[OpenID] Facebook support for OpenID. Where?

John Panzer jpanzer at acm.org
Wed May 20 22:38:14 UTC 2009 

On Wed, May 20, 2009 at 8:42 AM, Chris Messina <chris.messina at gmail.com>wrote:

> On Wed, May 20, 2009 at 7:56 AM, Andrew Arnott <andrewarnott at gmail.com>wrote:
>
>> 2009/5/19 Santosh Rajan <santrajan at gmail.com>
>>
>>>
>>> That
>>> is why Facebook has not implemented OpenID for sign in and sign up.
>>> Because
>>> they cannot without an email address.
>>
>>
>> Really?  You say that sounding like you know.  Who have you heard this
>> from?  Be careful what you say as if you know.
>>
>
> Indeed. There are other usability issues that must be addressed for OpenID
> to show up on Facebook's homepage for account sign up for creation.
> FriendFeed has come the closest so far, and they've resorted to the NASCAR
> approach (the Google button launches the OpenID/OAuth hybrid flow):
>
> http://www.flickr.com/photos/factoryjoe/3526058220/
>
>
>
>> Technically speaking from a general perspective, I would say Facebook
>> could absolutely work without taking a user's email address, however as
>> Shade said perhaps their database schema assumes an email address as a
>> primary identifier.  Even so, an OpenID URL with an email address as an
>> attribute would certainly be adaptable by a database schema modeled after
>> that.
>>
>
> Could work technically, of course, but that's not the issue here, in the
> least.
>
> OpenID is a *social* technology and must be implemented beyond what's
> provided by the spec — that is, in a way that people who have never HEARD OF
> OpenID can use it. And in a way that doesn't break people's expectations —
> which is a hard thing to do, considering that the whole point of OpenID is
> to do exactly that.
>
> I think that over time, if we — as a community — can work with Facebook
> (and others) to provide tested models and user experiences for making OpenID
> more useful and understandable by regular folks, we'll see OpenID become
> more visible. But it's not a technical matter. And it's not about keying
> databases off of email addresses.
>
>
>>
>> Even if email addresses become a valid OpenID identifier, RPs will still
>> have to perform email verification.  It may be an optimized process, or it
>> may be *worse*. ... If on the other hand RPs choose to trust certain OPs'
>> email attribute assertions, the solution can be applied today and without
>> any special software or behavior on the end user's part.  And that's what
>> I'm advocating for.
>>
>
> This is something that has come up quite often. Just because you can login
> with an identifier that LOOKS like and email address doesn't mean that you
> can receive messages at that address.
>
> For example, user at domain.com might be how I gain FTP access to domain.com,
> as in user:password at domain.com <user%3Apassword at domain.com>. There may be
> no user at domain.com email address.
>
> user at domain.com may also simply be a Jabber ID, with no capacity to
> receive email messages.
>
> I think it's important to separate the form of the identifier from the
> function — just because it LOOKS like an email address doesn't mean that it
> is one.
>
> That said, for those cases where we're actually talking about a
> conventional email address, I think that emails are primarily useful for use
> in directed identity cases — where you lop off everything before the '@' and
> use the domain to perform discovery.
>
> We've talked about this for ages and even have a working prototype:
>
> http://emailtoid.net/
>
> ...and spec:
> http://eaut.org/
>
> and I wrote about this last June, so Santosh, sorry, but you're not the
> only one advocating for the use of email addresses in OpenID:
>
>
> http://factoryjoe.com/blog/2008/06/22/announcing-emailtoid-mapping-email-addresses-to-openids/
>
> ...it's really just a matter of making more progress on XRD/LRDD
> (discovery) — and then pushing forward with OpenID 2.1.
>
> It'll happen in due time.
>

Hoping to accelerate the progress on discovery (in general) via email
addresses; a whiteboard session from IIW today:

http://www.abstractioneer.org/2009/05/webfinger-white-board-at-iiw.html


>
> Chris
>
> --
> Chris Messina
> Open Web Advocate
>
> factoryjoe.com // diso-project.org // openid.net
> This email is:   [ ] bloggable    [X] ask first   [ ] private
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090520/4efca018/attachment.htm>

More information about the general mailing list