enhancing OpenID extensions to be more explicit in their specs
about how RPs can indicate their requirement for email addresses during
login at the OP.  And I believe this would solve the problem you're seeing.
But these are merely extensions to OpenID.  OpenID as an authentication
mechanism itself is sound, IMO.

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre

On Tue, May 19, 2009 at 9:48 PM, Santosh Rajan <santrajan at gmail.com> wrote:

>
> Why should I get off the email soapbox? Please remember I am the only one
> promoting the email case here. That is why it looks like a "soapbox" to
> you.
> If there were others promoting emails here I wouldn't have to be on the
> soapbox at all. The people who support emails dont seem to want to express
> their views here. You may not agree with my views, or I may not succeed to
> convince you, but I thing it is unfair for you to suggest that I should not
> express my views here.
>
>
> Andrew Arnott wrote:
> >
> > Ok, I could buy all of your arguments except the email address one.  I
> > know
> > this is your soapbox, and I'm not interested in discussing it any more.
> > But
> > having an email address for an OpenID is not at all required for a
> > reasonable login experience at Facebook.  There are many many OpenID RPs
> > that are good examples of how an OpenID *today*, with an *optional* or *
> > required* email address *works already*.  Using an email address for an
> > OpenID does *nothing magical*.  Can you get off this soapbox already?
> >
> > --
> > Andrew Arnott
> > "I [may] not agree with what you have to say, but I'll defend to the
> death
> > your right to say it." - S. G. Tallentyre
> >
> >
> > On Tue, May 19, 2009 at 7:30 PM, Santosh Rajan <santrajan at gmail.com>
> > wrote:
> >
> >> Andrew,This is not only a farce, unfortunately it is also extremely bad
> >> news for OpenID.
> >> 1) Requiring one ID (Facebook ID) to use another ID (OpenID) is
> >> ridiculous
> >> to say the least. It is going to give a wrong impression about OpenID to
> >> all
> >> the Facebook users.
> >> 2) It will also give an impression that OpenID is something for
> accessing
> >> users data from another provider. Really this is the work of OAuth.
> >> 3) It gives the impression that OpenID is something like "twitter ID"
> >> which
> >> it is not. Again this is OAuth domain.
> >> 4) What impression do you think this is going to give potential RP's?
> Are
> >> you going to show Facebook as a great example of OpenID implementation?
> >>
> >> I am not buying the argument that this is only a trial phase etc. If
> they
> >> really wanted to try OpenID they should have tried a beta for limited
> >> users.
> >> That is what most RP's do. If anything this will thoroughly confuse
> >> everybody about what OpenID is. This is going to cause more damage to
> >> OpenID
> >> than anything constructive.
> >>
> >> I beleive OpenID MUST be on the users "log in" page and not buried
> >> somewhere in his "settings" page. I have already said many many times
> >> that
> >> RP's like these cannot implement OpenID correctly without an email
> >> address.
> >> But at the same time I dont want RP's to go ahead and implement
> something
> >> half baked and give the wrong impression to everybody. And Facebook
> >> implementation is going to remain more or less like this until the day
> >> emails are accepted as OpenID's.
> >>
> >> On Wed, May 20, 2009 at 7:04 AM, Andrew Arnott
> >> <andrewarnott at gmail.com>wrote:
> >>
> >>> Santosh,
> >>>
> >>> This isn't a farce at all, IMO.  Facebook is a very big web site and
> >>> they're rolling out OpenID RP support slowly.  Right now their UI has
> >>> experienced almost 0 change and yet they're able to start collecting
> >>> data
> >>> without intruding on the users who don't know what OpenID is.  As they
> >>> collect usage data and test interoperability with various OPs, they
> gain
> >>> confidence that they can add some UI to the login and account creation
