<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Book Antiqua";
panose-1:2 4 6 2 5 3 5 3 3 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple style='word-wrap: break-word;
-webkit-nbsp-mode: space;-webkit-line-break: after-white-space'>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>A few facts:<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Facebook Connect could have been built on top of OAuth.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Facebook did not participate in the Open Web Foundation launch –
Dave Morin was involved as an individual.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Facebook has been talking about their desire to open and learn
more about open specs for a year now, with nothing to show for it.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Facebook has been invited and engaged in conversations with the
community with nothing but a waste of time to show for it.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>---<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>The fact that on the same day they announce support for the OWF,
they also announce a product that is ignoring all the work done by this very
same community they claim to be supportive off, is to me, a mockery. I would be
happy to be proven wrong but for a year now seen nothing to make me believe it.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>EHL<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> general-bounces@openid.net
[mailto:general-bounces@openid.net] <b>On Behalf Of </b>Dick Hardt<br>
<b>Sent:</b> Friday, August 01, 2008 3:40 PM<br>
<b>To:</b> Paul Trevithick<br>
<b>Cc:</b> david@sixapart.com; OpenID<br>
<b>Subject:</b> Re: [OpenID] Musing on FaceBook, OpenID and the next mountain
to climb<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Hi Paul<o:p></o:p></p>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>While Facebook could take the silo approach, they are
interested in seeing how open standards could be used. They participated in the
Open Web Foundation launch and when I was at their office earlier this week,
they expressed serious interest in OpenID. See my blog post (which had to be
run by them as it was an NDA meeting).<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal><a href="http://identity20.com/?p=155">http://identity20.com/?p=155</a><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>Given the state of OpenID tech right now, I do not think it
could be used to solve what they wanted to solve in a way that would deliver
the clean user experience they desired -- but I would be happily proved wrong!
( I do think they could have used OAuth though)<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>As I mention in my post, this is an opportunity for the
community to work with Facebook. <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>Myself, I think the technology needs to be enhanced and
evolved so that it has features that Facebook Connect does not have in addition
to the existing features.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>If the community just sits back and says that all the bits
are there -- just use them -- then this community is no different from other
SSO communities that have told the creators of OpenID that they were
reinventing the wheel. <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>-- Dick<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
<div>
<div>
<p class=MsoNormal>On 1-Aug-08, at 2:09 PM, Paul Trevithick wrote:<o:p></o:p></p>
</div>
<p class=MsoNormal><br>
<br>
<o:p></o:p></p>
<div>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Book Antiqua","serif"'>The
problem is that this isn’t a technical issue. FB currently has no
business incentive to use open technologies that, among many other things,
would allow users to be able to retrieve and store their own profile data and
friends lists (as currently violates the FB TOS). They are still enjoying the
virtuous cycle of the closed mega silos: more users begets more users. OTOH FB
will open up if and when there’s a reason to do so. But for now, and for
a good while, I’d say FB isn’t a good prospect for open,
user-centric technologies.<br>
<br>
Paul<br>
<br>
On 8/1/08 3:28 PM, "Allen Tom" <<a href="atom@yahoo-inc.com">atom@yahoo-inc.com</a>>
wrote:<br>
<br>
<br>
</span><o:p></o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:11.0pt;
font-family:"Book Antiqua","serif"'>David Recordon wrote:<br>
> Is there really anything that Facebook did that couldn't be<br>
> accomplished with OpenID Authentication 2.0 and OpenID Attribute<br>
> Exchange?<br>
Facebook Connect has a nice set of libraries/apis that RPs can just drop<br>
in relatively easily on their site. The JS libraries implement much of<br>
the sign in flow (displaying inline sign-in forms as well as a<br>
permissions screen) which means that the FB Connect user experience is<br>
consistent across all RPs.<br>
<br>
They also seem to have implemented Single Sign Out, because signing out<br>
of FB seems to also sign you out of the RP.<br>
<br>
Additionally, FB Connect also authorizes the RP to write to the user's<br>
FB News Feed, so there's an authorization component as well. The<br>
authorization seems to expire when the browser session is closed, so<br>
it's not quite like OAuth.<br>
<br>
And finally, FB Connect requires that the RP pre-register with FB to get<br>
an api key which presumably allows FB to authenticate the RP, and also<br>
gives FB the ability block the RP if necessary.<br>
<br>
Unlike the OpenID/OAuth/AX services currently in the wild, the FB<br>
Connect stack is highly integrated, with built in privacy controls and a<br>
standard UI. But as you correctly stated, I believe most, if not all, of<br>
the stack could have been built upon open standards.<br>
<br>
Allen<br>
<br>
<br>
<br>
_______________________________________________<br>
general mailing list<br>
<a href="general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general">http://openid.net/mailman/listinfo/general</a></span><o:p></o:p></p>
</div>
<p class=MsoNormal>_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
http://openid.net/mailman/listinfo/general<o:p></o:p></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</div>
</body>
</html>