A few years ago, Microsoft decided to come up with its Passport project to provide a proprietary single sign-on for the internet. The idea was to free users from the burden of creating a new username & password for each site they use. While Microsoft Passport failed, the idea caught on and lead to emergence of single sign-on technologies such as OpenID and Facebook Connect.
OpenID
The Data Portability Project has been promoting open source standards for data portability through the use of the well known OpenID authentication protocol which has already been adopted around the web by Google, AOL, MySpace, Yahoo, Plaxo, etc. as well as having been incorporated into open source platforms like Drupal and WordPress.
Facebook Connect
Facebook Connect is much more than simply authenticating users. Users can in addition interact with their Facebook friends on other websites and stream their activity back into their Facebook profile. For example, users can log in to Digg.com using their Facebook credentials and can participate on Digg just like a registered Digg user. If they write a comment on a Digg story, it will show up in their Facebook news feed. Of course, Facebook promises that there will be privacy controls, so only information approved by users gets re-broadcasted to their Facebook account.
The concept is good for both sides. By being able to use a Facebook ID to log in to Digg, the user’s barrier of entry is lowered and Digg gets more traffic. Similarly, Facebook can continue to collect data about its user even when he leaves Facebook.
OpenID vs Facebook Connect
One wonders whether this comparison is really fair or is it like comparing apples and oranges? If people really want to compare Facebook Connect then it has to be compared to the entire Open Stack (OpenID, XRDS-Simple, OAuth, PortableContacts, and OpenSocial). Facebook Connect is a product and the Open Stack is a bunch of protocols, mechanisms & APIs.
Another principal difference lies in the fact that Facebook Connect has been developed using proprietary code, and hence the system will not work in conjunction with OpenID. Data that is gathered by Facebook Connect can only be used by Facebook.
But while Facebook Connect is heading towards mass adoption on mainstream sites like Digg, OpenID is currently hampered by several issues, the largest of which is poor usability.
Chris Saad, open-source advocate and co-founder of the Data Portability project, notes “Essentially, Facebook is trying to replace all logins with their own, and control the creation, distribution and application of the social graph using their proprietary platform”. Saad also feels that OpenID’s proponents have are tangled up in disagreements regarding branding and implementation.
How is OpenID responding?
Recently, Google and Plaxo have responded with adding OAuth and the Google Contacts API to the OpenID platform. OAuth has its own loyal following using the protocol for authentication and has been implemented by sites like Flickr and Netflix. The benefits of this technique are demonstrated by registering for a new Plaxo account using your Google account. This hybrid approach that Google and Plaxo have employed uses OpenID to sign in, then invokes OAuth for delegated authorisation, and finally calls on the Google Contacts API to access information about contacts. And it does all of this transparently to the end user.
Facebook Connect vs Google Friend Connect
Google has also launched its own Google Friend Connect service at almost the same time as Facebook connect. The service lets you log in using an existing account from Google, Yahoo, AOL or OpenID. However, Facebook Connect is much more about two-way communication than Google Friend Connect. A Facebook Connect application can send your activities back to Facebook, but Google Friend Connect has no such central place, although in theory it does have Orkut, its own social network plus all other social networks that support OpenID.
Therefore, while Facebook Connect will primarily be interesting to bigger sites who will want to engage Facebook’s large audience, Google Friend Connect will be used by smaller sites for simply adding a fun widget to their site, in a manner similar to Yahoo’s MyBlogLog.
Conclusion
Facebook Connect and OpenID can ideally co-exist because there are different applications that make both options viable and useful. At the moment, while OpenID is still working on its problems, Facebook is busy signing up big websites. If things continue rolling down this road much longer, OpenID may not be able to catch up.
However, in an interesting development, Facebook has now joined the OpenID foundation as well. But one can only wait and watch to find out what this development means for both OpenID and Facebook Connect users.
[...] into other areas of influence on the internet, it already raised quite of few alarms. Besides the single-sign-on tech wars amongst internet giants, the SSO system has facilitated phishing attacks on users. You are no [...]