Facebook Connect, the system the company has long discussed as "Facebook on sites all around the web," enters general availability today and we've got one big question - should website owners use Facebook or OpenID to authenticate and learn about their users? Will Facebook become a dominant identifier online? Will the OpenID community lose out to the company's proprietary system or will this challenge breathe new life into the movement for open source, standards based, federated user identity?
Open Source vs. Proprietary technology isn't just about desktop software anymore - now it's about our identities and social connections, all around the web. We've published a mind map below displaying our understanding of the contrasts between these two identity systems. If you'd like to add our thoughts to that map, you can.
This battle isn't about "single sign-on" - it's about the payload that comes with it (friend networks, personal data, maybe more), it's about the developer communities, usability and ownership. It's very important to the future of our user experience online and it's a fascinating study in contrasts.
The mind map above illustrates our understanding of the relative merits of these two leading identity solutions. We thought it was an effective way of discussing a complex situation succinctly. We created it collaboratively using MindMeister. (disclosure: Mindmeister is a recent RWW sponsor)
We haven't drawn a conclusion yet about who we think will win. We like Facebook Connect, but we like OpenID better. We're cheering for both, but louder for the open source, open standard solution. We think Facebook's odds are better, but perhaps the OpenID community will rise to the challenge now that it has such a formidable competitor.
Do you think we've missed anything really important? If so, feel free to edit the mind map on this page: Identity: FB Connect vs. OpenID (You'll need a MindMeister account to do so.) Below you can see a click and drag embedded display of the latest state of this map that our readers have updated with their thoughts. You can see it full screen here. Update: A big thank you to the several of you who have gone in and made changes! That's awesome!
Facebook Connect vs. OpenID is going to be a big decision that every website owner should consider. What do you think the relative strengths and weaknesses of the two systems are?
Thanks to the Vidoop crew for the conversation this morning that inspired this post.
See also: What if Amazon and iTunes Implemented Facebook Connect?
TrackBack URL for this entry: http://www.readwriteweb.com/cgi-bin/mt/mt-tb.cgi/9259
Comments
Subscribe to comments for this post OR Subscribe to comments for all Read/WriteWeb posts
One of the things that bothers me about Facebook Connect is that it links to my Facebook profile. I can't link it to my blog, a contact page, or a social network I like more. With OpenID, I can setup my blog to point to my OpenID provider. It might not seem like a big deal, but really -- Facebook is the place I least want to see other people that found me through commenting on some website (or that found me from logging into some website with FB Connect). I'd much rather have the power over where my profile (or comment) link goes, especially since most people will just see a picture and my name on a Facebook results page, if they click through.
Just my 2c. :)
Posted by: Chris Thomson | December 4, 2008 1:18 PM
Chris - agreed. This kind of sentiment is expressed in part, we hope, by the mention of "single persona" for Facebook in the mind map. That's not really a strength, though, as you point out it can be a real problem.
Posted by: Marshall Kirkpatrick
|
December 4, 2008 1:21 PM
Nice read. Personally I think there is room enough for both, as long as they are easily supported by the hosting website and the social capital that each provide is diverse enough.
I'll tell you though, as many MyBlogLog widgets as I see around the web, they are really missing the boat by not offering a similar setup. It would be so cool if that Widget transformed this comment area so I didn't have to login.
Posted by: Malcolm Lloyd | December 4, 2008 1:24 PM
Great distinction w/r/t the value-shift away from SSO and toward the profile 'payload' that comes with it.
We've been working with the Facebook Connect Beta for awhile now, and have been wrestling with what might be another branch on the mind-map: "Impact on Business Value Creation".
Especially when working with start-ups that want to leverage FB Connect, we have found trade-offs between the 'social accelerators' that FB Connect can provide vs. the limitations it may place on a company's ability to build (and own) it's own community, user profile assets, etc.
We find that being loosely (or tightly) coupled to Facebook is great for some value-creation models, but can be limiting for others.
Posted by: Kevin Tate | December 4, 2008 1:31 PM
1. Agree with Chris T.; I don't want to point the whole world to my Facebook page. Facebook is pretty much just fun for me, not professional.
2. How about security? I feel a lot more secure using my MyVidoop OpenID than I would with my Facebook account (secured only by text username and password).
Posted by: Kathleen McDade | December 4, 2008 1:44 PM
Facebook having your identity...what a scary thought. I leave sites so I cannot e found, the last thing I want is to be tracked around the web, and then have it fed back to my feed...this is madness!!!
Any serious site looking for user engagement is silly to use Facebook connect Why would anyone forfeit a user for more “engagement” whatever that marketing?PR jumble means. Bloggers spent all of 2007/2008 talking up user acquisition and now sites are going to just give up on user acquisition so they could get more “engagement”; screw that, a user is a user, period!
