Facebook Becomes Largest OpenID Relying Party

OpenID is getting a big boost today as Facebook goes live with its support as a relying party for the standard. It’s a major win for OpenID, which has long had to deal with major companies only half-heartedly embracing the standard, sometimes announcing support to reap the press coverage only to let the effort languish for many months. Facebook announced its intended support of OpenID in April, and less than a month later they’ve delivered.

So what changes for users? You’ll now be able to link your Facebook account with your Gmail account, along with those from other OpenID providers. This means that if you’ve logged in to Gmail to check your messages, and you pop over to Facebook, you won’t have to sign in with your Facebook username – you’ll already be logged in. New Facebook members will also be able to register with their Gmail accounts.

Now, Facebook isn’t the first major company to hop on board the OpenID movement – we’ve seen announcements from Google, Microsoft, and a bevy of others. But for the most part these are only signing on as “issuing parties”, which means they’ll let you log in with their accounts on other OpenID supporting sites. But they’re not “relying parties”, which means that they won’t accept OpenID logins created through other services. In other words, Google is happy to let you use your Gmail account to log in to Facebook, but you can’t use your OpenID-enabled Microsoft ID to login to a Google service.

Depending on how much Facebook promotes the new feature, it could help OpenID get broader recognition than it currently has (most people have no idea what it is, and many of us who do still find it more than a little confusing). But even if it does see wide use on Facebook, don’t expect big players like Google or Yahoo to follow suit and become relying parties any time soon.

Facebook has really been a relying party since its inception – there’s never been a “Facebook ID” because you’ve always used your university Email (or more recently, your personal Email) to log in. So the site isn’t really sacrificing anything by enabling OpenID support. The likes of Google and Microsoft have built many services tied to their own proprietary accounts, and they’re going to be far more hesitant to give those up.

Facebook Big Site To Really Embrace OpenID!

Apparently it’s embrace the developer community day at Facebook. In addition to the news that they are making activity stream data available to third party developers, they’ll also be making an announcement around OpenID, we’ve heard. And importantly, the announcement is that they’ll become what’s called a relying party, meaning anyone with an OpenID (Yahoo, Google, AOL, MySpace are all issuers, and Microsoft is in beta) can create and log into a Facebook account using those credentials.

Let me take a step back. OpenID is a distributed single sign on solution that allows people to sign into different services with the same login credentials. There are two ways companies/websites can participate in the OpenID framework – as “issuing parties” or as “relying parties.” Issuing parties make their user accounts OpenID compatible. Relying parties are websites that allow users to sign into their sites with credentials from Issuing parties. Of course, sites can also be both. In fact, if they aren’t both it can be confusing and isn’t a good user experience.

All the big guys are now Issuing Parties, which allow their users logging in all over the Internet with those credentials. But none of them accept IDs from anywhere else, so anyone that uses their services has to create new credentials with them. It’s all gain, no pain. There are two exceptions – AOL Mapquest and Google’s Blogger – but for the most part the big guys are issuers, not relying parties. And that has led us in the past to accuse them of exploiting OpenID for their own benefit without giving back to the community. See our post Is OpenID Being Exploited By The Big Internet Companies?

Facebook has been a wild card with OpenID. They’ve talked about adopting it eventually, but their Facebook Connect product has actually muddled the situation – Facebook actually competes directly with OpenID when allowing users to sign in to third party sites via Facebook Connect.

Now that’s going to change, and we’ll soon see users have the ability to sign in to Facebook using, say, their MySpace credentials if they choose to. I like the thought of that.

But it still may be a while before we see the other major players take similar steps. Facebook has never really had notion of a user ID – you’ve always logged in with your Email address, which could have come from any number of other services, so Facebook isn’t really sacrificing much here. Instead of a user name, Facebook members are assigned a meaningless user ID number (though they’re experimenting with vanity pages).

Contrast that with Yahoo and Google, both of which have built up their own login systems, which can be used across multiple services using a single persistent account name. Users benefit because they can seamlessly jump between services, and Yahoo and Google get their users to stay within their own suite of products. There’s a good chance they’re not going to give that up so readily.