Ok, I could buy all of your arguments except the email address one. I know this is your soapbox, and I'm not interested in discussing it any more. But having an email address for an OpenID is not at all required for a reasonable login experience at Facebook. There are many many OpenID RPs that are good examples of how an OpenID <i>today</i>, with an <i>optional</i> or <i>required</i> email address <i>works already</i>. Using an email address for an OpenID does <i>nothing magical</i>. Can you get off this soapbox already?<br>
<br clear="all">--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre<br>
<br><br><div class="gmail_quote">On Tue, May 19, 2009 at 7:30 PM, Santosh Rajan <span dir="ltr"><<a href="mailto:santrajan@gmail.com">santrajan@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im"><span style="border-collapse: collapse;">Andrew,<div>This is not only a farce, unfortunately it is also extremely bad news for OpenID.</div><div>1) Requiring one ID (Facebook ID) to use another ID (OpenID) is ridiculous to say the least. It is going to give a wrong impression about OpenID to all the Facebook users.</div>
<div>2) It will also give an impression that OpenID is something for accessing users data from another provider. Really this is the work of OAuth. </div><div>3) It gives the impression that OpenID is something like "twitter ID" which it is not. Again this is OAuth domain.</div>
<div>4) What impression do you think this is going to give potential RP's? Are you going to show Facebook as a great example of OpenID implementation?</div><div><br></div><div>I am not buying the argument that this is only a trial phase etc. If they really wanted to try OpenID they should have tried a beta for limited users. That is what most RP's do. If anything this will thoroughly confuse everybody about what OpenID is. This is going to cause more damage to OpenID than anything constructive.</div>
<div><br></div><div>I beleive OpenID MUST be on the users "log in" page and not buried somewhere in his "settings" page. I have already said many many times that RP's like these cannot implement OpenID correctly without an email address. But at the same time I dont want RP's to go ahead and implement something half baked and give the wrong impression to everybody. And Facebook implementation is going to remain more or less like this until the day emails are accepted as OpenID's.</div>
</span><br></div><div class="gmail_quote"><div class="im">On Wed, May 20, 2009 at 7:04 AM, Andrew Arnott <span dir="ltr"><<a href="mailto:andrewarnott@gmail.com" target="_blank">andrewarnott@gmail.com</a>></span> wrote:<br>
</div><div><div></div><div class="h5"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Santosh,<br><br>This isn't a farce at all, IMO. Facebook is a very big web site and they're rolling out OpenID RP support slowly. Right now their UI has experienced almost 0 change and yet they're able to start collecting data without intruding on the users who don't know what OpenID is. As they collect usage data and test interoperability with various OPs, they gain confidence that they can add some UI to the login and account creation pages so that eventually a password will no longer be required to create an account. <br>
<br>I think it's a perfectly reasonable first step.<br><br>I don't like that Facebook requires access to my Contacts to hook up with Google. But if you don't like that, type in your own OpenID that is from an OP that doesn't have contacts and FB can't force you to give up your Contacts. That's one of the pillars of OpenID: choose your OP. And yes, FB's auto-login feature works with any OP (not just Google, notwithstanding the blog posts implying otherwise), as long as that OP supports checkid_immediate, which most do.<br>
<br>As far as Facebook being email address centric, I don't think that has been a blocker with Facebook becoming an RP at all. And I'm looking forward to a future Facebook where email address is optional, and it comes automatically with OpenID if I say it should while logging in.<br>
<br clear="all">--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre<br>
<br><br><div class="gmail_quote">On Mon, May 18, 2009 at 9:08 PM, Santosh Rajan <span dir="ltr"><<a href="mailto:santrajan@gmail.com" target="_blank">santrajan@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
I am seeing tweets and blog posts about Facebook support for OpenID. I had<br>
already suggested in an earlier post that it is going to be a farce. And<br>
that is what it exactly is.<br>
<br>
You see, I have always maintained that it is impossible for Web site's who<br>
base their user identity on email addresses to support OpenID in the current<br>
form. And let me list out the problems with the so called Facebook OpenId<br>
support.<div><br>
<br>
You can't log in into Facebook with your OpenID unless you are already<br>
logged in to another OpenID provider. So if you fire up your browser and go<br>
straight to Facebook, sorry!<br>
<br></div>
You cannot create a Facebook account with OpenID. You need to create your<br>
Facebook account with your email address, and then log in to your account,<br>
and then go to settings, and then link your OpenID account.<div><br>
<br>
Ok, so I decided to link my Google Account. I found that I could not link to<br></div>
my Google Account without me handing over all my Google contacts! In other<br>
words Google log in was useless for me.<div><br>
<br>
When I tried to log in with Yahoo and I got the famous Yahoo message<br>
"Warning: This website has not confirmed its identity with Yahoo! and might<br>
be fraudulent. Do not share any personal information with this website<br>
unless you are certain it is legitimate."<br>
<br></div>
And what I find most embarrassing is the so called "Openid evangelists"<br>
going "gaga" over this release. Maybe it is "Facebook" so they better say<br>
good things, no matter whatever they do.<br>
<br>
-----<br>
<br>
Santosh Rajan<br>
<a href="http://santrajan.blogspot.com" target="_blank">http://santrajan.blogspot.com</a> <a href="http://santrajan.blogspot.com" target="_blank">http://santrajan.blogspot.com</a><br>
<font color="#888888">--<br>
View this message in context: <a href="http://www.nabble.com/Facebook-support-for-OpenID.-Where--tp23609450p23609450.html" target="_blank">http://www.nabble.com/Facebook-support-for-OpenID.-Where--tp23609450p23609450.html</a><br>
Sent from the OpenID - General mailing list archive at Nabble.com.<br>
<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net" target="_blank">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</font></blockquote></div><br>
</blockquote></div></div></div><br>
</blockquote></div><br>