Facebook Connect has enabled powerful new functionality for any site on the web, but still-being-developed Facebook policies may limit what new classes of Connect-enabled applications can be built in the near future.
When Facebook opened Connect integration to developers around the world three weeks ago, dozens of entrepreneurs started building new kinds of services that leverage Facebook Connect to create new products and services for websites through the “widget” model. (This means visitors to a website would login to Facebook Connect through a widget module – not through a direct Facebook Connect implementation by the website itself.)
The reason? Facebook Connect theoretically enables a new class of widget products around the web that combine familiar ideas with new identity and communication infrastructure. (For example, consider a Facebook Connect-enabled version of MyBlogLog, or any other service where identity matters. Commenting apps like those from Disqus and JS-Kit are additional examples that have already started work in this direction.) Building on top of the Facebook Connect infrastructure changes the game for products architected in this way.
Facebook Policies Limit Connect-Enabled Widget Products
However, when Facebook released its 4th party Connect policies on December 16, that threw a major wrench in the plans of many of those developers. What is the pertinent policy exactly? Basically, Facebook says that you’re not allowed to authenticate using Facebook Connect through widgets. From the policy page:
The widget developer can have a relationship with the site owner, but not directly with the user… The user has established a relationship with two parties: Facebook and the website. A widget developer should not create a third connection.
When we broke the news about this new policy, several developers suddenly found themselves going down a dead-end path.
One entrepreneur who had assembled a team of five to build new Facebook Connect-enabled widget products told Inside Facebook, “I was changing my business plan literally by the hour, as Facebook updated its 4th party Connect policy page.”
So – why would Facebook enforce such a policy now, and curtail certain kinds of innovation around Facebook Connect? I think there are two main reasons:
- The security model. As phishers around the world know, there are a lot of security challenges associated with implementing a third party identity system. Unlike the Facebook Platform last year, when Facebook flung the gates open and let anyone build an application with very few restrictions right off the bat, Facebook is rolling out Facebook Connect more carefully this year. Facebook wants to be conservative until it establishes that the fundamental third-party model works broadly and securely, before introducing the additional complexity of fourth party widget providers.
- The user experience. Educating 140 million users about a completely new way of thinking about their identity and privacy across the web is no small task. Users have placed a tremendous amount of trust in Facebook to manage their personal information in ways they’re comfortable with, and introducing a fourth-party model into Facebook Connect increases the potential for scenarios to arise in which users feel that their trust is violated. Facebook wants to be careful how it rolls Connect out – especially given the ghosts of Beacons past.
Next Steps for Widget Developers
When can entrepreneurs expect more clarity on this issue?
I believe it will likely be at least on the order of a few months before Facebook significantly changes its stance on 4th party Connect policies. Too much is simply at stake for Facebook as the company attempts to extend the reach of its platform throughout the entire web.
For its part, Facebook won’t say if or when these policies may change. However, a Facebook spokesperson did tell Inside Facebook, “We’re still reviewing some of the implementations in the market to be sure they meet the policies and expectations with Facebook Connect.”
In other words, it’s still early. Developers betting on 4th party Connect-enabled widget models may want to rethink their efforts given the current lay of the land. We’ll of course stay on top of all developments for the entrepreneur and developer communities.