This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Legitimacy of Social Login
Legitimacy of Social Login

Version management

Difference between version and

At line 1 added 59 lines
!!! Overview[1]
[Social Websites] have become the largest [providers of online identity|Identity Provider (IDP)] through the use of [Social Login].
When you use [Facebook] to log into a third party [Website] ([Relying Party]), you are participating in an identity regime that has a particular constitutional order and granting it [legitimacy] by your participation. Further, the [Relying Party] has also chosen to recognize the [legitimacy] of [Social Login].
The constitutional order of [Social Login] is found in the terms and conditions in the [Contract of Adhesion] that [Social Login] [identity providers|Identity Provider (IDP)] impose on people and [relying parties|Relying Party] alike. The system is a "take it or leave it" proposition with terms that can be changed at will by the [Social Login] [identity provider|Identity Provider (IDP)].
A constitutional order makes different promises to those in the system (the users) and those on the outside (the [relying parties|Relying Party]). Let's examine the promise that [Social Login] makes:
* To people [Social Login] says "use the [identity|Digital Identity] we provide to you and we will make logging into sites you visit easy."
* To [relying parties|Relying Party], [Social Login] promises "use the identity we provide and [trust] us to accurately authenticate your users and we will reduce your costs, increase flexibility, and give you more accurate information about your users."
!! More Registrations, More [Customers]
Even if a consumer finds real value in a brand’s offerings, a lengthy [registration] form can overwhelm that perception and send the [Customer] elsewhere in search of a more hassle-free experience. This reality is driving the increased adoption of [Social Login], since signing in socially is a quick and easy two-click process.
Most people find this process more [trustworthy|Trust] than filling out a form, since they retain control of their own [Personally Identifiable Information] and preferences and choose what information they share. [Social Login] also instantaneously enables a more personalized experience, since new [customers] are addressed by name and content can be tailored to their provided interests.
[Social Login] is especially important to implement for [Mobile App]—registration forms are even less appealing on a five inch screen—and delivering an excellent [Mobile App] [User Experience] today is absolutely essential. According to [Gartner], “By 2017, U.S. customers’ mobile engagement behavior will drive mobile commerce revenue in the U.S. to 50% of all U.S. digital commerce revenue.”
!! [Social Login] not Accepted by All
As successful as [Social Login] has been, there are a lot of places that social login has failed to penetrate. By and large, [financial|Financial Organization] and [health care institutions|Health Care Organization], for example, have not joined in to use [Social Login]. Why is this?
A constitutional theorist would say that they've failed the [legitimacy] test. Some [relying parties|Relying Party] and some people (either completely or for some use cases) have failed to yield their [sovereignty] to them. [Legitimacy] ultimately rests on [trust] that the regime can keep its promises. When that [trust] is missing or lost, the regime suffers a legitimacy crisis.
For people, the lack of [trust] in [Social Login] might be from fear of [Identity Correlation], fear of what data will be shared, or lack of [trust] in the [security] of the [Social Login] platform.
For [relying parties|Relying Party], the lack of [trust] may result from the perception that the [identity provider|Identity Provider (IDP)] performs insufficient identity proofing or the fear of outsourcing a critical security function (user [authentication]) to a third party. An additional concern is allowing a third party of have administrative authority for the [relying party's|Relying Party] users—not being in control of a critical piece of infrastructure. That is, they don't [trust] that the rules of the game might change arbitrarily based on the fluctuating business demands of the [identity provider|Identity Provider (IDP)].[2]
These [trust] failings ultimately stem from the structure of the [Trust Framework], the constitutional order, of [Social Login]. Because it's based on terms and conditions imposed by the [identity provider|Identity Provider (IDP)] whose primary business is something else, people and [relying parties|Relying Party] alike have less confidence in the future state of the identity system. So, it's good enough for some purposes, but not all.
!! [Government Entity][3]
[{$pagename}] can also cause difficulties in countries with active censorship regimes, such as China and its "Golden Shield Project," where the [Third-party] [website] may not be actively censored, but is effectively blocked if a user's [Social Login] is blocked.
!! [Social Login] and [Compliance]
WWith the recent [2018|Year 2018] [Facebook] scandal, the [Implementation] of [PSD2] and [GDPR] many [Organizational Entities|Organizational Entity] will not be able to keep up with the [Regulatory compliance] and [Regulatory Burden] making [Social Login] more attractive.
!! If not [{$pagename}] then whom?
* [Financial Organizations]
* [Government Entity]
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Self-Sovereign Identity and the Legitimacy of Permissioned Ledgers|http://www.windley.com/archives/2016/09/self-sovereign_identity_and_the_legitimacy_of_permissioned_ledgers.shtml|target='_blank'] - based on information obtained 2016-09-23-
* [#2] - Note that [identity providers|Identity Provider (IDP)] in the [Social Login] regime are not primarily in the business of providing identity. Their business is something else (mostly selling ads) and [providing identity|Identity Provider (IDP)] for [Social Login] is, from their perspective, part of serving that end. (Taken from Self-Sovereign Identity and the Legitimacy of Permissioned Ledgers)
* [#3] - [Social_login|Wikipedia:Social_login|target='_blank'] - based on information obtained 2018-04-12
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop