[OpenID] Facebook support for OpenID. Where?

Santosh Rajan santrajan at gmail.com
Wed May 20 05:59:31 UTC 2009 

I must apologize if I came through as suggesting that OpenID is "useless" or
"worthless" without an email address. I think I may have pushed my argument
too hard. What I really was trying to say was the following.
If OpenID has to be universally accepted as an identity mechanism, it has to
accept emails as identifiers, without which it will not be "universally"
adopted. 
OpenID is already usefull and worthwhile for many sites now like blogs,
forum etc where the sites want to attach an identity to a user instead of
"anonymous", but at the same time can do without a verified email address.
Also sites that use user names as logins can easily integrate OpenID. They
may ask the user to verify an email address but that does not affect OpenID.
The problem is for sites that "use" email addresses as Identities, or
require verified email addresses. Here implementing OpenID in the current
form is not practical without including email addresses as identifiers. That
is why Facebook has not implemented OpenID for sign in and sign up. Because
they cannot without an email address.
And to make OpenID truly "universal", we need to somehow include email
addresses into the scheme of things. I am open to how it can be done. I am
only pushing for it to be done and soon.

Andrew Arnott wrote:
> 
> You're right, Santosh.  And I apologize.  You have a right to express your
> views just as I do.
> 
> I guess the reason it's frustrating to read your arguments regarding email
> addresses is that they're unconvincing.  You keep coming back to one of
> two
> arguments, it seems:
> 1) until email addresses are OpenIDs, OpenID is useless, OR
> 2) until email addresses are guaranteed to be included in an OpenID login
> for an RP, OpenID is worthless.
> 
> You hit these two points *really* hard, but I have yet to see a valid
> argument to back up either of these arguments.  There are totally
> legitimate, useful and *successful *RPs that either *really* don't want
> your
> email address, or could take it or leave it based on the user's
> preference.
> That by itself proves both your points as wrong.  Email addresses are
> *not*the end-all of identifiers, and they are not always needed or
> even wanted.
> 
> We *can* agree on the point that many RPs *do* want email addresses.  And
> I
> am *for* enhancing OpenID extensions to be more explicit in their specs
> about how RPs can indicate their requirement for email addresses during
> login at the OP.  And I believe this would solve the problem you're
> seeing.
> But these are merely extensions to OpenID.  OpenID as an authentication
> mechanism itself is sound, IMO.
> 
> --
> Andrew Arnott
> "I [may] not agree with what you have to say, but I'll defend to the death
> your right to say it." - S. G. Tallentyre
> 
> 
> On Tue, May 19, 2009 at 9:48 PM, Santosh Rajan <santrajan at gmail.com>
> wrote:
> 
>>
>> Why should I get off the email soapbox? Please remember I am the only one
>> promoting the email case here. That is why it looks like a "soapbox" to
>> you.
>> If there were others promoting emails here I wouldn't have to be on the
>> soapbox at all. The people who support emails dont seem to want to
>> express
>> their views here. You may not agree with my views, or I may not succeed
>> to
>> convince you, but I thing it is unfair for you to suggest that I should
>> not
>> express my views here.
>>
>>
>> Andrew Arnott wrote:
>> >
>> > Ok, I could buy all of your arguments except the email address one.  I
>> > know
>> > this is your soapbox, and I'm not interested in discussing it any more.
>> > But
>> > having an email address for an OpenID is not at all required for a
>> > reasonable login experience at Facebook.  There are many many OpenID
>> RPs
>> > that are good examples of how an OpenID *today*, with an *optional* or
>> *
>> > required* email address *works already*.  Using an email address for an
>> > OpenID does *nothing magical*.  Can you get off this soapbox already?
>> >
>> > --
>> > Andrew Arnott
>> > "I [may] not agree with what you have to say, but I'll defend to the
>> death
>> > your right to say it." - S. G. Tallentyre
>> >
>> >
>> > On Tue, May 19, 2009 at 7:30 PM, Santosh Rajan <santrajan at gmail.com>
>> > wrote:
>> >
>> >> Andrew,This is not only a farce, unfortunately it is also extremely
>> bad
>> >> news for OpenID.
>> >> 1) Requiring one ID (Facebook ID) to use another ID (OpenID) is
>> >> ridiculous
>> >> to say the least. It is going to give a wrong impression about OpenID
>> to
>> >> all
>> >> the Facebook users.
>> >> 2) It will also give an impression that OpenID is something for
>> accessing
>> >> users data from another provider. Really this is the work of OAuth.
>> >> 3) It gives the impression that OpenID is something like "twitter ID"
>> >> which
>> >> it is not. Again this is OAuth domain.
>> >> 4) What impression do you think this is going to give potential RP's?
>> Are
>> >> you going to show Facebook as a great example of OpenID
>> implementation?
>> >>
>> >> I am not buying the argument that this is only a trial phase etc. If
>> they
>> >> really wanted to try OpenID they should have tried a beta for limited
>> >> users.
>> >> That is what most RP's do. If anything this will thoroughly confuse
>> >> everybody about what OpenID is. This is going to cause more damage to
>> >> OpenID
>> >> than anything constructive.
>> >>
>> >> I beleive OpenID MUST be on the users "log in" page and not buried
>> >> somewhere in his "settings" page. I have already said many many times
