Disclaimer: This blog post does not reflect future product announcements, technical strategy or advice from my employer. Disregard this disclaimer at your own risk.

In my previous post Some Thoughts on Open Social Networks, I gave my perspective on various definitions of "open social network" in response to the Wired article Slap in the Facebook: It's Time for Social Networks to Open Up. However there was one aspect of the article that I overlooked when I first read it. The first page of the article ends with the following exhortation.

We would like to place an open call to the web-programming community to solve this problem. We need a new framework based on open standards. Think of it as a structure that links individual sites and makes explicit social relationships, a way of defining micro social networks within the larger network of the web.

This is a problem that interests me personally. I have a Facebook profile while my fiancée has a MySpace profile. Since I’m now an active user of Facebook, I’d like her to be able to be part of my activities on the site such as being able to view my photos, read my wall posts and leave wall posts of her own. I could ask her to create a Facebook account, but I already asked her to create a profile on Windows Live Spaces so we could be friends on that service and quite frankly I don’t think she’ll find it reasonable if I keep asking her to jump from social network to social network because I happen to try out a lot of these services as part of my day job. So how can this problem be solved in the general case?

OpenID to the Rescue

This is exactly the kind of problem that OpenID was designed to solve.  The first thing to do is to make sure we all have the same general understanding of how OpenID works. It's basically the same model as Microsoft Passport Windows Live ID, Google Account Authentication for Web-Based Applications and Yahoo! Browser Based Authentication. A website redirects you to your identity provider, you authenticate yourself (i.e. login) on your identity providers site and then are redirected back to the referring site along with your authentication ticket. The ticket contains some information about you that can be used to uniquely identify you as well as some user data that may be of interest to the referring site (e.g. username).

So how does this help us? Let’s say MySpace was an OpenID provider which is a fancy way of saying that I can use my MySpace account to login to any site that accepts OpenIDs . And now let’s say Facebook was a site that accepted OpenIDs  as an identification scheme. This means that I could add my fiancée to the access control list of people who could view and interact with my profile on Facebook by using the URL to her MySpace profile as my identifier for her.  So when she tries to access my profile for the first time, she is directed to the Facebook login page where she has the option of logging in with her MySpace credentials. When she chooses this option she is directed to the MySpace login page. After logging into MySpace with proper credentials, she is redirected back to Facebook  and gets a pseudo-account on the service which allows her to participate in the site without having to go through an account creation process.

Now that the user has a pseudo-account on Facebook, wouldn’t it be nice if when someone clicked on them they got to see a Facebook profile? This is where OpenID Attribute Exchange can be put to use. You could define a set of required and optional attributes that are exchanged as part of social network interop using OpenID. So we can insert an extra step [which is may be hidden from the user] after the user is redirected to Facebook after logging into MySpace where the user’s profile information is requested. Here is an example of the kind of request that could be made by Facebook after a successful log-in attempt by a MySpace user.

openid.ns.ax=http://openid.net/srv/ax/1.0
openid.ax.type.fullname=http://example.com/openid/sn_schema/fullname
openid.ax.type.gender=http://example.com/openid/sn_schema/gender
openid.ax.type.relationship_status=http://example.com/openid/sn_schema/relationship_status
openid.ax.type.location=http://example.com/openid/sn_schema/location
openid.ax.type.looking_for=http://example.com/openid/sn_schema/looking_for
openid.ax.type.fav_music=http://example.com/openid/sn_schema/fav_music
openid.ax.count.fav_music=3
openid.ax.required=fullname,gender,location
openid.ax.if_available=relationship_status,looking_for,fav_music

which could return the following results

openid.ns.ax=http://openid.net/srv/ax/1.0
openid.ax.type.fullname=http://example.com/openid/sn_schema/fullname
openid.ax.type.gender=http://example.com/openid/sn_schema/gender
openid.ax.type.relationship_status=http://example.com/openid/sn_schema/relationship_status
openid.ax.type.location=http://example.com/openid/sn_schema/location
openid.ax.type.looking_for=http://example.com/openid/sn_schema/looking_for
openid.ax.type.fav_music=http://example.com/openid/sn_schema/fav_music
openid.ax.value.fullname=Jenna
openid.ax.value.gender=F
openid.ax.value.relationship_status=Single
openid.ax.value.location=Seattle, WA, United States
openid.ax.value.looking_for=Friends
openid.ax.value.fav_music=hiphop,country,pop
openid.ax.update_url=http://www.myspace.com/url_to_send_changes_made_to_profile

With the information returned by MySpace, one can now populate a place holder Facebook profile for the user.

Why This Will Never Happen

The question at the tip of your tongue is probably “If we can do this with OpenID today, how come I haven’t heard of anyone doing this yet?”.  As usual when it comes to interoperability, the primary reasons for lack of interoperability are business related and not technical.  When you look at the long list of Open ID providers, you may be notice that there is no similar long list of sites that accept OpenID  credentials. In fact, there is no such list of sites readily available because the number of them is an embarassing fraction of the number of sites that act as Open ID providers. Why this discrepancy?

