Facebook as Identity Provider

by on January 9, 2011 · 8 comments

It might take Facebook a while to turn identity provision into a revenue opportunity, but if it is a money-maker, it could be a substantial one. Simson Garfinkel has a piece in Technology Review that goes into some of the things Facebook is doing with its “Connect” service.

As security professionals debate whether the Internet needs an “identity layer”—a uniform protocol for authenticating users’ identities—a growing number of websites are voting with their code, adopting “Facebook Connect” as a way for anyone with a Facebook account to log into the site at the click of a button.

It’s a good, relatively short article, worth a read.

As an online identity provider, Facebook could facilitate secure commerce and communication in a way that’s easy and familiar for consumers. That adds value to the Internet ecosystem, and Facebook may be able to extract some of the surplus for itself—perhaps by charging sites and services that are heavy users small amounts per login via Connect. The security challenges of such a system would grow as more sites and services rely on it, of course, and Garfinkel highlights them in an accessible way.

Quibbles are always more interesting, so I’ll note that I cocked my head to one side where Garfinkel asks “whether it’s a good thing for one company to hold such a position of power.” Strange.

Taking “power” in its philosophical sense to mean “a measure of an entity’s ability to control its environment, including the behavior of other entities,” Facebook Connect gives the company very little power. Separate, per-site logins—or a parallel service that might be created by Google, for example—are near at hand and easy to switch to for anyone who doesn’t like Facebook’s offering.

Ironically, Garfinkel refers to these identity services as “Internet driver’s licenses,” inviting a comparison with the power structure in the real-world licensing area. If you want to drive a car legally, there are no alternatives to dealing with the state, so the state can impose onerous conditions on licensing. Drivers’ licenses require one to share a great deal of information, they cost a lot of money (relative to Facebook’s dollar price of “free”), and switching is not an option if the issuer starts to change the bargain and enroll licensees in a national ID system. Garfinkel himself noted how drivers’ licenses enhance state power in a good 1994 Wired article.

In sum, the upsides of an identity marketplace are there, for both consumers and for Facebook. The downsides are relatively small. The “power” exercised by any provider in a marketplace for identity provision is small compared to the alternative of using states as identity providers.

Previous post:

Next post: