This is a panel discussion that includes platform representatives from Facebook, Twitter, and Google.
Single sign-on was a great promise: let the big identity providers handle authentication/identity, and your website gets all the benefits of a streamlined registration process for free! Anyone who has ever tried to implement it however, knows it never really works that way. In the real world, it’s a lot more messy: especially when you add in mobile, multiple providers and mixing it up with an existing account system. They discussed best practices for making it work, handling the gnarly edge cases with security and identity issues, and how to make sure the user experience is as painless as possible.
The sign on is typically transparent to the user and appealing. With SSO the information is for free for the application.
SSO has massive potential, but also huge complexity.
Google, Facebook and Twitter have the largest SSO providers
One large problem with SSO experience is that people may have created another account with the application, not knowing it. Then the user may feel like they have lost user content or data. This is something the application developers need to be prepared for and deal with.
Google, Facebook and Twitter are the largest SSO providers
They provide APIs to get user information
What is the benefit of SSO
- Get users in as fast as possible and as easy as possible, don’t need another sign up form.
- Any additional field or button is a chance to loose a user.
- A lot of data is provided, it is mature and of high quality.
- Data is secure.
- SSO is particularly of value to startups to help them getting up quickly.
- If they are using one of the 3 major providers, users will always be logged in.
- Developer experience is more simple.
Audience considerations and data needed will help you decide which of the 3 providers you will use.
Standards for SSO are not as mature at this point. So pick the network for SSO depending on what you are doing and the data you need. Some identity will come for free, not just login.
- Decide what type of relationship do you want to have with your users
- What stage are you with your site
- Just ask data you need and nothing else (additional information not provided by one of the networks).
- Be as transparent as possible when using SSO.
Why should we trust one or all of the 3 networks
- There is a lot of work dealing with both mobile and desktop that they are providing. The platforms are very stable and secure.
- It provides innovation on the internet with these big providers help you provide identity.
Check out SSO content on developerWorks