Businesses, blogs, and everyone else should NEVER EVER build a user focused business on the back of Facebook…it is just poor business! Let Facebook figure out on their own how to keep users in their clutches and make money, don’t do it for them. It is a true bait and switch going on here
Posted by: james | December 4, 2008 1:49 PM
as a developer i lean towards more open platforms. i'd love to see openid take off, but like most of google's "platforms", people are slow to adopt (e.g. gears, android). facebook has the advantage right now as it's somewhat of a marketing buzz word -- "we wanna be on facebook!". initially business will flock to the market with the highest numbers. but in the long term i think openid will be a more stable solution.
odd, a world without facebook? perhaps in the future we'll hear people speak less about their facebook page/myspace page and more generally about their "openid" -- an openid simply referring to your online social presence.
Posted by: Chris Eigner | December 4, 2008 2:31 PM
Surely you're not comparing the right things here? At the very least you should be comparing Google Friend Connect, or perhaps more relevant still is Google Open Social.
To say that google products have a slow uptake is just crazy talk - there's something like 700 million users on sites that run Google Open Social.
For me the decentralized form of authentication and profile management that you can get with Open Social far outweighs the initial ease of development you might potentially get with Facebook Connect.
Posted by: Rob Clayburn | December 4, 2008 2:41 PM
What about user ownership and control of personal data and content? Open ID is essentially a better way to leverage the larger Web2.0 value proposition. It's a powerful idea, but right now it's destiny is tied to the health of the Industry. Pounce and I Want Sandy are examples of many user's personal investments in Web2.0 going bad. FaceBook users don't have to worry about FaceBook pulling the plug on the value they are building for themselves. They are sheltered. All FaceBook needs to do to complete is keep adding feature functions. OpenID, as a network of applications, must find a way to give users the ability to protect, preserve and control their online assets. Otherwise FaceBook will likely eat OpenID for lunch.
Posted by: Paul Daigle | December 4, 2008 2:47 PM
It is great to see website owners realizing they can both increase registrations and gather rich profile/social data by accepting third party accounts such as Facebook, AOL, Yahoo!, and Google. However, it does not need to be a decision between Facebook and OpenID. Why shouldn't websites allow users to sign in with any one of their preferred third party accounts? While the undertaking to connect all these services on a website might seem challenging, JanRain recently launched a quick and easy hosted service that does all this for the site. It is called RPX and can be downloaded at http://rpxnow.com.
Posted by: Tore | December 4, 2008 3:27 PM
This is the most sane coverage that I have seen of Facebook Connect. It is not a sustainable solution, though I fear it might win in the initial stages. It is not good for a single company to be the man in the middle on all of my correspondences on the web.
Posted by: anon | December 4, 2008 4:44 PM
I always appreciate some good mindmapping! Thank you for the article. I think as social communities move forward, open source technology is going to become more and more important. There is too much at stake to individual and to communities for open source not to be the winner here.
It will be interesting to see how this unfolds though and I wouldn't count Google out at this point!
Posted by: Julie Wight | December 4, 2008 7:14 PM
As a web site owner, I don't really want to limit my user to once source. Many people don't use Facebook for many reasons.
With openID, user can choice which ID to use for which site. So they have chance to try out the site before showing their real identity.
People like me with different OpenID will want to have more flexible options. Rely on Faceobook to control our identity is dangerous.
The only personal benefit to use facebook is the use base and friend connection.
Posted by: Terence Chang | December 4, 2008 7:30 PM
+1 on Chris and Kevin's comments.
I don't want my online identity dedicated to a single representation determined by a proprietary service platform, and I don't want my 'friends' exposed to unwanted scrutiny because of my online behavior. The trade-off involved in utilizing FC isn't worth the convenience it may provide.
Also my firm works with some larger media and marketing interests which maintain online domains. We'd spoken to them about these services, and they're responses are generally favorable - account maintenance and administration is almost pure overhead for such parties. But they also want to store and extend data on users in ways that are restricted, or impeded, by Facebook Connect. Once it becomes clear that implementers of FC are basically treated as proxies for Facebook, they lose interest in this solution.
Posted by: Jack | December 4, 2008 8:38 PM
it is the feds, they want real id only
Posted by: Gregory Lent
|
December 4, 2008 9:02 PM
To me its a fundamental issue of Real Life ID vs Online life ID.
Facebook is dedicated to replicating the real life social graph - a useful and focused function. But by no means is it representative of all the relationships and multiple identities we create for ourselves online. How then, could FB/Connect be THE total solution for SSO+?
By leveraging their social data, I would expect FBConnect to be a bit of a game-changer initially, but ultimately to simply be part of a social SSO landscape, to be used non-exclusively, when and where users want.
Posted by: Paul Moss
|
December 4, 2008 10:23 PM
Hail to the Thieves
Any developer and proponent of a truly Open web must take an active roll in pushing for the success of OpenID.
In my views this is an area where one cannot be on the side lines, we have to take an active roll in making sure that members identities and their data are owned by members and not companies that want to lock in with proprietary solutions.
So interesting that a short time ago Microsoft (A closed source company) wanted to push forward a standard (Passport) that would have give users the ability to have one log in that worked for many sites. At the time many in the tech and development community saw this as just another Microsoft Land Grab for our Identity and our Content. Many people saw Passport as a Microsoft effort to finally gain control of the internet by becoming the standard for digital identity.
