Even though everyone says Facebook is now an OpenID RP, I dont agree with that. What Facebook does is only grock the users browser login status, and logs the user in if he has delegated that provider to Facebook. It does not work in many cases and I am not impressed with their implementation, and have said as much in my earlier posts.
So what is it that is going to be of a concern for Google, Yahoo etc?
Whether by design or by accident, what really Facebook has done, is to become an OpenID discovery and delegation provider for all its users. ie. Facebook users can now point to their Openid provider and also indicate their prefered provider in case they have more than one. This is significant. Because the primary problem to be solved for OpenID is discovery and delegation, and Facebook does it for its users.
Now all Facebook has to do is "Switch On" OpenID for Facebook Connect and Voila! You have 250 million users ready with single sign on with Facebook Connect! Throw in 250 million verified email addresses for good measure. (I am not sure all these are verified, but I can say they did verify mine).
If major RP's are not already salivating at the prospects, then they will soon. And this is not really all that bad. If you don't mind Facebook being your centralized mechanism for OpenID discovery and if they are the closest you can get to one, then why not?
Now you know why Google, Yahoo etc need to be concerned. But there are other options. One is the OpenEmailID i have suggested in an earlier post, where the onus on discovery rests with the RP. An even better Option is the WebFinger protocol, where the onus on discovery lies with the email provider for email addresses as identities.
Whatever happens I think it is high time Google, Yahoo etc move ahead with providing discovery for their users.
The OpenID community must come to a concrete decision on which way they must go and go after their objective as fast as possible.
Posts
3 comments:
I can understand why you disagree with Facebooks implementation of OpenID, but from a design aspect it's the best implementation yet.
One issue with OpenID is that if your site pays alot of attention to design and the OpenID OP doesn't, your user gets caught in a bit of confusion.
So Facebooks implementation does a great job by not using that many things made by the OP.
My only problem is there is never a pop up or some sort of modal box to let me know when Facebook is logging in via OpenID.
The OpenID User Interface extension is addressing the UI issue. I think Facebook will also fix the automatic log in problem you mentioned. Many people have voiced their concerns.
Post a Comment