Ode To Twitter

Yep, that’s right. Let’s forget all the talk about the open web. This weekend made me realize that the achievements of the last few years were in vain.

The next two quotes are from blog posts on Facebook‘s recent changes in privacy settings and the invention of the Open Graph protocol and the subsequent discussions about it (emphases by me).

Stowe Boyd:

Facebook’s shifting policy from private as default to public as default is a reflection of the open web. Twitter, in particular, has always been based on a public model, where the default modality is that all information is public unless you go to great lengths to conceal it.

Robert Scoble:

Whoa?!? Here’s the deal: I wish Facebook had NO PRIVACY AT ALL!
That’s called the open web
. I wish Google could index every word I write on Facebook.

If those high-profile bloggers think the open web is about spreading personal data across the web, then something went completely wrong in the past. My understanding of the open web always included these principles:

  • open standards
  • interoperability
  • transparency
  • data sharing

If you haven’t noticed it yet, those are – among others – some of the principles of, e.g. DataPortability.org and Kantara‘s UMA working group. And didn’t Mr Scoble join DataPortability.org more than two years ago? Maybe no one explained the concept to him.

I’m disappointed and angry. Of course, you could argue that those are just two voices. But they are influential and I doubt they are the only people who didn’t get it. Sad weekend.

Image by Thomas Hawk

Reblog this post [with Zemanta]

Tags: , , , ,

Sometimes the results of OpenID logins look a little bit strange, certainly not as expected by users. Blog comments are a good example. Usually I would expect my real name or username displayed there but occasionally it looks like this:

The provider simply didn’t send my name (Google in this case).

While some providers allow personas, i.e. users can create different sets of login information, e.g. one with a business email address and one with a personal one, the most don’t. So what can users do if they want to change
any of the information like name or email address? Actually not very much. Changing the information before each login at the provider is not really an option. Switching to a provider that features personas is a good idea but doesn’t suit all users.

Disqus is a comment system for various platforms like WordPress, Drupal, and many more, and is tackling at least one part of this problem in a rather elegant way. Among other ways it lets users comment with their OpenID. When commenting users see this popup:

They can easily change the display name. It’s a small popup, it’s unobtrusive, and a good example of how relying parties can improve the user experience of OpenID. Well done!

Reblog this post [with Zemanta]

Tags: , ,

Oh no, not another post on OpenID already, you might think. Well, the new year is only a few days old and there are already three posts and tweets respectively that got me thinking about it again. But if you don’t want to read about OpenID again, just ditch this post. ;)

The Idea of OpenID Connect

Let’s start with Chris Messina’s proposal of OpenID Connect that got some attention in the blogosphere over the last few days. According to Chris OpenID Connect should be a concept similar to Facebook Connect and Twitter Connect:

OpenID Connect is a technology that lets you use an account that you already have to sign up, sign in, and bring your profile, contacts, data, and activities with you to any compatible site on the web.

For the more tekkie guys of you, OpenID Connect should leverage Activity Streams, Portable Contacts, and OAuth WRAP among others.

Sounds good? At long last, a product based on OpenID that could be marketed and is similar to its rival Facebook Connect? Maybe. But we could have that product for a long time already. Isn’t there an OpenID/OAuth Hybrid protocol? Isn’t it possible to perform discovery of a service catalogue containing contacts, photos, and much more via XRDS-Simple?

I cannot comment on the technical differences of both approaches or their shortcomings. I simply don’t know them and never really had a look at OAuth WRAP so far. I’m just a dumb enduser. But from what I can tell it was possible to build something similar to Facebook Connect that wasn’t a product but a combination of a few protocols that could work almost the same way. However, no one cared to think about a reference implementation and documented it. So at least Chris’s idea of OpenID Connect could start a new discussion – and actually much needed work – about establishing a product based on open standards. I just hope marketing efforts will follow.

Email Anyone?

Last night I spotted a tweet by Hutch Carpenter, a name which should be familiar to those involved with Enterprise 2.0. Hutch had a really simple request:

Yes, it is as simple as this: Hutch just wants an email transferred while signing up to a new service. Those of you familiar with OpenID know that it’s possible. There is the Simple Registration Extension (SREG) and there is Attribute Exchange (AX). Both protocol extensions allow transferring an email address – among other data – from the OpenID provider to the consuming website, the relying party. Though both parties – the provider and the relying party – need to support them. However this great feature is mostly unknown to even tech savvy guys like Hutch.