> >>> pages
> >>> so that eventually a password will no longer be required to create an
> >>> account.
> >>>
> >>> I think it's a perfectly reasonable first step.
> >>>
> >>> I don't like that Facebook requires access to my Contacts to hook up
> >>> with
> >>> Google.  But if you don't like that, type in your own OpenID that is
> >>> from an
> >>> OP that doesn't have contacts and FB can't force you to give up your
> >>> Contacts.  That's one of the pillars of OpenID: choose your OP.  And
> >>> yes,
> >>> FB's auto-login feature works with any OP (not just Google,
> >>> notwithstanding
> >>> the blog posts implying otherwise), as long as that OP supports
> >>> checkid_immediate, which most do.
> >>>
> >>> As far as Facebook being email address centric, I don't think that has
> >>> been a blocker with Facebook becoming an RP at all.  And I'm looking
> >>> forward
> >>> to a future Facebook where email address is optional, and it comes
> >>> automatically with OpenID if I say it should while logging in.
> >>>
> >>> --
> >>> Andrew Arnott
> >>> "I [may] not agree with what you have to say, but I'll defend to the
> >>> death
> >>> your right to say it." - S. G. Tallentyre
> >>>
> >>>
> >>> On Mon, May 18, 2009 at 9:08 PM, Santosh Rajan
> >>> <santrajan at gmail.com>wrote:
> >>>
> >>>>
> >>>> I am seeing tweets and blog posts about Facebook support for OpenID. I
> >>>> had
> >>>> already suggested in an earlier post that it is going to be a farce.
> >>>> And
> >>>> that is what it exactly is.
> >>>>
> >>>> You see, I have always maintained that it is impossible for Web site's
> >>>> who
> >>>> base their user identity on email addresses to support OpenID in the
> >>>> current
> >>>> form. And let me list out the problems with the so called Facebook
> >>>> OpenId
> >>>> support.
> >>>>
> >>>> You can't log in into Facebook with your OpenID unless you are already
> >>>> logged in to another OpenID provider. So if you fire up your browser
> >>>> and
> >>>> go
> >>>> straight to Facebook, sorry!
> >>>>
> >>>> You cannot create a Facebook account with OpenID. You need to create
> >>>> your
> >>>> Facebook account with your email address, and then log in to your
> >>>> account,
> >>>> and then go to settings, and then link your OpenID account.
> >>>>
> >>>> Ok, so I decided to link my Google Account. I found that I could not
> >>>> link
> >>>> to
> >>>> my Google Account without me handing over all my Google contacts! In
> >>>> other
> >>>> words Google log in was useless for me.
> >>>>
> >>>> When I tried to log in with Yahoo and I got the famous Yahoo message
> >>>> "Warning: This website has not confirmed its identity with Yahoo! and
> >>>> might
> >>>> be fraudulent. Do not share any personal information with this website
> >>>> unless you are certain it is legitimate."
> >>>>
> >>>> And what I find most embarrassing is the so called "Openid
> evangelists"
> >>>> going "gaga" over this release. Maybe it is "Facebook" so they better
> >>>> say
> >>>> good things, no matter whatever they do.
> >>>>
> >>>> -----
> >>>>
> >>>> Santosh Rajan
> >>>> http://santrajan.blogspot.com http://santrajan.blogspot.com
> >>>> --
> >>>> View this message in context:
> >>>>
> http://www.nabble.com/Facebook-support-for-OpenID.-Where--tp23609450p23609450.html
> >>>> Sent from the OpenID - General mailing list archive at Nabble.com.
> >>>>
> >>>> _______________________________________________
> >>>> general mailing list
> >>>> general at openid.net
> >>>> http://openid.net/mailman/listinfo/general
> >>>>
> >>>
> >>>
> >>
> >
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
> >
> >
>
>
> -----
>
> Santosh Rajan
> http://santrajan.blogspot.com http://santrajan.blogspot.com
> --
> View this message in context:
> http://www.nabble.com/Facebook-support-for-OpenID.-Where--tp23609450p23628947.html
> Sent from the OpenID - General mailing list archive at Nabble.com.
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090519/480c0ba3/attachment.htm>