Friday, July 13, 2007

Facebook for Single Sign On

Jeremiah runs an excellent blog and a few week back he added a great post on "Web Strategy Predictions: Facebook, Identity, Social Networks".

I was reminding of this by a recent twitter post (it hurts calling it a "tweet"!!):

I predict that Facebook will release an "Identity/Login widget" and will
overtake Open ID, why? Consumers rule, and Open ID is too geeky

I don't really agree that FB will overtake OpenID and then become some kind of central identity or authentication mechanism. Something we already have seen tried with MS Passport (where Jeremiah sites the trust issues with MS).

Now, i'm not specifically referring to OpenID [ i approached Scottish Enterprise way back in 1998 about an open approach something open, but similarto MS Passport ] so i'm talking about a general authentication mechanism for the web if you like...

My reasons are:

1. This should be a service. My view is that companies providing and managing this kind of data should be a service which doesn't directly conflict with half it's customer base. If you offer identity and then a bunch of web apps and api's, then it makes it harder to convice others that you won't simply lock them out by stopping them accessing the data you hold (even if it came via that site in the first place).

Ironically, this Twitter post from VC Fred Wilson was quotes Mark Zuckerberg, founder of Facebook:

'being a tech company means you aspire to be a platform, a layer in the stack
that others can build on'

Yes! But i can't see that happening when you ARE the stack. Facebook is cool, but we need to be careful what constitutes an identity service layer. Do we want to mix that (would TCP/IP work as well if it was the OSI model, rather than two layers within it)?

2. FB is a commercial company with fingers in many pies - other companies will not just hand them their most important data. It's going to be hard enough for OpenID providers to accomplish this - but at least they are somewhat independent. I already talked about FSBSoftware who were told to remove their sychronization application..... the user should be the one who controls their own data and where it sits.

3. Decentralization. There are too many scenarios in the real world where you, or a company you work for doesn't want to use an external site. OpenID means writing your code once and interacting with external bodies easier.

I also don't think OpenID is too geeky, but that's kinda like me saying that Scotland or Chile are brilliant places to go holiday.... but a username, password and email are all you need.