Facebook, Identity, and OpenID

Posted on Sun 05 August 2007 in Dispatches • 5 min read

I’m a little late on this one, but it’s still worth discussing. I also apologize for the length of this post, but I had more to say than I thought!

A few weeks ago, some of you may have read this post by Jeremiah Owyang regarding his predictions for the future of social networks. The article makes several assertions, such as social networks will create open APIs in response to market pressure from Facebook, which makes a lot of sense. However, the most interesting thing that he predicts is that Facebook will become a major player in the identity game.

Facebook will launch an Identity widget that I can embed on my blog. This allows only those who have registered to Facebook to leave a comment, many high profile blogs will do this, to avoid nasty anonymous comments, thus reducing the incident of Kathy Sierra type events.

He also suggests:

Facebook will have faster adoption that Open ID, as the consumer users will drive it. (Remember the mantra of consider joining before creating communities)

Now, Jeremiah Owyang is not assigning any value one way or the other, merely making predictions based off of the trend he is observing. Facebook certainly is aiming to be a single web platform for its users, and moving into identity management would be a logical step in that direction. The Facebook API does makes this possible, and in fact their are some sites that already support using FB login credentials, like Ma.gnolia. Given the boom in popularity of FB, it seems natural that users would find this an attractive option. After all, we already have many poor benighted souls that eschew email for messaging within FB or MySpace, so it is logical that those individuals would prefer to manage their identity through one of those networks. It is also certainly demonstrable that the lack of anonymity reduces the amount of active trolling in communities (although this is more an argument for identity verification in general as opposed to a FB-specific observation).

All that being said, isn’t this a step backwards?

We don’t need another walled garden, where another corporate entity controls the keys to our online identity, and eventually more users are going to realize this. Thus, I suspect any trend towards using the Facebook API to provide authentication elsewhere is ultimately only going to exist in the short term, only to be superseded by more open systems. Dave Winer gives an excellent explanation of this in this post on user lock-in when he says:

Facebook could easily be the place where the dam breaks. It’s attracting so many users, who may at some point realize that they want control of the data that’s locked up inside Facebook.

That is exactly the issue with entrusting our identities to any single entity, because ultimately it comes down to a matter of trust. As users grow more savvy, they will trust closed systems less and less. Or at the very least, users will become more aware of how incredibly inconvenient the walled garden approach to personal profile and identity data is, as Justin Baum explains quite well in his post on redundant relationships. The future success stories of the web will be the ones that can solve this problem.

I turn to Winer yet again, because he explains it very well:

A vendor will come along and they’ll store your identity but give you complete freedom to move it where ever you want when ever you want at no cost. They’ll make it easy to do so. And they’ll get rich doing it, if they want to.

Why?

[…]

It’s the basic trust proposition of the Internet. People will only trust a service that gives them complete freedom to come and go as they please. Further, they’ll want to come back if you send them to cool places. It’s why people like Facebook today, and why they’ll be tired of it tomorrow, if it only sends you to places within the Facebook silo.

The key to building these future successes is developing and using decentralized protocols like OpenID, and utilizing simple semantic markup such as microformats or even more complex syntax like FOAF. OpenID allows for a truly decentralized identity system, which allows you to switch identity providers on a whim, or even run your own. For more info on OpenID, I recommend you start by checking out Simon Willison’s excellent screencast on using OpenID. Microformats and FOAF provide methods by which you can describe people, relationships and other objects in such a way to be machine readable, but comprehensible to human beings, which opens the possibility of importing/exporting relationship and profile data between various services automatically. We need convenient and open ways of managing our online identities as well, and there are some very smart people out there who have already made some initial forays into that area.

In a later post, Jeremiah Owyang acknowledges:

I realize that Open ID is one solution, but let’s get realistic, it’s not being adopted because it’s too geeky, maybe they need a marketing evangelist, or a mass consumer tool will need to be birthed. Please note, I’m not opposed to the tool, I’m just looking at the market around me.

Owyang is right on the money here, in that these services need more simplistic tools for implementation and more effective evangelism. Currently, the focus of these projects has been marketing the idea to other developers, and they have been succeeding in getting quite a few technical folks pretty fired up about it. Now it’s time to really focus on bringing it to the attention of the masses. Firefox 3 will have built-in support for detecting and utilizing microformats, as well as supporting OpenID which will go a long way towards raising awareness and usage of those methods of describing information. Lightweight and interconnected (maybe even interchangeable) social networks are clearly the future of the web, and these technologies, or their descendants, are the keys to creating them.

None of this is to say that services like MySpace and Facebook are doomed. Quite the opposite, both of these networks are uniquely poised to write their brands into the history of this shift in web technology. If they can let go of the lock-in business model and focus on developing with these budding technologies, they can be situated as central points of influence in the future web, rather than eventually fading into obsolescence, as many a closed system has before them. Turn user profile pages into OpenID identity providers, and offer the ability to use already existing OpenIDs for either new accounts or to associate them with existing ones. Utilize microformats and open APIs to encourage user freedom, and as a result, build brand equity as well as increasing user loyalty.

Users don’t want a walled garden, they want an open field. It’s time to give it to them.