Sunday, April 18, 2010

XAuth: Somebody, Please, Put Facebook in Check

A consortium of companies including Google, Yahoo, MySpace, Meebo and more announced tonight that it will launch a new system on Monday that will let website owners discover which social networks a site visitor uses and prompt them automatically to log-in and share with friends on those network. The system is called XAuth and serves to facilitate cross-site authentication (logging in) for sharing and potentially many other uses.



Facebook and Twitter, the dominant ways people share links with friends outside of email, are not participating.


Sponsor



Consortium leader Meebo emphasized that it doesn't see this as competition with Facebook's system for letting users share links from around the web, but it's hard to see it any other way. Facebook desperately needs more competition. Either way, XAuth is a good move that people excited about online innovation should support.



What XAuth Delivers



The gist here is that XAUth will make it easier for sites around the web to find out what social networks you are using, let you log in to those easily, access your permitted information from those networks in order to better personalize your experience on their site and easily share their content back into your social network. It's like Facebook Connect, but for every other social network. Any website can register as an identity provider with XAuth, too.



It's like Facebook Connect, but for every other social network.
Google's Joseph Smarr, recently hired because of his high-profile work on distributed identity systems across the web, says that XAuth is a provisional solution to the limitation of the cookie system. If you visit ReadWriteWeb, for example, our servers aren't allowed to check the cookies left on your browser by the social networks you use because they are tied to URL domain other than ours.

XAuth will provide a single place that participating websites can ping to request information about you, the user. The social networks that are participating in XAuth will have reported to the central XAuth hub that you are using their service (Google, Yahoo, Meebo, Disqus, Gigya). If ReadWriteWeb is sporting XAuth, we would check in with the central hub, find out where you network and prompt you to log-in through that service and share your account information, social connections and more with us.



And yes, there are privacy implications to exposing where you network, even if your personal info beyond that isn't exposed until you log-in. "Broadcasting where you log-in," says online identity community leader Kaliya Hamlin, "gives away things about yourself you may not want to give away." Hopefully specialty networks will be selective about whether they participate in XAuth or not, but any time there is an opt-out model like this it's dangerous.



Think of all the things Facebook Connect lets you do. XAuth will enable to do that type of thing with any other participating social network, on any participating site.
Once you're logged-in to your favorite social network, there are many things the website you are visiting could do. Think of all the things Facebook Connect lets you do. XAuth will enable to do that type of thing with any other participating social network, on any participating site. On the Huffington Post, you can see what your friends from Facebook are reading across that sprawling site. On CNN during the Presidential Inauguration, Facebook Connect let you comment on the live video with your real identity and see what your friends were saying about it at the same time.

It's really easy, Facebook Connect is, and the huge audience that can be shared with makes publishers salivate as they install Facebook Connect.



For Facebook, sharing and identity start and end with Facebook. The giant social network spreads its Connect system around the web with an imperial vision.
Facebook is not participating in XAuth, though the companies behind it say they hope it will soon. That seems unlikely. For Facebook, sharing and identity start and end with Facebook. The giant social network spreads its Connect system around the web with an imperial vision. It might participate in XAuth later, as might Twitter (who calls another authentication system XAuth and generally communicates poorly with other companies), but only because they want to be everywhere. They won't be sending out invites to publishers to attend any XAuth parties though. They already own the most dominant cross-site authentication system the world has ever known.


Above: Robert Scoble interviews Meebo's Seth Sternberg about XAuth


Google's Smarr says that XAuth is just a work-around until the browser itself reports to websites what social networks a user users. He says he's working with the Google Chrome team and Mozilla has been working on making Firefox a hub of identity for some time. Everyone has something to fear from Facebook.



Will Someone Please Stop Facebook?



You do too, as a user. Facebook is a fabulous service for communicating with friends and family, for sharing links, thoughts and feelings. It's also too big, too centralized and too susceptible to making drastic changes that have terrible consequences in the real lives of users (hello, privacy policy).



Facebook needs meaningful competition. XAuth could help breathe more life into a constellation of other social networks to provide that competition.



It's hard to say what will work against Facebook, though, because that's where the most precious resource in the online world is hoarded - your friendships. The prospect of a large number of people and websites coming together to use a technology that discovers social network use across everywhere but Facebook and Twitter isn't likely to excite very many publishers focused on their short-term interests.



Social networking is a huge part of the world we live in today. It's far too important to leave in the hands of a near-monopoly, even if that monopoly seems relatively benign today.
It's a very frustrating situation. Facebook just keeps getting bigger and bigger. The experience there just keeps getting more and more compelling. No information gets out without flying the Facebook flag. Your friends probably don't use much else, so switching would come at a heavy social cost. And we grow more and more under Facebook's thumb every day. December's radical changes to Facebook's privacy policy are likely to be just the beginning.

Google's Smarr points out that just a few years ago it would have seemed inconceivable to people that MySpace would come tumbling down from the top of the social networking heap, that the future is still wide open and Facebook's total domination can't be presumed unstoppable. He would say that. Facebook is smarter and much, much better than MySpace ever was, though.



I love using Facebook, I use it every day, but something needs to be done. There needs to be a variety of interoperable, viable social networking options. Imagine if there was one super-dominant cell phone network provider and didn't allow you to call people on other networks. It wouldn't matter how good that service was, that would be a bad situation. Social networking is a huge part of the world we live in today. It's far too important to leave in the hands of a near-monopoly, even if that monopoly seems relatively benign today.



I hope that XAuth today and browser-based identity management in the future can help other social networks gain more traction. This may be a part of the solution. It's a nice move, but we'll see how effective it is.


Discuss





http://bit.ly/ctGjT3
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)