>> >> that
>> >> RP's like these cannot implement OpenID correctly without an email
>> >> address.
>> >> But at the same time I dont want RP's to go ahead and implement
>> something
>> >> half baked and give the wrong impression to everybody. And Facebook
>> >> implementation is going to remain more or less like this until the day
>> >> emails are accepted as OpenID's.
>> >>
>> >> On Wed, May 20, 2009 at 7:04 AM, Andrew Arnott
>> >> <andrewarnott at gmail.com>wrote:
>> >>
>> >>> Santosh,
>> >>>
>> >>> This isn't a farce at all, IMO.  Facebook is a very big web site and
>> >>> they're rolling out OpenID RP support slowly.  Right now their UI has
>> >>> experienced almost 0 change and yet they're able to start collecting
>> >>> data
>> >>> without intruding on the users who don't know what OpenID is.  As
>> they
>> >>> collect usage data and test interoperability with various OPs, they
>> gain
>> >>> confidence that they can add some UI to the login and account
>> creation
>> >>> pages
>> >>> so that eventually a password will no longer be required to create an
>> >>> account.
>> >>>
>> >>> I think it's a perfectly reasonable first step.
>> >>>
>> >>> I don't like that Facebook requires access to my Contacts to hook up
>> >>> with
>> >>> Google.  But if you don't like that, type in your own OpenID that is
>> >>> from an
>> >>> OP that doesn't have contacts and FB can't force you to give up your
>> >>> Contacts.  That's one of the pillars of OpenID: choose your OP.  And
>> >>> yes,
>> >>> FB's auto-login feature works with any OP (not just Google,
>> >>> notwithstanding
>> >>> the blog posts implying otherwise), as long as that OP supports
>> >>> checkid_immediate, which most do.
>> >>>
>> >>> As far as Facebook being email address centric, I don't think that
>> has
>> >>> been a blocker with Facebook becoming an RP at all.  And I'm looking
>> >>> forward
>> >>> to a future Facebook where email address is optional, and it comes
>> >>> automatically with OpenID if I say it should while logging in.
>> >>>
>> >>> --
>> >>> Andrew Arnott
>> >>> "I [may] not agree with what you have to say, but I'll defend to the
>> >>> death
>> >>> your right to say it." - S. G. Tallentyre
>> >>>
>> >>>
>> >>> On Mon, May 18, 2009 at 9:08 PM, Santosh Rajan
>> >>> <santrajan at gmail.com>wrote:
>> >>>
>> >>>>
>> >>>> I am seeing tweets and blog posts about Facebook support for OpenID.
>> I
>> >>>> had
>> >>>> already suggested in an earlier post that it is going to be a farce.
>> >>>> And
>> >>>> that is what it exactly is.
>> >>>>
>> >>>> You see, I have always maintained that it is impossible for Web
>> site's
>> >>>> who
>> >>>> base their user identity on email addresses to support OpenID in the
>> >>>> current
>> >>>> form. And let me list out the problems with the so called Facebook
>> >>>> OpenId
>> >>>> support.
>> >>>>
>> >>>> You can't log in into Facebook with your OpenID unless you are
>> already
>> >>>> logged in to another OpenID provider. So if you fire up your browser
>> >>>> and
>> >>>> go
>> >>>> straight to Facebook, sorry!
>> >>>>
>> >>>> You cannot create a Facebook account with OpenID. You need to create
>> >>>> your
>> >>>> Facebook account with your email address, and then log in to your
>> >>>> account,
>> >>>> and then go to settings, and then link your OpenID account.
>> >>>>
>> >>>> Ok, so I decided to link my Google Account. I found that I could not
>> >>>> link
>> >>>> to
>> >>>> my Google Account without me handing over all my Google contacts! In
>> >>>> other
>> >>>> words Google log in was useless for me.
>> >>>>
>> >>>> When I tried to log in with Yahoo and I got the famous Yahoo message
>> >>>> "Warning: This website has not confirmed its identity with Yahoo!
>> and
>> >>>> might
>> >>>> be fraudulent. Do not share any personal information with this
>> website
>> >>>> unless you are certain it is legitimate."
>> >>>>
>> >>>> And what I find most embarrassing is the so called "Openid
>> evangelists"
>> >>>> going "gaga" over this release. Maybe it is "Facebook" so they
>> better
>> >>>> say
>> >>>> good things, no matter whatever they do.
>> >>>>
>> >>>> -----
>> >>>>
>> >>>> Santosh Rajan
>> >>>> http://santrajan.blogspot.com http://santrajan.blogspot.com
>> >>>> --
>> >>>> View this message in context:
>> >>>>
>> http://www.nabble.com/Facebook-support-for-OpenID.-Where--tp23609450p23609450.html
>> >>>> Sent from the OpenID - General mailing list archive at Nabble.com.
>> >>>>
>> >>>> _______________________________________________
>> >>>> general mailing list
>> >>>> general at openid.net
>> >>>> http://openid.net/mailman/listinfo/general
>> >>>>
>> >>>
>> >>>
>> >>
>> >
>> > _______________________________________________
>> > general mailing list
>> > general at openid.net
>> > http://openid.net/mailman/listinfo/general
>> >
>> >
>>
>>
>> -----
>>
>> Santosh Rajan
>> http://santrajan.blogspot.com http://santrajan.blogspot.com
>> --
>> View this message in context:
>> http://www.nabble.com/Facebook-support-for-OpenID.-Where--tp23609450p23628947.html
>> Sent from the OpenID - General mailing list archive at Nabble.com.
>>
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>
> 
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
> 
> 


-----

Santosh Rajan
http://santrajan.blogspot.com http://santrajan.blogspot.com 
-- 
View this message in context: http://www.nabble.com/Facebook-support-for-OpenID.-Where--tp23609450p23629475.html
Sent from the OpenID - General mailing list archive at Nabble.com.

More information about the general mailing list