A few months back (September 2008) when we set out to create a
reference implementation of our content
platform based on Umbraco we specified use of a 3rd-party
authentication system. At that time the most viable option,
in my opinion, was Microsoft's Live ID Web
Authentication offering. And that is what we used for our
beta releases. It was ready, it worked, and it was
straightforward to implement. You can see it in action on our
planetmold.com site - super simple.
Since then Facebook Connect, Google
Friend Connect, Google's Federated Login, and Microsoft's Live
ID Delegated Authentication have all launched. In
addition OpenID
has gained even more momentum with both Google and Microsoft
committing to being OpenID Providers - and AOL and Yahoo! were
already providers. Finally, JanRain launched their RPX service that
simplifies the offerings of multiple authentication providers into
a single 'login' form. I expect there are others who offer,
or will soon offer, a similar service.
The decision now is really which provider to use?
It seems to me that RPX is a clear choice, except for the fact
that it introduces a potential point of failure. On the plus
side, once Microsoft turns on their OpenID Provider Service it
should "just work" with the RPX service. Essentially, then,
RPX will offer virtually all 3rd-party web authentication options -
that's 100s-of-millions of accounts.
Other than RPX, Facebook Connect and Google Federated Login seem
to have the most traction (based on the number of accounts).
We've created a proof of concept using Facebook Connect and can
attest to the fact that this implementation is quite
straightforward. Google Federated Login subscribes to the
OpenID 2.0 Directed Identity protocol, so we expect implementation
to be straightforward for this as well.
At the time of this post we're moving to RPX for our platform's
web authentication. I will create a post detailing the
implementation process for RPX once that's complete.
Assuming you've read this far - which would you
choose?
-Paul