That being said, I think this is a great idea. I don't love the Facebook OAuth flow and the amount of access most apps ask for. I have trouble taking Twitter seriously as an OAuth provider [bias much?]. I think there are many US-focused companies who will be excited to have Google & Amazon as the two default OAuth authentication providers. If nothing else, it's much more adult than Twitter/Facebook. Oh, and Amazon has your credit card info and a great platform for SaaS billing :)
I'm surprised that they haven't made this better since that platform (phoenix) was designed in the mid-2000s. I presume that nobody really cares enough to put money into migrating it to a url scheme that is more sensible... the site exists to satisfy the SEC, and serious investors get their news/stock data from other sources anyhow.
It seems like it is outsourced investor relations. Funny thing is that if you go to the bare domain, it redirects you to ccbn.com, which doesn't work because CCBN (Corporate Communications Broadcast Network) got bought out in January and apparently killed their domain too. That's pretty shoddy.
You bring up a perfect point from a user's perspective and I agree with you. The challenge for Amazon is that there are two competing interests:
1. Users who don't want their entire life to be open to developers
2. Developers that want as much info as possible on the users
Facebook favors group #2 above, Amazon will probably favor group #1 above. If that ends up being the case, how many developers will be willing to utilize the OAuth service that doesn't give them as much info by default?
In most situations where we've used a Facebook login, it's simply to avoid forcing the users to create yet another account. We don't pull any real data (except maybe a couple things, again, for their convenience - to fill out their profile) like their name. We push nothing back.
Being able to say "Hey, just login. We don't actually care about your information." would be much preferable to Facebook's unnecessary "This app is requesting permissions to access your profile and friends list." We don't need that information.
I guess maybe that's our fault for abusing Facebook integration by using it simply as a single sign-on service.
http://www.ccbn.com < I somehow got redirected there...
corporate-ir.net is a utility domain that only exists to serve customized investor relations sites. The base domain itself actually does nothing. Think of it like github.io... www.github.io serves no purpose in itself.
phx.corporate-ir.net was a major upgrade to corporate-ir.net done around 2003, called phoenix. That's why there's the strange phx subdomain in front of the domain. Apparently that was the last upgrade they did to this service... and its neglect is most likely the result of a couple of acquisitions.
corporate-ir.net was created by a company called CCBN (ccbn.com). They were purchased in the 2000's by Thompson, which then merged with Reuters. Thomson purchased CCBN for a different product (not corporate-ir.net) that was strategically important to their business. So its not really a surprise that they haven't put much TLC into the way that the domains resolve -- this investor relations website business is peanuts compared to Thomson-Reuter's core competency.
I'd stick with Mozilla Persona.
However, I hate that Facebook/Twitter take it a step further with all of their social integration features to the point where many apps assume, by default, that you want to share share share everything you do all over your social network.
As I've found a number of apps/websites that do not allow you to continue without giving them permission to post on your wall, I've been forced to mark every single app/OAuth site on my Facebook as available to "only me". Post all you want, no one will ever see it.
Curating what gets posted under your name shouldn't be this much work. I shouldn't have to strive for a clean digital presence with content that adds something to my readers life.
I'd love an OAuth provider that HAS NO SOCIAL NETWORK!
And Google is out on this too, sorry, but Google Plus is obviously the only web property that Google cares about anymore and trusting them not to socialify everything is a fools game.
Google Apps for Your Domain could be kind of like this, but isn't. Probably the closest, though.
Maybe someone like Dropbox/Box.Net/AeroFS?
Can I email you to talk about your needs a bit? It sounds like you have some good ideas.
If you're running a Django app, please add Persona integration. It takes around five minutes, literally.
Both are actually good options if you have a service with developer demographic (even if its just in part). I'm using Google & GitHub right now, and will likely add Amazon since it's very little work to do so.
