Careful readers would understand that I said that funneling all user authentication (and thus the storage of all identities) through a single provider would be evil. I don’t care who that provider might be — but centralizing so much control — the fate of our collective digital existences! — in the hands of a single entity just can not be permitted.
That said, I do want to say some nice things about the open things that Facebook launched at F8, because as an advocate of the open web, there are some important lessons to be had that we’d do well to learn from.
- Simplicity: I have to admit that Facebook impressed me with how simple they’ve made it to integrate with their platform, and how clear the value proposition is. From launching OAuth 2.0 (rather aggressively, since the standards process hasn’t even completed yet!) to removing the 24-hour caching policy, Facebook made considerable changes to their developer platform to ease adoption, integration, and promote implementation. This sets the bar for how easy (ideally) technologies like OpenID and ActivityStreams need to become.
- Avoiding NIH (mostly): In particular, Facebook dispensed with their own proprietary authorization protocol and went with the emerging industry standard (OAuth 2.0). I hope that this move reduces complexity and friction for developers implementing secure protocols, increasing the number of available high quality OAuth libraries, and leads to fewer new developers needing to figure out signatures and crypto when sometimes even the experts get these things wrong. By standardizing on OAuth, we’re within range of dispensing with passwords once and for all (…okay, not quite).
- Giving credit: I also think that Facebook deserves credit for giving credit to projects like Dublin Core, link-rel canonical, Microformats, and RDFa in their design of the Open Graph Protocol. I’ve seen many other efforts that start from scratch when plenty of other initiatives already exist simply because they’re unawares or don’t do their homework (one of which is the OpenLike effort!). I’m not sure I agree with the parts that Facebook extracted from these efforts, but as David Recordon said, we can fight over “where the quotes and angle-brackets should go“, but at the end of the day, they still shipped something that net-net increases the amount of machine-readable data on the web. And if they’re sincere in their efforts, this is just the beginning of what may emerge as a much wider definition of how more parties can both contribute to — and benefit from — the protocol.
- Open licensing: Now that I’ve been involved in this area for a longer period of time, I’ve learned a simple truth: it’s hard to give things away, especially if you want other people to use them, even moreso when some of those potential users are competitors. But, that’s why the Open Web Foundation was created, and why David and I are board members. After setting up foundations over and over again, we decided that it needed to be easier to do! Now all the hard work of the Open Web Foundation’s legal committee is starting to pay off, and I am quite satisfied that Facebook has validated this effort. We’re still so early in the process that it’s not entirely clear how to make use of the Open Web Foundation’s agreement, but surely this will motivate us to find our own Creative Commons-like approach to proclaiming support for open web licensing on individual projects.
So, while I still have my reservations about Facebook’s master plan, they did do a number of things right — not everything — but I’m tough customer to please. When it comes to the identity stuff, I’m definitely non-plussed, but that’s where my ideology and their business needs collide — and I get it.
What this means is that we all need to show more hustle out on the field and get serious. With Facebook’s Hail Mary at F8, we just got set back a touchdown, and a field goal just ain’t gunna cut it.