jspωiki
Legitimacy of Social Login

Overview[1]#

Social Websites have become the largest providers of online identity through the use of Social Login.

When you use Facebook to log into a third party Website (Relying Party), you are participating in an identity regime that has a particular constitutional order and granting it legitimacy by your participation. Further, the Relying Party has also chosen to recognize the legitimacy of Social Login.

The constitutional order of Social Login is found in the terms and conditions in the Contract of Adhesion that Social Login identity providers impose on people and relying parties alike. The system is a "take it or leave it" proposition with terms that can be changed at will by the Social Login identity provider.

A constitutional order makes different promises to those in the system (the users) and those on the outside (the relying parties). Let's examine the promise that Social Login makes:

  • To people Social Login says "use the identity we provide to you and we will make logging into sites you visit easy."
  • To relying parties, Social Login promises "use the identity we provide and trust us to accurately authenticate your users and we will reduce your costs, increase flexibility, and give you more accurate information about your users."

More Registrations, More Customers#

Even if a consumer finds real value in a brand’s offerings, a lengthy registration form can overwhelm that perception and send the Customer elsewhere in search of a more hassle-free experience. This reality is driving the increased adoption of Social Login, since signing in socially is a quick and easy two-click process.

Most people find this process more trustworthy than filling out a form, since they retain control of their own Personally Identifiable Information and preferences and choose what information they share. Social Login also instantaneously enables a more personalized experience, since new customers are addressed by name and content can be tailored to their provided interests.

Social Login is especially important to implement for Mobile App—registration forms are even less appealing on a five inch screen—and delivering an excellent Mobile App User Experience today is absolutely essential. According to Gartner, “By 2017, U.S. customers’ mobile engagement behavior will drive mobile commerce revenue in the U.S. to 50% of all U.S. digital commerce revenue.”

Social Login not Accepted by All#

As successful as Social Login has been, there are a lot of places that social login has failed to penetrate. By and large, financial and health care institutions, for example, have not joined in to use Social Login. Why is this?

A constitutional theorist would say that they've failed the legitimacy test. Some relying parties and some people (either completely or for some use cases) have failed to yield their sovereignty to them. Legitimacy ultimately rests on trust that the regime can keep its promises. When that trust is missing or lost, the regime suffers a legitimacy crisis.

For people, the lack of trust in Social Login might be from fear of Identity Correlation, fear of what data will be shared, or lack of trust in the security of the Social Login platform.

For relying parties, the lack of trust may result from the perception that the identity provider performs insufficient identity proofing or the fear of outsourcing a critical security function (user authentication) to a third party. An additional concern is allowing a third party of have administrative authority for the relying party's users—not being in control of a critical piece of infrastructure. That is, they don't trust that the rules of the game might change arbitrarily based on the fluctuating business demands of the identity provider.[2]

These trust failings ultimately stem from the structure of the Trust Framework, the constitutional order, of Social Login. Because it's based on terms and conditions imposed by the identity provider whose primary business is something else, people and relying parties alike have less confidence in the future state of the identity system. So, it's good enough for some purposes, but not all.

Government Entity[3]#

Legitimacy of Social Login can also cause difficulties in countries with active censorship regimes, such as China and its "Golden Shield Project," where the Third-party website may not be actively censored, but is effectively blocked if a user's Social Login is blocked.

Social Login and Compliance#

WWith the recent 2018 Facebook scandal, the Implementation of PSD2 and GDPR many Organizational Entities will not be able to keep up with the Regulatory compliance and Regulatory Burden making Social Login more attractive.

If not Legitimacy of Social Login then whom?#

More Information#

There might be more information for this subject on one of the following: