Digital Media Buzz > Facebook Matures With OpenID Technology

Facebook Matures With OpenID Technology

By N. Clark Judd

Facebook becoming an OpenID-reliant website on May 18 wasn’t necessarily big news on its own. But it is a sign that OpenID, a relatively new technology, is taking steps toward maturity — and projects are in the works now that could make it a more useful tool for Web developers than it already is.

In May, Facebook announced that it had become an OpenID relying party. In theory, this means anyone with an identity at an OpenID-providing website who is already logged in to that site need not log in upon visiting Facebook. Google and Yahoo! are both examples of OpenID providers, but anyone with the know-how can configure their sites to do the same. For now, Facebook only recognizes users of big boys like Google as being already logged in.

OpenID evangelists say that regardless of Mark Zuckerberg’s reasons for backing this move, he’s involving his billion-dollar baby with a technology that is starting to develop exciting uses. And if Zuckerberg will be able to increase Facebook’s user base by creating a unified login for users of other big-name services like Google, he’s also creating an opportunity for other companies to become more useful to their own users.

“You can basically choose an identity provider that is going to be able to watch for anomalous behavior, just like your credit card company does,” says Chris Messina, a board member of the OpenID Foundation. “I think there’s a great deal of opportunity for innovation in that area,” he later adds.

Imagine, Messina suggested: Your website has nothing to do with security, but your users’ accounts need to be secure. Rather than deal with the headache of user management yourself, you could use OpenID to outsource the problems of secure logins to someone who doesn’t mind handling them.

That, in turn, opens the door to a market for secure identity providers. In theory.

Fantasizing about OpenID doesn’t end there. At the February summit, Plaxo demonstrated why being an OpenID relier is useful: In a test allowing users to sign up for Plaxo with just two clicks if they already had a Google account, 92 percent of the folks who tried it went through with creating an account.

That’s a tremendous success rate where garnering user accounts is concerned, accomplished through a hybrid of OpenID and another technology, OAuth. Together, they ascertain who someone is and request access to their data.

A ReadWriteWeb article on the topic spawned a robust debate about exactly how useful that is (or isn’t) for people who are not Google or who are, unlike Plaxo, not owned by Comcast.

The hybrid, which Messina is working on, is still in its nascent stages. But the technology could evolve into a useful thing. In theory, it could serve as the core of a set of tools to share services across websites for a given user. Picture being able to have your Facebook friends, Flickr photos and Google documents follow you from website to website as you see fit.

The current obstacle, Messina says, is that the protocols needed to share that data are specific to the websites hosting it.

In other words, Facebook would have to create or sign on to a standards-compliant protocol for sharing profile information or contact lists, in order for the glittering future Messina is hoping for to shine as brightly for everyone.

Whether Facebook intends to be so magnanimous remains to be seen. It’s still unclear exactly why the social networking giant is paying so much attention to OpenID.

Messina optimistically guessed that Facebook signed on to gain the same kind of geek cred — “kudos” was his choice of word — that Google has been getting for its involvement in open source.

In its announcement, the company did not offer much insight into its motives.

Regardless of the reason, though, Facebook is now closely involved with OpenID, and has made a commitment to open standards.

The social network is, and will be, OpenID compatible. The next step to watch out for will be exactly how far Facebook bends to allow interoperability with other websites.