Meebo's XAuth Attempts To Challenge Facebook Connect

Facebook might be trying to take over the Web in order to provide users with more targeted ads, but if Meebo has their way, websites will use XAuth to authenticate user login instead of Facebook Connect — also possibly with the purpose of serving up ads. The advtange for Meebo is that not only would XAuth broaden the social media user base for login authentication, but they have some big names behind them, including Google.

Since Meebo‘s web and mobile apps allow cross-IM chat, the company already has a fair bit of experience handling multiple protocols. (For example, a user of AIM could text chat with someone using Yahoo! Messenger, Windows Live Messenger or even Facebook chat.) As well, last year they started ramping up their ads with a partner network. So it makes sense that they would try to give Facebook Connect some competition in the form of XAuth by giving Web site publishers the opportunity to expand their user base to social networkers of many services.

So XAuth, or Extended Authentication, would give Web surfers more options for logging into third-party websites. Instead of just being limited to Facebook or Twitter authorization, users could potentially use other social media accounts, including voting and bookmarking sites such as Digg, Reddit, or Delicious. If you’re already signed into one of those social media services, why not use that account for authorization? XAuth will determine which of the social networks you’re signed in to that it supports and display corresponding icons.

Right now, with partners that include Google, Microsoft, MySpace, Disqus and others, it’s not surprising that Meebo’s XAuth demo pages use some of those services for authorization. Their publishing partners include MTV and Time. What I’m wondering is why YAAS (Yet Another Authorization Standard)? Twitter uses OAuth, which I admittedly know little about, but have heard coding colleagues describe it as “way better than Facebook Connect.” So why wouldn’t Meebo and gang just get behind OAuth instead of coming up with another standard? As for why Google and a few others are behind XAuth, they each stand to gain with any service that draws users away from Facebook Connect and back to themselves.

If you go to the XAuth website, you can find out if your browser is enabled for this authentication standard, as well as find out more details. According to their spec page, XAuth is a lightweight JavaScript library, and inclusion of a script into a web page automatically enables XAuth. However, only “modern” browsers that support HTML5 methods window.postMessage and localStorage will handle XAuth properly. They include IE8+, Safari 4+, Chrome 3+, and FF3+, or presumably any spinoff browser based on these.