XAuth: The Open Web Fires a Shot Against Facebook Connect
A consortium of companies including Google, Yahoo, MySpace, Meebo and more announced tonight that it will launch a new system on Monday that will let website owners discover which social networks a site visitor uses and prompt them automatically to log-in and share with friends on those network. The system is called XAuth and serves to facilitate cross-site authentication (logging in) for sharing and potentially many other uses.
Facebook and Twitter, the dominant ways people share links with friends outside of email, are not participating.
Consortium leader Meebo emphasized that it doesn't see this as competition with Facebook's system for letting users share links from around the web, but it's hard to see it any other way. Facebook desperately needs more competition. Either way, XAuth is a good move that people excited about online innovation should support.
What XAuth Delivers
What About OAuth?
If you're familiar with OAuth, you might be wondering what the difference is between that system of secure authentication and XAuth. Here's one way to explain it: XAuth tells a webpage "this is where the site visitor does social networking." Then, OAuth is the way the user logs in there, granting the site permission to access their info without seeing their password. In other words, XAuth tells you where to ask for OAuth from.Google's Joseph Smarr, recently hired because of his high-profile work on distributed identity systems across the web, says that XAuth is a provisional solution to the limitations of the cookie system. If you visit ReadWriteWeb, for example, our servers aren't allowed to check the cookies left on your browser by the social networks you use because they are tied to URL domains other than ours.
XAuth will provide a single place that participating websites can ping to request information about you, the user. The social networks that are participating in XAuth will have reported to the central XAuth hub that you are using their service (Google, Yahoo, Meebo, Disqus, Gigya). If ReadWriteWeb is sporting XAuth, we would check in with the central hub, find out where you network and prompt you to log-in through that service and share your account information, social connections and more with us.
And yes, there are privacy implications to exposing where you network, even if your personal info beyond that isn't exposed until you log-in. "Broadcasting where you log-in," says online identity community leader Kaliya Hamlin, "gives away things about yourself you may not want to give away." Hopefully specialty networks will be selective about whether they participate in XAuth or not, but any time there is an opt-out model like this it's dangerous.
It's really easy, Facebook Connect is, and the huge audience that can be shared with makes publishers salivate as they install Facebook Connect.
Google's Smarr says that XAuth is just a work-around until the browser itself reports to websites what social networks a user uses. He says he's working with the Google Chrome team and Mozilla has been working on making Firefox a hub of identity for some time. Everyone has something to fear from Facebook.
Will Someone Please Stop Facebook?
You do too, as a user. Facebook is a fabulous service for communicating with friends and family, for sharing links, thoughts and feelings. It's also too big, too centralized and too susceptible to making drastic changes that have terrible consequences in the real lives of users (hello, privacy policy).
Facebook needs meaningful competition. XAuth could help breathe more life into a constellation of other social networks to provide that competition.
It's hard to say what will work against Facebook, though, because that's where the most precious resource in the online world is hoarded - your friendships. The prospect of a large number of people and websites coming together to use a technology that discovers social network use across everywhere but Facebook and Twitter isn't likely to excite very many publishers focused on their short-term interests.
Google's Smarr points out that just a few years ago it would have seemed inconceivable to people that MySpace would come tumbling down from the top of the social networking heap, that the future is still wide open and Facebook's total domination can't be presumed unstoppable. He would say that. Facebook is smarter and much, much better than MySpace ever was, though.
I love using Facebook, I use it every day, but something needs to be done. There needs to be a variety of interoperable, viable social networking options. Imagine if there was one super-dominant cell phone network provider and it didn't allow you to call people on other networks. It wouldn't matter how good that service was, that would be a bad situation. Social networking is a huge part of the world we live in today. It's far too important to leave in the hands of a near-monopoly, even if that monopoly seems relatively benign today.
I hope that XAuth today and browser-based identity management in the future can help other social networks gain more traction. This may be a part of the solution. It's a nice move, but we'll see how effective it is.
Share
Facebook
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts
"even if that monopoly seems relatively benign today."
"relatively benign"? you're being so generous...
i'll leave you with some choice words from someone who is not pulling any punches
eben moglen: "Mr. Zuckerberg has attained an unenviable record: he has done more harm to the human race than anybody else his age."
http://www.softwarefreedom.org/events/2010/isoc-ny/FreedomInTheCloud-transcript.html
Twitter already has a different standard called XAuth used for third-party authentication...
Thanks Peter, I keep meaning to read that thread.
you can also watch/listen to it here:
http://www.youtube.com/watch?v=QOEMv0S8AcA
and the Q&A is here:
http://www.youtube.com/watch?v=kpHWnHxmnXg
ok, wow, i just watched the video. this is a seriously bold move by a lot of big players. specifically, making it centralized and opt-out in order to get it moving while the browsers catch up and can handle it locally... that's pushing right up against the edge of a privacy violation. that said, people are pretty used to much worse (for example: those personalized amazon ads everywhere), and they pretty much had no choice if they want to provide an open alternative to facebook connect *right now*.
it's interesting to finally see what joseph smarr has been up to since joining google, and cool to see janrain as part of this initiative. also interesting that this was launched right before f8...
Haven't both MIT and Cisco created something called "xauth"? They need to come up with a new name for this.