If you look around, you’ll notice that the major online services such as Yahoo! via BBAuth, Microsoft via Passport Windows Live ID, and AOL via OpenID all provide ways for third party sites to accept user credentials from their sites. This increases the value of having an account on these services because it means now that I have a Microsoft Passport Windows Live ID I not only can log-in to various Microsoft properties across MSN and Windows Live but also non-Microsoft sites like Expedia. This increases the likelihood that I’ll get an account with the service which makes it more likely that I’ll be a regular user of the service which means $$$. On the other hand, accepting OpenIDs does the exact opposite. It actually reduces the incentive to create an account on the site which reduces the likelihood I’ll be a regular user of the site and less $$$. Why do you think there is no OpenID link on the AOL sign-in page even though the company is quick to brag about creating 63 million OpenIDs?

Why would Facebook implement a feature that reduced their user growth via network effects? Why would MySpace make it easy for sites to extract user profile information from their service? Because openness is great? Yeah…right.

Openness isn’t why Facebook is currently being valued at $6 billion nor is it why MySpace is currently expected to pull in about half a billion in revenue this year. These companies are doing just great being walled gardens and thanks to network effects, they will probably continue to do so unless something really disruptive happens.   

PS: Marc Canter asks if I can attend the Data Sharing Summit between Sept. 7th – 8th. I’m not sure I can since my wedding + honeymoon is next month. Consider this my contribution to the conversation if I don’t make it.

Now playing: Wu-Tang Clan - Can It Be All So Simple


 

Monday, 13 August 2007 20:08:38 (GMT Daylight Time, UTC+01:00)
Dare,

"I’m not sure I can since my wedding + honeymoon is next month."

Congratulations and best wishes to you both.

--rj
Monday, 13 August 2007 20:22:37 (GMT Daylight Time, UTC+01:00)
Hi Dare, congrats and best wishes! This is very close to the scenario I prototyped at http://identitu.de and discussed in more detail on my blog.

Although for the prototype not focusing on making the profile portable but rather starting with the portable friends list demonstrating how your contacts can be exported in XFN format from one social network, Facebook. There is experimental OpenID 2.0 and Attribute Exchange support available at http://identitu.de/test-auth/login.
Monday, 13 August 2007 21:00:36 (GMT Daylight Time, UTC+01:00)
Congrats on the wedding dude! Thanks for yet another insightful, spot-on post!
Monday, 13 August 2007 21:15:43 (GMT Daylight Time, UTC+01:00)
"So when she tries to access my profile for the first time, she is redirected to the Facebook login page where she has the option of logging in with her MySpace credentials. Once she is redirected back to Facebook after logging into MySpace with proper credentials she gets a pseudo-account on the service which allows her to participate in the site without having to go through an account creation process."

You sure this is correct? I think she's redirected to the myspace login page, who authenticate her and then she is send back to facebook with a token.
Monday, 13 August 2007 21:23:24 (GMT Daylight Time, UTC+01:00)
paulb,
Thanks for pointing that out. I've edited that section for clarity.
Tuesday, 14 August 2007 01:59:24 (GMT Daylight Time, UTC+01:00)
"It actually reduces the incentive to create an account on the site which reduces the likelihood I’ll be a regular user of the site and less $$$."

It is interesting that you should think that.

OpenID makes it so much easier for to sign up for a service (because there is no new username and password to remember) that I would argue this actually *increases* the likelihood for someone to become a regular user.

When your fiancée logs into facebook with an OpenID for the first time, she has, in effect, created a facebook account (without actually noticing it because it was so simple (-- or would be if facebook accepted OpenID)

(Also, I am near the point where I outright refuse to use sites that do not provide OpenID logins and try to move to services that do. I hope that I am not the only one)
lxa
Wednesday, 15 August 2007 19:35:04 (GMT Daylight Time, UTC+01:00)
"It actually reduces the incentive to create an account on the site which reduces the likelihood I’ll be a regular user of the site and less $$$"

I agree with lxa here. It reduces the incentive only upon first blush but if the business-types take a closer look it doesn't hold water.

A business guy sees the value of being an OpenID provider but has problems with the other direction of flow. Dare is right, you don't see the little OpenID logo on AOL or MSN. As time goes on, this will change.

The reason it will change is that businesses will eventually figure out they can support OpenID both ways without diluting their value.

Let's not forget that OpenID is about identity. All the goodies of my Facebook account are not stored in my OpenID. I can't replace the user interface and other value added services just by having an OpenID login instead of a Facebook-only login.

"Why would Facebook implement a feature that reduced their user growth via network effects?"

It won't. If you want to use Facebook, you still have to type facebook.com in your browser and accepting OpenID logins isn't going to change that. Even if they create widgets or content that can be embedded via javascript on your blog you still get back to their site to interact with it further. This same phenomenon exists for YouTube. The ability to embed a video on your blog doesn't decrease the network effect; it does the opposite.
Rob Madole
Thursday, 16 August 2007 18:22:39 (GMT Daylight Time, UTC+01:00)
"In fact, there is no such list of sites readily available..."

Pls. have a look at http://openiddirectory.com. You will find a sorted list of more than 300 OpenID consumers (also of providers).
Friday, 17 August 2007 22:04:06 (GMT Daylight Time, UTC+01:00)
Holy cow! Congrats, Dare!
Monday, 20 August 2007 04:41:23 (GMT Daylight Time, UTC+01:00)
I don't understand how OpenID reduces account creation. Users still create accounts when they log in through OpenID. It actually makes account creation easier.
pwb
Comments are closed.