An Oracle blog about Consulting Security Corner

  • November 5, 2009

Has Facebook Connect Trumped Them All?

Guest Author

I wasn't able to make it to Internet Identity Workshop this week because I would like to know the thoughts on Facebook Connect. It appears that more and more sites are now allowing you to use your Facebook account to authenticate you.

The experience in my opinion may make this Facebook's killer app (though my wife's obsession with Cafe World, makes me wish I had paid more attention to Flash development back when it first emerged).

The reason is that - I simply clicked on the Facebook icon on the site I was accessing. And because I happened to be logged into Facebook at the time - I I was granted access. If you are not logged in, you are presented with the familiar Facebook login in a screen. And it then connects you - NO REDIRECTS.

I fell out of my chair. I didn't think that would be possible. But yet, there it was.

And of course the Connect process is potentially prone to phishing attacks but we've been dealing with those for a long time now. So even if you were a bank and wanted to use Facebook Connect -if you combined it with an anti-fraud solution like Oracle Adaptive Access Manager including potential secondary pin (so you would have 2-factor authentication without needing to manage millions of additional passwords) - it's not any less secure than current systems.

I'm not sure of the technology behind it. And I know that the bulk of my friends on Facebook - wouldn't care. And if I was running a consumer-facing business that needed authentication for whatever reason - I would strongly consider rolling the dice on just supporting Facebook Connect backed up with traditional local accounts. And tell the other big-guns out there - if you want to play in my space - you have to give me an experience like Facebook Connect.

Posted via email from Virtual Identity Dialogue

Join the discussion

Comments ( 1 )
  • Matt Topper Saturday, November 7, 2009
    For the consumer market I think you are right Facebook connect seems to be winning easily. However, I believe the next generation will be moving OpenID into the enterprise. I see it in the government right now. They're searching for a federation solution that allows them to go out to sites like Facebook, Twitter, etc. and have a "Government Verified" badge display next to an authenticated user giving them a level of authority with users of the site. If he user left the government they could still maintain their accounts, but no longer would they get a "Government Verified" badge when they created new content on the relying part site. I see the on time use passwords through SMS or the Verisign phone apps becoming prevalent. With the addition of OAAM technology we'll be able to create a high level of assurance across the web. Federating the risk factors with OAAM between IP's and RP's could make it almost bulletproof without deploying physical fobs. It's definitely an exciting time for identity.
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.