This is very good not only for corporate sites that want users to log in and share stuff but also for the makers of next generation social apps: I think it is a necessary step to split the functional block around IDs, friends and management of those from the actual innovative (social) features of a new service. Like this, start-ups can concentrate on their USP without having to re-implement and to bootstrap all of the above.
I just went to http://xauth.org in my Chrome and it says XAuth is already enabled in the browser. Interesting.
XAuth fraternity of losers in social world against Facebook : Google wants to bring the walls down on FB to show ads .
Here my take on this. XAuth solves nothing for the end user. I can already login to web site with Facebook connect, Twitter, OpenID, Google etc. XAuth is really about the problem of tracking users behaviour around social web. It solves a business problem not a user problem. Developing technology to reduce the privacy of ends uers withotu any benefit is pure evil.
From now on, I'll be using "Private Browsing" mode.
"Facebook needs meaningful competition" - I don't know that users are asking for competition to facebook connect.
"It's a very frustrating situation." - For business. Not for users.
"It's really easy, Facebook Connect is, and the huge audience that can be shared with makes publishers salivate as they install Facebook Connect." - That gives away a lot about the motivations of the people working on XAuth.
XAuth is a good step in moving towards customized content outside of single social networks. Heads up Marshall I couldn't use my google profile as an openid provider so had to log in with twitter.
Since short term money and inertia is driving the future shape of the social web I think we're all going to lose out on some healthy competition. All the great social data mining will happen behind closed doors. Hopefull something Ostatus/Buzz friendly will gain a small market share and defeat the silo with thousands of small businesses and startups providing function faster than single social providers. Heck if Twitter was Push enabled it would change Facebooks stranglehold, but they are following the same path of restricted access to social data, while charging users an attention tax. It's like charging for use of the email protocol, which is silly.
Just compete on implementation and earn user attention.
It may take a while, but the big social players will cave and by then it will be too late. We'll have invented an open set of channels that allow real time sharing beholden to no single entity.
Somehow I have a feeling Facebook is saying "Jealousy will get you nowhere" LOL
ZIn
www.vpn-privacy.us.tc
fully agree with Khurt. wolf in sheep's clothing - goog is the wolf.
technology alone will not bring facebook into check, no instant user benefit. must be combined with a compelling new experience/value-add.
I might not make many friends here with a statement like tyis, but isnt' the whole point of Facebook having no competition? FB is the modern phonebook. Who wants to look into two phonebooks in order to find a number. In my POV any competitor needs to answer to a different need and come up with an own idea. No?!
good luck with the whoe beatimg favebook thing
Yeah, this is an identity grab by the "BIGs". It's all good for those businesses involved, not so much for the user. Do people really care about what their old high school friend, that they would never have even seen again if it hadn't been for Facebook, is reading on CNN? Really?
All the major competitors need to band together and use a common protocol for social communication. I suggest OneSocialWeb -- there's a reference server and client available under an Apache license, and it uses XMPP for federation and communication.
I dont really like fb-connect because all of the comments that I want to keep anonymous are linked to my personal profile and have my first and last name on it..
I don't want people to see that I posted a pedobear ascii in 2007 when they google my name.
All of this stuff sucks. I just want to have my Facebook be Facebook. I make usernames on purpose - I don't want to be tracked all over the internet. If a site I like has Facebook connect - I don't use it. I don't need my "friends" knowing every single thing I do. I like that the internet is anonymous. I don't need all my stuff under one place - I can remember different passwords just fine.
No. I have an opinion.
Since Facebook has never been de-throned before, nobody actually has the experience to be an expert on the matter. Not you. Not me. And not the guy who wrote the article either.
They really need to change the name of this thing. Xauth is already a program for connecting to an X server. - Arunabh Das
I agree with Keed. This is getting scary and it needs to stop.
Really, it's not obligatory to use any social network ID when commenting or sharing links. You always have an anonymous option. Though Facebook Connect is a cool thing, especially for businesses and very handy for the users. Xauth is a good idea either, though its hard to imagine it as Facebook competitor.
XAuth is a good competitor to Facebook connect.
Open ID didn't worked in unifying everybody so now its time for XAuth.
They have a shot as its already well implemented, you may not even know it you are using it.
It may slow down Facebook Connect as the universal single sign-in and be a reasonable number 2, but in now way it will take down Facebook it self or even slow its growth.
I don't think anythings going to slow down facebook, but ti is scary. Its become so popular, so common. To stop or slow it would take something rather large.
Haven't both MIT and Cisco created something called "xauth"? They need to come up with a new name for this.
Actually probably not as stupid as you. You are almost as unoriginal as them. How does being worth $300 billion determine they are not a bunch of hacks?
Quite the hard-on you have for MS I'd say. So tell you what...if you love MS so much as to reply with such vehemence...then go purchase a blow up doll and dress it up as Billy G for your fantasy purposes.
We actually just recently had a post over on our blog that got a lot of attention that takes a look at the rise of Facebook's monopoly power. Seems like there might be some legal arguments to be used to force Facebook to participate in something like xAuth if you recognize the interaction between Facebook and it's users as a commercial one.
Check it out:
Facebook's Anti-Privacy Monopoly: http://www.DeObfuscate.org/
very good article on OpenId
Posted by: sailendraopeningid.myopenid.com
|
August 7, 2010 11:16 PM