[mdasen]

It's not that difficult. GMail does it. So, xyz@gmail.com requests to add abc@chat.facebook.com to its contact list. In the Facebook web interface, it comes up in the list of groups that you are requested to join, friends to confirm, etc. Privacy settings for vCard stuff (like image) can be the same as they are for Facebook - and Facbeook can use the Jabber ID of the other party (xyz@gmail.com) to see what their Facbeook account is for that or just give the public information (most people have a public profile picture).

SPAM and abuse isn't that hard. Remove the person from your contacts. Done. They can't contact you any more. Really, it's the same as if one of your Facbeook friends was creating SPAM or abuse.

Basically, it's just "friending" people by Jabber ID rather than by Facebook user id in a "chat contact" status.

There are technical challenges to federation and it did take Google a while to implement it. However, the UI, SPAM, and authorization parts don't seem that challenging. And it would be nice if Facebook opened up a bit. And Facebook might be working on this, but I don't think it's a UI issue. In the long run, it will come down to whether Facebook wants to be closed or open and that's a policy decision.