<HTML>
<HEAD>
<TITLE>Re: [OpenID] Musing on FaceBook, OpenID and the next mountain to climb</TITLE>
</HEAD>
<BODY>
<FONT FACE="Book Antiqua"><SPAN STYLE='font-size:11pt'>The problem is that this isn’t a technical issue. FB currently has no business incentive to use open technologies that, among many other things, would allow users to be able to retrieve and store their own profile data and friends lists (as currently violates the FB TOS). They are still enjoying the virtuous cycle of the closed mega silos: more users begets more users. OTOH FB will open up if and when there’s a reason to do so. But for now, and for a good while, I’d say FB isn’t a good prospect for open, user-centric technologies.<BR>
<BR>
Paul<BR>
<BR>
On 8/1/08 3:28 PM, "Allen Tom" <<a href="atom@yahoo-inc.com">atom@yahoo-inc.com</a>> wrote:<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Book Antiqua"><SPAN STYLE='font-size:11pt'>David Recordon wrote:<BR>
> Is there really anything that Facebook did that couldn't be<BR>
> accomplished with OpenID Authentication 2.0 and OpenID Attribute<BR>
> Exchange?<BR>
Facebook Connect has a nice set of libraries/apis that RPs can just drop<BR>
in relatively easily on their site. The JS libraries implement much of<BR>
the sign in flow (displaying inline sign-in forms as well as a<BR>
permissions screen) which means that the FB Connect user experience is<BR>
consistent across all RPs.<BR>
<BR>
They also seem to have implemented Single Sign Out, because signing out<BR>
of FB seems to also sign you out of the RP.<BR>
<BR>
Additionally, FB Connect also authorizes the RP to write to the user's<BR>
FB News Feed, so there's an authorization component as well. The<BR>
authorization seems to expire when the browser session is closed, so<BR>
it's not quite like OAuth.<BR>
<BR>
And finally, FB Connect requires that the RP pre-register with FB to get<BR>
an api key which presumably allows FB to authenticate the RP, and also<BR>
gives FB the ability block the RP if necessary.<BR>
<BR>
Unlike the OpenID/OAuth/AX services currently in the wild, the FB<BR>
Connect stack is highly integrated, with built in privacy controls and a<BR>
standard UI. But as you correctly stated, I believe most, if not all, of<BR>
the stack could have been built upon open standards.<BR>
<BR>
Allen<BR>
<BR>
<BR>
<BR>
_______________________________________________<BR>
general mailing list<BR>
<a href="general@openid.net">general@openid.net</a><BR>
<a href="http://openid.net/mailman/listinfo/general">http://openid.net/mailman/listinfo/general</a><BR>
<BR>
</SPAN></FONT></BLOCKQUOTE>
</BODY>
</HTML>