Today we have no less than 3 closed source companies in a race to become the "Standard" for holding or Identity and therefore having access to the content that we read and the content that we creates.
All of this at a time when there are many Open Source standards that could be used (Openid is just one that comes to mind) that if properly deployed would do the right thing by putting the user/member in charge of their log in as well as their relationships across many sites.
Have we forgotten the lesson of the not so distance past ?
Why do we not see a problem with the big 3 trying to become the proprietary standard in this very important area ?
Why do developers especially Open Source developers continue to build and extend applications for closed source companies that under mind open source standards and ideals ?
Why do users continue to view giving control of their identity and content to these companies as a win, when in fact the win is clearly on the side of the company that you have allowed to take control of your identity and to generate value and revenue from your content. In return for our compliance we do not even have a right to take our identity and our content where we want.
Open Source developers, please do not write any code to extend the propitiatory services of Facebook. They are not your "Friend" When you write code for a company like Facebok you undermine the integrity of the Open Web.
Posted by: william | December 4, 2008 10:59 PM
Facebook is a company looking to make profits from your identity. Facebook is limited to 120mio people that want to subscribe to Facebook.
OpenID is an organization open to all companies and organizations without profit goal. No limitation on number of people.
A few years ago Microsoft tried to have your identity too with Passport (having millions of Hotmail users), but failed.
Facebook doesn't bring any trust about your identity, thus no real value for other service providers.
OpenID is at least as convenient if not more convenient (you don't need to be on Facebook)
People on www.netlog.com or www.bebo.com are not interested in having a Facebook membership too.
Posted by: LEADSExplorer | December 5, 2008 12:57 AM
A both cynical and romantic view LEADSExplorer. We may all want OpenID to succeed but it has hardly moved on in over a year; functionally Facebook Connect shows it the way to go. And a social network of "only" 120 million peole is a big draw to most website developers who, in commercial reality, have to consider that more compelling than OpenID with its miniscule user base and user hostile interface.
Google Friend Connects makes OpenID more usable though and takes only seconds to implement, plus comes with some admittedly fairly basic social functions.
Take a look at this 10 minute test implementation on our site:
http://www.wecando.biz/googlefc.php
Looking forward to spending time with Facebook Connect.
Ian Hendry
CEO, WeCanDo.BIZ
http://www.wecando.biz
Posted by: Ian Hendry | December 5, 2008 7:54 AM
Among mainstream users I think OpenId as a name and service will have very small chance to spread. I believe OpenId is far to abstract and technically packaged for people to grok but referring to a facebook account will help people understand the benefits plus not having to "create another damn account". For early adoptors there might be an entirely different thing.
Posted by: Fredrik | December 5, 2008 8:00 AM
easily facebook.
Posted by: Brian Ries
|
December 5, 2008 8:28 AM
OpenID I hope...
Posted by: Aram Zucker-Scharff
|
December 5, 2008 8:29 AM
I think Facebook will win this just because FBC offers more that appeals to a 120 million user community. The purists may prefer GFC, but it doesn't offer as much as there is no mass community likely to get us fully behind it in the same way.
Ian Hendry
CEO, WeCanDo.BIZ
http://www.wecando.biz
Posted by: Ian Hendry | December 5, 2008 12:38 PM
I would argue that whoever does a better job of protecting users accounts will win in the long run. Imagine if FB becomes the center of your online universe. One could do some serious damage if they could take control of your account.
The stakes are much higher than online banking. You can always call your banker if your account gets compromised. Nobody at FB is gonna answer the phone if your account gets taken over and they aren’t going to put back everything that got screwed up all around the web, either.
With OpenID, you at least have the option to use something better than just a password.
Posted by: Luke | December 5, 2008 5:57 PM
OpenID. Facebook Connect is proprietary, so we're still stuck with needing a single sign-on protocol. That's where OpenID needs to snag people - you're tired of filling out all of those sign-up forms? Plus, you get the added privacy benefit (your business isn't hoarded or available to everyone). We don't need the internet to devolve into appliances, tethered to a central power source. Generative and open is the way to go.
Posted by: Cory | December 5, 2008 6:44 PM
Tore : nice one for posting that link.
I totally agree that it's not a matter of which one but how to best integrate both. Ideally the user should just see a single set of login/password fields in which they can enter any ID they wish, OpenID, FB Connect or any other.
Posted by: Sash | December 14, 2008 3:34 PM
I'd have to vote for OpenID. I know a lot of people who've tired of using Facebook. It has the feel of a bubble and what happens if all these sites integrate too much with it?
Posted by: Ian Evans | December 18, 2008 7:54 AM
RWW hasn't implemented Facebook Connect yet?
http;//twitter.com/MarkMayhew
Posted by: Mark | December 29, 2008 8:28 AM
Dear Thank you very much for such participation
Posted by: منتدى | January 3, 2009 2:25 AM