How come? Back in the days of the old OpenID version 1.1 most providers and relying parties supported SREG. Unfortunately, when big providers like Google and Yahoo! jumped on board of OpenID this fine extension got forgotten by most people, simply because the big vendors didn’t support it. When Yahoo! started supporting some SREG values in November 2008 it was applauded and reading some of the blog posts about it, it sounded like Yahoo! re-invented the wheel. Hey, the current SREG specification is final since June, 2006! Yes, since the summer of 2006. So no real invention in the winter of 2008.

Confusion about the OpenID Name

The next blog post suprised me a little bit and I thought the blogger was probably an exception for getting some aspects of OpenID wrong. Basically, she thought she had to pay $25 for getting an OpenID when visiting OpenID.net. As it turned out, she was confused with the membership fee of the OpenID Foundation. Actually, I thought this would never happen. But it did and what if she was not the only one as she pointed out in the comments? Also she already had an OpenID from MyOpenID but thought it was something different, just because of the name.

OpenID Needs Marketing

Those three examples show one thing: OpenID needs more marketing! Though any marketing needs a product. So OpenID Connect or whatever it will be called in the end is a step in the right direction. Marketing should be done by those who know their job: marketers. Not developers as is the case mostly these days.

Also it’s probably a good idea to get more in touch with big tech blogs like Techcrunch, Mashable, and Read Write Web. They have turned mostly into news sites that need a story to write about. They hardly do intense research, so no one can expect them to find out the subtle technical details of something like OpenID, its extensions and related protocols. So in the end OpenID might get better press and won’t look like the inferior identity protocol to Facebook Connect.

Reblog this post [with Zemanta]

Tags: , , , ,

openid

Yesterday, the OpenID Foundation (OIDF) published its review of 2009. The numbers mentioned in the blog post look great. Having over 1 billion OpenID enabled accounts worldwide and over 9 million sites that let users log in with an OpenID are truly impressive numbers. Also it is a great list of companies providing or consuming OpenID.

I also applaud the OIDF for cooperating with the US government and initiating a strategy where OpenID logins on federal government websites become reality. It is a great way to help citizens engage with government agencies because they don’t need to register again just to gather some information, making an appointment and what not. Hopefully, this will become a blueprint for other governments as well.

However, having a closer look at the blog post, it becomes apparent that all that glitters is not gold. At least in my opinion.

  • Some of the mentioned OpenID providers like German GMX and Web.de are hardly recognizable as providers. Users can only use credentials of those email providers on Facebook. Well, actually (automatic) login only works if users are already logged in to those providers and Facebbok makes a checkid_immediate call. Having login credentials that only work for one website? Interesting concept. ;)
  • Many big and small companies are mentioned that accept OpenID. However quite a lot of them rely on JanRain’s RPX. There is nothing wrong with it. JanRain is about the only small, independent OpenID company that established a viable business model with RPX.

    But RPX is not only featuring OpenID as a login option but also Facebook Connect and Twitter among others. And some of the companies listed in the blog post don’t even allow logins with custom OpenIDs. Just have a look at the Wetpaint and Qype login screens. Yes, Yahoo!, MySpace, and Google logins are based on OpenID but users cannot use a custom OpenID:

    Wetpaint

    Wetpaint

    Qype

    Qype

  • And some of the mentioned companies have not even deployed OpenID yet, e.g. German Scout24, a subsidiary of Deutsche Telekom. If I got things right, Scout24 will also use RPX.

Yes, OpenID progressed in 2009. Though the technology has become more hidden, either behind obscure provider implementations like at GMX or behind buttons and logos of big vendors like Yahoo! and Google. Actually, it is not bad that technology becomes less obvious for users but the original idea of OpenID is gone as well: Having a URL

To empower individuals to define and offer and enforce their own terms in their interactions with others. To not merely be somebody’s user or consumer, but to be a first-class citizen of the net. To not be at the mercy of any government or organization.

as Johannes Ernst wrote in a recent blog post.

Reblog this post [with Zemanta]

Tags: , , ,

« Older entries

Page optimized by WP Minify WordPress Plugin