As part of Facebook’s announcement around its new Open Graph yesterday, it says it is changing how user data access permissions work for third-party applications and web sites. It’s getting rid of the multiple dialog boxes that developers have had to implement in the past. Now there will be just one box, and developers will need to ask for the specific types of data they want to access, rather than asking for users to share all of their profile data.
Governmental and non-governmental privacy organizations around the world have pushed Facebook to make data-sharing a more granular process, and this interface change is a step in that direction. In the sample screenshot below, you can see the “Cool Social App” asking for access to public information, email and photos.
The new format otherwise includes all existing data that developers could previously request from users — the change here is in how users share data with developers, not what they share. This includes name, profile picture, gender, access to the stream, friend information and email addresses.
The change reduces the number of windows and clicks a user needs to do, which should make the permissions dialog easier for people to use.
Otherwise, the system will work as before. Developers can ask for the same range of extended permissions, including access to granular profile data like birthdays. And as before, developers can only get basic profile information about users’ friends unless they request additional permissions.
The new interface uses the OAuth 2.0 protocol for sharing data to authenticate that users are who they say they are, and to allow the authorization.