For those wanting to know more about Persona, check out https://login.persona.org/about
also since Persona is from Mozilla, you can see all the code and development and you know that privacy and user safety are number one priority.
https://rachelbythebay.com/store/ - just put this up yesterday - easy enough.
http://scanner.rachelbythebay.com/main - this one's been using Persona since it was called browserid. (Hit the gear on a call to see the login prompt - you only need the login for certain extended functions)
Click the "Log In" button at the top to see the Persona login screen.
http://www.deadmansswitch.net/account/login/ (click "BrowserID login", my UX isn't great).
http://www.yourpane.com/ (click Persona without entering an email address, my UX isn't great).
If you're making something, please please add Persona to the list of login methods. If you're currently using emails for logins, it's even backwards-compatible.
The true purpose of Google+ is to accumulate more information about you, not to be a "social network" per se. The latter is the means to the former.
Amazon has a huge amount of exceptionally high quality ecommerce information. They have "only" 200 million users, but info about what they actually like -- because they buy it -- not what they say they like. Plus, for search -- if you're searching for products/pricing, you might already use Amazon not Google.
Login helps Amazon extend information beyond ecommerce -- and potentially pull clearly in the lead in that regard compared to Facebook and Google.
Apple...has a problem in this regard. Excellent company in many respects, but falling out of the pack in this regard.
p.s. In all of the above I'm only talking about it from the company perspective. If you think it's not necessarily a good thing for a company to have even more complete data about you, I wouldn't argue with you.
- Trust -- people increasingly distrust sites like Facebook or Google (privacy concerns), but Amazon still has pretty much entirely "positive" feelings for consumers. And if they can run AWS as well as they can, then you assume you can trust them with your password too
- Micropayments -- your credit card is already linked to your Amazon account, presumably, so it suddenly enables you to pay for content, etc. on a wide range of sites where you might not otherwise, due to friction and trust issues
It's funny... for some undefinable "fuzzy" reason, I feel much more willing to log into a site using Amazon credentials, than I would with Google, Facebook or even Apple.
> There's no social network attached to your Amazon account
I think you answered your own question.
I'll finally start using "Log on with" if I can use Amazon.
Since chargebacks - unlike social spam - cost money, Amazon has every reason to be more cautious about their permissions and confirmation screens, but the wary user probably isn't unjustified in hesitating when asked to sign up for a free service using a login they normally use to buy stuff with.
Obviously, this is my personal preference, and I do understand that ads can be a useful revenue stream for companies targeting other users with different profiles from mine.
>> "over 200 million active Amazon customers"
That's 200 million verified credit cards of people who are comfortable with ecommerce. There's arguably some value in that.
This is also why fb / twitter / G run 3rd party login systems.
Google was really close to this for me before the Google+ thing. At least with amazon, acting as a purchase gateway is an additional bonus.
Amazon certainly isn't averse to third-parties using their infrastructure; in fact, they've encouraged it. Kindle Direct Publishing, their third-party seller program, all of the AWS offerings...
Naturally, Amazon is going to want a cut (which is a perfectly reasonable thing for them to expect, don't get me wrong).
Can anyone provide some neat examples for cases in the context of web applications? Their mobile app examples didn't really speak to me.
Everything I've heard and experienced indicates that Amazon is pretty tight with customer information. Certainly you don't get any personal information on customers when you sell ebooks through the Kindle store. Apple is also pretty good about that.
In most cases what I would truly like to have is a option to order a sign-on link to my email that would be valid for single use and just for some minutes.
On the other hand, if I have a social or news/content site, FB and Twitter login makes the most sense. That way I have access to their social graph as well as an indentity.
Anyway, this is pretty cool. I think I'll integrate Login with Amazon with my startup (mariposta.com) pretty soon, as it very well could lessen signup friction. We'll see.
Pretty soon I'll go to "thenewestwebflatdesignstartup.com" and I'll be given these choices:
Login with Facebook, Login with Twitter, Login with Amazon, Login with Persona, Login with OpenID
or create an account with email
Click here if you have no idea what account you used.
I don't know what the business model for such a site would be, though.
It makes it just impossible to remember your login when you reset it a few times, because you need to learn a new one.