[OpenID] Facebook support for OpenID. Where?

Wed May 20 17:13:50 UTC 2009

Has Facebook made any concessions or promises about whether they leverage
their opportunity to scrape user data from all these .js HTTP GETs?  Maybe
they don't use it and it's no big deal to them to not have that source of
data.  It may be an innocent consequence of offering the .js on every page
of an RP.

(halo on head must assume good intentions everywhere. :-p)

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre

On Wed, May 20, 2009 at 9:36 AM, Peter Watkins <peterw at tux.org> wrote:

> On Tue, May 19, 2009 at 08:59:44PM -0700, Andrew Arnott wrote:
>
> > I haven't studied how Facebook Connect works.  Does it somehow offer more
> to
> > the IdP than OpenID does for OPs in terms of useful data then?
>
> Yes. In the traditional OpenID use case, an individual browses an RP site
> and the OP doesn't know anything about this browsing. The OP only has a
> clue
> about the browsing if/when the individual logs in with an identifier
> managed
> by the OP -- and even in that case, the OP probably doesn't know anything
> about the identity holder's activity on the RP site. Consider the Google
> OpenID setup where directed identity yields opaque identifiers that vary
> by return_to address -- chances are very good that every OP will see the
> same return_to URL for any given RP. So when I log in to Acme Newspaper
> with my Yahoo ID, Yahoo, as my OP, has no idea if I'm reading the business
> or sports section.
>
> Facebook Connect relies on RPs embedding <script> tags that reference
> facebook.com URLs. Typically, RPs who use Connect will embed those tags
> on all their pages -- so Facebook would know exactly what I was reading on
> the Acme Newspaper site, even if I never explicitly chose to "log in".
> Connect offers more than just a way to authenticate to RPs with a Facebook
> account -- that injected JS allows Facebook to add widgets to the RP site
> that allow the RP site to feel more integrated with Facebook. But there's
> definitely a privacy issue here.
>
> Microsoft would be ripped to shreds if it tried the same stuff that
> Facebook
> and Google have been pushing these last few years, offering RPs some
> benefit
> (either apparent benefit to individual users as with Facebook Connect and
> Google Friend Connect, or benefit solely to the RP, as with Google
> Analytics)
> in exchange for RPs providing data about individuals' behavior.
>
> -Peter
>
> > On Tue, May 19, 2009 at 6:33 PM, Peter Watkins <peterw at tux.org> wrote:
>
> > > I wonder if this means that Facebook might soon be willing to act as an
> OP.
> > > I suspect not -- the Connect "product" gives them another way to watch
> &
> > > learn
> > > as its users browse other web sites, and providing an open OP service
> would
> > > reduce the incentive for 3rd party sites to go with the full Connect
> setup.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090520/fa0a1e20/attachment.htm>