Disruptive Conversations

What if you could use your Facebook login as a source for an OpenID identity?  Courtesy of a Facebook status update by Aswath Rao, I learned of Identitude, which does exactly that.

Here's how it works.  First, within the walls of Facebook, you add the Identitude Facebook application to your profile.  After you do that, you claim your OpenID URL essentially as you would with any other identity provider. For instance, my Identitude OpenID identity is:

http://danyork.identitu.de

(Note that the URL ending in ".de" (Germany) looked strange to me until I realized you are supposed to read the whole URL similar to "del.icio.us".)

So now, when I go to any site that allows me to login via Open ID (directories here, here and here), I simply enter my Identitude URL as my user name.  Identitude, as the Identity Provider, then checks with Facebook to see if I have approved sharing my identity with this site.  Assuming I'm logged into Facebook already, I'll then get this screen below (when I went to Twitterfeed.com and logged in with my OpenID):

where I will then approve the usage of my identity with this site.  If I click on "yes" (for a one-time approval) or "always" I will then be logged into the site (Twitterfeed in this example) and be able to use the site's services. 

The developer, Armand Du Plessis, posted his own explanation in the (internal to Facebook) forum for the app:

It creates a new OpenID but uses Facebook for authentication and identity details.

You can use <yourname>.identitu.de on other sites (or Relying Parties) that supports OpenID. You'll be authenticated with Facebook and if the site requested Simple Registration details like your name etc, it pulls that info from your Facebook profile.
It's still a prototype but the next version will be documented better :)

On the privacy side. The only information stored is the Facebook identifier used to link the user to an OpenID and to lookup the user again later and a session key as required by the Facebook API.

The process flow is basically something like :
You enter your Identitude OpenID on a Relying Party (RP) site e.g. jyte.com.
The site look up your OpenID server (Identity Provider) by parsing that OpenID url you supplied above and it resolves to http://identitu.de/openid in this case.
It establishes a session with the IP which is a small process and asks it to verify you.
At this stage if you are logged in to Facebook I will just lookup and supply your details(first asking you to confirm that you trust the RP with your details) If you're not logged in it will first ask you to login to Facebook before sending the info back.
The RP will either log you in to their site or register you.

Okay, "so what?" you may be saying, what does this really do for me?

Well, as I've written about before, services like OpenID are trying to address the issue of having to login to each and every website with a different username and password.  Or, for instance, having to fill in your user information to comment on a blog (like this one).  What if you could have just one identity that you used across all of the various websites you use?  (Or maybe two identities - say, one for work and one personal. ) And what if that identity could be secured so that you only had to remember a single password - yet that password wasn't shared across all those websites? 

That's the whole concept behind OpenID.  (Here's a great screencast from Simon Willison that explains it in more detail and here's a Security Round Table podcast with which I was involved that dived into the issue as well.)

You can get an OpenID identity from any of a zillion identity providers.  You can use your AOL screen name.  You can use your LiveJournal account.  With a tiny bit of HTML code, you can use your own domain name.  You have many different choices.

Now... with this Identitude application inside of Facebook, you have one more choice: your Facebook account.  Since most Facebook users will probably already be logged into FB as a part of their regular daily activity, it's very easy to then login to other sites via OpenID. Just one authorization screen and you are logged into the site in question.  (Now, the same could be said of using AOL or LiveJournal for an OpenID identity because AOL and LJ users are typically logged in on a daily basis.)

So you have one username and password you have to remember - your Facebook account.  That's it.

It's rather cool to see this come out.  As the developer indicates, this is still a prototype:

A prototype OpenID provider allowing Facebook users to leverage their Facebook profile details on OpenID sites.

But it is, to me, a great step in improving options for online identity.

Now... if we could just increase the number of sites supporting OpenID!  (directories here, here and here)