OpenID is getting a big boost today as Facebook goes live with its support as a relying party for the standard. It’s a major win for OpenID, which has long had to deal with major companies only half-heartedly embracing the standard, sometimes announcing support to reap the press coverage only to let the effort languish for many months. Facebook announced its intended support of OpenID in April, and less than a month later they’ve delivered.
So what changes for users? You’ll now be able to link your Facebook account with your Gmail account, along with those from other OpenID providers. This means that if you’ve logged in to Gmail to check your messages, and you pop over to Facebook, you won’t have to sign in with your Facebook username – you’ll already be logged in. New Facebook members will also be able to register with their Gmail accounts.
Now, Facebook isn’t the first major company to hop on board the OpenID movement – we’ve seen announcements from Google, Microsoft, and a bevy of others. But for the most part these are only signing on as “issuing parties”, which means they’ll let you log in with their accounts on other OpenID supporting sites. But they’re not “relying parties”, which means that they won’t accept OpenID logins created through other services. In other words, Google is happy to let you use your Gmail account to log in to Facebook, but you can’t use your OpenID-enabled Microsoft ID to login to a Google service.
Depending on how much Facebook promotes the new feature, it could help OpenID get broader recognition than it currently has (most people have no idea what it is, and many of us who do still find it more than a little confusing). But even if it does see wide use on Facebook, don’t expect big players like Google or Yahoo to follow suit and become relying parties any time soon.
Facebook has really been a relying party since its inception – there’s never been a “Facebook ID” because you’ve always used your university Email (or more recently, your personal Email) to log in. So the site isn’t really sacrificing anything by enabling OpenID support. The likes of Google and Microsoft have built many services tied to their own proprietary accounts, and they’re going to be far more hesitant to give those up.
Hello Techcrunch,
Can someone explain me the privacy issue raised by this login method?
Can facebook know my gmail address and vice-versa?
I use internet explorer to open my gmail account just because I hate having my search datas on google linked forever to my gmail account, now it seems the situation is becoming worse than ever !
I mean , I use IE for gmail and firefox for regular browsing to prevent them “linking” my search queries to my gmail account
OpenId is a security hole. It encourages lazy security. People need to have several passwords that are not in any dictionary. Otherwise you are asking to be hacked!
I assume this is humour, but if not:
As long as you ensure you are not phished for your providers’ password, you should be *more* secure, not less.
Since most sites and services that you need to log into use the email address as part of your login, I’d say having a separate password or passphrase for each one is far better then one global id for logging in.
So how does this OpenID compare with, say Yahoo’s open ID? (One yahoo login gives me access to all me yahoo services, which is nice) is that now to be regarded as insecure?
Facebook doesn’t know what your gmail username is unless you tell them. When you log into a site with openid, google says that “the person logged in” has control over the url http://google.com/XXXXXX where XXXXXX is unique per site that you log in with openid. This means that google would have to share information with facebook beyond which is specified in connecting using OpenID. If you’re truly paranoid, you can use your own openID provider (like claimid, or myopenid), and not worry about google sharing your information, and still get the benefits of not having to re-login.
Using two different browsers wouldn’t do anything as you would still have the same ip address. If Google really wanted to, it could be tracking you right now
huzzah! This is the promise of OpenID, finally becoming realized. I’m glad Facebook has taken the plunge.
I’ve yet to see anything anywhere else on their rollout of the feature; has it in fact been released to the public?
This is fascinating news. OpenID stands the greatest chance of all of becoming a single sign on to the web at large — exceeding what Microsoft ever managed with Passport (now Windows Live ID in essence) and what Facebook was ever likely to achieve pushing Facebook Connect as a proprietary solution — but it could still be a lot more usable. Though maybe truly widespread support will motivate providers to make it more friendly to the non-techie.
Either way, and whoever wins out, single sign on is coming and will be a big benefit for everyone. We’ll be adding support for OpenID, Facebook, Google, Windows Live, Twitter and Wordpress based authentication to our site next month. It’s not that tough to do.
In answer to Franck, yes, if you authenticate using OpenID then one of the values passed to that website during authenticating is your e-mail address. The real aim of things like OpenID — and why Facebook is embracing it — is to link your accounts; in Facebook’s case it is so that site can act as your aggregator and feeds you news on what is happening where you are active across the web. If you really wish to maintain separate identities I advise you DON’T use a single one like OpenID to access multiple sites and use the sites own proprietary registration and login methods.
Ian Hendry
CEO, WeCanDo.BIZ
http://www.wecando.biz
Amazing stuff. I had always thought that Facebook would try to for a long time encroach on OpenID’s space and really become it’s own independent pillar in the identity ecosystem, but implementing openID support is an awesome move, and for now I’m nothing but excited.
