Today, I thought I might spend a lunch time getting my brain wrapped around the idea of how Single Sign-On works within the Microsoft Live ethos.
Assuming you manage to get past the quagmire of deprecated documentation, installation, association loop holes & hurdles one can finally settle on getting a basic Authentication happening.
Once that was complete It’s now back to reality where you have to also decode the Privacy Guidelines / Settings used for applications that make use of this great ball of angry code.
Throughout this journey one thing has stood out the most. It’s as if someone within the Live “Team” (If there are any people left to call it a team) have not only given up but raised the standards of bad development & audience seeding to all time new high.
It’s easy to just throw Live under a bus, many have been doing it for years but it doesn’t really solely fall in their lap either. I look at you the Windows 8 team, as you clearly aren’t giving this entire scenario much attention – especially when you have devoted so much energy & time convincing us to use our “Live Id” to sign into Windows.
As far back as 2007, Live Id’s were an important metric in the Microsoft camp where the company would even pay large Enterprises kick backs to use Live ID instead of a Gmail/Google account (early stages of User Id meets cloud land grabs). It’s always in many ways held an area of importancebut despite all the fluff around “Windows reimagined” the basic(s) are still a tyre fire and clearly not as well thought out.
For instance, you log into Facebook and you agree to allow some random application access to your details. If later on you wish to retract that offer (not that it would matter) you’d in turn go to a specific area of the site and remove. The same goes with Apple, Twitter and countless other brands to name.
Nope, you say yes to the Application but in from there on out you have to either ask someone or remember that buried deep within your Live ID account management online (via the web only) there’s an obscure link which lets you manage your privacy settings).
As a developer if you want to make use of the Live Id well, you have to abide by the guidelines within Microsoft and ensure you firstly build a “Settings” menu into your application, which then has preferably Permissions, About, Privacy & Account options (I did mention this was opt-in). That to me is a lot of extra work that is in reality not required per app, it should be something in which each developer has no control over. It’s not as if the developer is telling the AppStore what kind of access he/she needs from the said app upfront (oh wait..it is…via scopes).
Instead Microsoft plays the lazy route, makes the developer put together a URL of some sort which outlines their privacy statement(s) out loud (which is really just mother hood statements like “I won’t be evil with your data – said the Nigerian Prince”.
Sadly, this is a huge amount of unnecessary heavy lifiting to get something done which is basic and it’s likely due to yet again Microsoft internal culture spilling over into the various developer relation(s) that’s NOT going on right now. What I mean to say is Live has pretty much lost the bulk of its energy via staff leaving, fired, retrenched or simply given up.
If Live is a toxic cloud of developer stupidity then why would you as a developer target Windows 8 Application Development given the front door is broken.
Now to figure out how I can reset the “Allow this app to access your” permissions – despite removing the said App from my “online profile” it still seems to work. Yes….it’s potentially a bug in their privacy (Oh I wish I could say I made this up).