[OpenID] Facebook support for OpenID. Where?

Peter Watkins peterw at tux.org
Wed May 20 16:36:20 UTC 2009 

On Tue, May 19, 2009 at 08:59:44PM -0700, Andrew Arnott wrote:

> I haven't studied how Facebook Connect works.  Does it somehow offer more to
> the IdP than OpenID does for OPs in terms of useful data then?

Yes. In the traditional OpenID use case, an individual browses an RP site
and the OP doesn't know anything about this browsing. The OP only has a clue
about the browsing if/when the individual logs in with an identifier managed
by the OP -- and even in that case, the OP probably doesn't know anything 
about the identity holder's activity on the RP site. Consider the Google
OpenID setup where directed identity yields opaque identifiers that vary
by return_to address -- chances are very good that every OP will see the 
same return_to URL for any given RP. So when I log in to Acme Newspaper
with my Yahoo ID, Yahoo, as my OP, has no idea if I'm reading the business
or sports section.

Facebook Connect relies on RPs embedding <script> tags that reference
facebook.com URLs. Typically, RPs who use Connect will embed those tags
on all their pages -- so Facebook would know exactly what I was reading on
the Acme Newspaper site, even if I never explicitly chose to "log in".
Connect offers more than just a way to authenticate to RPs with a Facebook
account -- that injected JS allows Facebook to add widgets to the RP site
that allow the RP site to feel more integrated with Facebook. But there's
definitely a privacy issue here. 

Microsoft would be ripped to shreds if it tried the same stuff that Facebook
and Google have been pushing these last few years, offering RPs some benefit
(either apparent benefit to individual users as with Facebook Connect and
Google Friend Connect, or benefit solely to the RP, as with Google Analytics)
in exchange for RPs providing data about individuals' behavior.

-Peter

> On Tue, May 19, 2009 at 6:33 PM, Peter Watkins <peterw at tux.org> wrote:

> > I wonder if this means that Facebook might soon be willing to act as an OP.
> > I suspect not -- the Connect "product" gives them another way to watch &
> > learn
> > as its users browse other web sites, and providing an open OP service would
> > reduce the incentive for 3rd party sites to go with the full Connect setup.

More information about the general mailing list