This fine tunes the solution suggested by Facebook to keep this data from getting into the wrong hands. Once an agreement is reached on exactly how to do this, it will become a requirement for developers come the new year.
A limited amount of user ID sharing enables Facebook applications to do their job, but the social network is cracking down on oversharing, and especially selling such information. In addition to banning developers that don’t play by the rules, the social network has proposed an encryption method that just got revised based on input from the community.
While the previous proposal had still passed on an encrypted user ID in shares of a URL, the latest proposal embeds it in an HTTP post body to avoid exposure in any referrer header, encrypted or not. The way to do this is create a
element targeted at the application Canvas URL, as shown on the Facebook developer blog:While this has the status of a proposal, Facebook has begun using this changed method to help developers learn how it will affect their applications. You can give it a test drive by activating the “Post for Canvas” beta migration within the “advanced” tab of Facebook’s developer application.
This proposal includes a way for developers to obtain an anonymous and unique identifier for each of their users. This is intended for applications to interoperate, and not for passing on data on to third-party brokers. There’s actually two ways to obtain these so-called third-party identitiers: one from any user object using the graph application programming interface, and the other from the user table using FQL.
The code for getting the third-party identifier from a user object via the graph API is:
http://graph.facebook.com/dmp?fields=third_party_id &access_token=[access_token]
To get a third-party identifier for two users based on the Graph API, the code is:
http://graph.facebook.com/?ids=dmp,vernal&fields=third_party_id &access_token=[access_token]
To get the third-party identifier from the FQL user table, the code is:
https://api.facebook.com/method/fql.query?query=select third_party_id from user where username ="dmp"&access_token=[access_token]
To get the the third-party identifier for two users in FQL, the code is:
https://api.facebook.com/method/fql.query?query=select third_party_id from user where (username ="dmp" or username="vernal") &access_token=[access_token]
Readers, what do you think of the latest proposal? Will you begin to use this new method?
Source: All Facebook
Wednesday, November 24, 2010