Is it just me or the minute this is posted @ TC, suddenly openid.net is completely unavailable. I’ve even seen the message “Could not establish database connection”.
They implemented it wrong by FORCING you to share your Google contacts if you use your Google account for OpenID login.
Facebook has certainly not always been a relying party. I have never been able to login to Facebook with anything other than the password that I gave them, which is not the same password as my email address. If it were the same I would have passthru authentication. I do not, and have not.
This is in fact a big change for Facebook.
YAY now if only they promoted the hotmail and yahoo OpenID we might finally get somewhere !
regards
John Jones
One less password is good, no doubt. But did they have to ask for access to your contacts?
http://clipperh...tacts-grab.aspx
I thought Yahoo! already had this?
http://openid.yahoo.com
There are two ways to use OpenID: 1) as a relying party; 2) as a providing party.
Yahoo’s OpenID involvement is as a providing party, who let you use your Yahoo account as your OpenID login to relying sites. Facebook is on the other side where they allow people to login using OpenID (ie. a Yahoo account) but they don’t let you use your Facebook account at other OpenID relying sites.
I don’t think I explained that very well…
I associated my OpenID with my Facebook account. But I do not see how I can sign in with that – still the only option seems to be Facebook id. So I think they are yet to become a Relying Party. I am sure they will eventually. But when they do, it is indeed a remarkable: the OPs can track the login behavior of its users and have access to data like how often users signin and what fraction of its user base are Facebook users etc. This is a competitive information. It is in this respect that Facebook becoming a RP is significant.
I linked my Facebook account to Yahoo and Gmail accounts today.
Tried to navigate to Facebook after logging into Gmail…it unable to log into Facebook…
Same behavior with Yahoo id.
Facebook keeps asking for password.
Hi-
there is a common misunderstanding wrt OpenID, which unfortunately also makes this post misleading. OpenID does not give you single sign on but only single ID/password.
So users wont have to remember a new password per site and can reuse account information (name, city, …) across sites.
But OpenID does not do single sign on, so you will have to reenter your password in all sites you visit, you are not automatically logged on in another site when you are logged in at the identity provider site.
You only get single sign on with other technologies such as SAML, which are supported by some services such as salesforce, and Google Apps.
That’s reassuring because I don’t want to single sign on in every web site. I want to keep my accounts well separated and not get traced among servers. However that also means that OpenId is pretty useless. People can use a single userid/password anyway. How’s OpenId better than that?
Reading some of the comments on that piece would suggest it’s not quite working yet.
Only issues I had were Google Chrome blocking the popup window while linking my Google account to my Facebook account, and surprise when the Facebook login screen just got replaced with my home feed because I was still logged in to Google. There’s no "log in using Google" button, it just detects your Google session and logs you in.
thank you
The greatest benefit of Facebook is that it has many groups on the site that you can join. So if you are interested in Chicago Cubs you can research Chicago Cubs in the groups section and you will be able to find friends on there that like the Cubs. This is just one example, I know that you can join groups of your favorite football team, television show, or whatever you want for the most part! If you can’t find a group for your interest, you can simply create one!
James
http://EmailCharger.com
So Facebook will “rely” on an OpenID issuer for login, but not registration?! And, shrewd strategy, Facebook, scraping Gmail contacts and (presumably) making associations and aggregating data of contacts/friends Gmail and Facebook accounts. Way to triangulate, Facebook. But none of that gives a person much reason to have an OpenID.
Lets look at this in real terms:
1. Facebook is not regarded as a true Relying Party. Although the specification terms an RP to be simply “A Web application that wants proof that the end user controls an Identifier”, the user still requires the use of Facebook’s authentication policy to link such an account which defeats the practical advantages of using a federated login.
2. Sure I can add a linked account, ONCE logged in via the NORMAL Facebook policy, however if I use a delegated OpenID identity, FB will record my ID as the delegated OpenID identifier. This means I cannot use the identifier that I OWN. Note, I also DO NOT use Google for identity – I own my own identity thank you very much. Please see the bug report which has not had attention: http://bugs.dev...bug.cgi?id=5356
3. “But they’re not “relying parties”, which means that they won’t accept OpenID logins created through other services”.
In terms of the big players, none of them are true relying parties. I cannot use my OpenID identity to login into Facebook, Microsoft, Yahoo nor any Google service.
In essence most of the above simply confuses end-users and degrades the intentions of single sign-on for the web which OpenID essentially provides in its standards.