Open Standards

You are currently browsing the archive for the Open Standards category.

DandyID: Profile Aggregation with a Spin

January 20, 2009 in Applications, Open Standards by Carsten Pötter | View Comments

dandyid

Once it was just a problem of the tech-affine early adopter crowd, but now it is spreading into the mainstream more and more: profiles on too many websites. People are on MySpace, Facebook, Twitter, LinkedIn or Xing, and it’s easy to lose track of where users registered accounts already. So there was a demand for profile aggregation services pretty early. And yes, there are many.

A fairly unknown service so far is DandyID, although it was launched in May of last year already. It aggregates profiles from more than 180 sites and consolidates them in a single place. Though DandyID doesn’t stop there. It also helps discovering its users’ friends on those sites as well. And along the way, it supports many open standards.

Sign Up and Profile

OK, let’s get started with DandyID and see how it works (and maybe how it could work better). First is the pain of registering an account:

dandyid-signup1

Well, that’s a standard sign up form – apart from the “transgender” option” – we all have seen many times. I have never seen the trangender option before, though, and I am wondering if it will be clicked at all. Anyway, if “transgender” was dropped from the form all required fields could be filled via OpenID’s Simple Registration extension. No user interaction, just some magic done by OpenID. Hell, DandyID could be a Relying Party. Go for it, dear folks at DandyID!

After signing up a long list of available services is waiting for new users. Nightmare, 180+ services!

service-list

But, fear not! Even if users have signed up for 50 of those services they don’t have to manually enter all their usernames. One username should be enough, and DandyID shows more accounts belonging to the user directly under that service. It looks like this:

service-discovery

That’s cool, although I think this could be displayed more user friendly. Currently, I have no idea how this could be improved, though. Anyway, all this magic is done with Google’s Social Graph API, if I am not completely wrong. Very nice. Though the Social Graph API is also able to find my friends which are registered with DandyID. So all I have to do is add them. No more looking for the usual suspects on DandyID. I think, I hate adding friends even more than filling out stupid sign up forms. My friends are marked up with XFN then, by the way.

It’s time to finetune my profile now, like adding an address. Fortunately, DandyID also supports the hCard microformat. So all I have to do is providing a link to an hCard on the web and my address is added to my profile.

profile

Since I added my Twitter account, my last status update is also shown.

OpenID Delegation

While I am missing sign up with OpenID, the DandyID profile URL can work as an OpenID. Though DandyID is not an OpenID Provider but it delegates the profile URL to my OpenID Provider. This is a really cool feature because so far OpenID delegation just works for users who have control over a website themselves. With DandyID it is not required anymore to own a website.

However, I think this could be improved a little bit. MyOpenID and ClaimID were the only available OpenID providers to me because I added my usernames for those providers. But I also added my AIM, Wordpress.com, Flickr, TypeKey, and MyBlogLog profiles. All those accounts can work as OpenIDs. Well, for the Yahoo! properties Flickr and MyBlogLog users have to opt-in to use them as OpenIDs but that could be asked by DandyID.

Update (2009-01-21, 00:04AM): Something changed since I had a look at this feature: Wordpress.com is shown as a provider now.

Future

DandyID is still in beta but there are some new features planned already. First, there is “Permission” which is described as:

Eventually you will be able to manage which websites, services, and apps have access to your social graph. But, since we are in private beta this feature is not live just yet

I can just speculate but this is screaming OAuth to me. Considering that there is also an API available which supports Portable Contacts this would make sense.
Another feature will be “Launch-Pad” which will serve as a central point to log in to the various profiles. Well, this reads Password Anti-Pattern (see my former post on the topic). Not good.

Conclusion

While it doesn’t re-invent the wheel, DandyID looks quite interesting already. It seems the developers have a pretty good understanding of open standards and the open web in general. Though the forthcoming Launch-Pad doesn’t fit in here. It might be convenient for users but it is wrong, very wrong. But maybe it’s me who got Launch-Pad wrong.

Tags: Aggregation, API, Contacts, DandyID, Facebook, Google, Open Web, OpenID, Portable Contacts, profile aggregation services, Profiles, Relying Party, Twitter, Yahoo

OAuth on Twitter Won’t Replace Your Brain

January 6, 2009 in Open Standards, Security by Carsten Pötter | Comments closed

oauth-_-logo

Twitter has problems. Or Twitter users have problems. It depends on how you see things. Not only passwords were sold together with a Twitter application (see my recent post on the topic) but also users got phished and accounts of some celebrities got hacked. Really bad news!

Now people think Twitter needs some better authorization methods of third party applications and demand OAuth implementation. Even a website was launched: Please, Twitter, Implement OAuth Now!. Indeed OAuth is a solution and it’s great that more people feel the need for safer authorization. While it is a noble initiative, I feel a little bit uncomfortable when seeing some blind retweets of the message on Twitter. Basically, there are two reasons:

  1. OAuth didn’t prevent the recent phishing and hacking attacks. To quote Twitter co-founder Biz Stone:

    We plan to release a closed beta of the open authentication protocol, OAuth this month but it’s important to note that this would not have prevented a Phishing scam nor would it have prevented these accounts from being compromised. OAuth is something we can provide so that folks who use third party applications built on the Twitter API can access their data while protecting their account credentials.

  2. While you could argue that Twitter somehow encouraged users to give away their passwords to third party sites, we should not forget that the users themselves helped their accounts being compromised. For convenience’s sake or a tiny feature (by the way, did any of those people request those features from Twitter?) some self-proclaimed internet elite was happily passing their passwords to other sites. Not just once, but many times.

I am 100% pro-OAuth on Twitter but users have to think about what they do on the web and who they trust. OAuth on Twitter is just a small relief for users. There are other sites and other risks as well. Think!

Tags: API, Biz Stone, Co-founder, internet elite, OAuth, open authentication protocol, Twitter, Twitter co-founder

More Support for Open Standards on MyBlogLog and Digg

May 2, 2008 in Open Standards, OpenID by Carsten Pötter | View Comments

MyBlogLog is becoming the most talked about service on this blog, I guess. Maybe I should make it a weekly feature. ;)
Well, what’s the news of today then? MyBlogLog is an OpenID provider now. And no, sadly it’s not a relying party as well.

Users who want their MyBlogLog profile URL to be an OpenID identifier have to opt-in at the Yahoo! OpenID site. So it is no surprise that this implementation provides the same features as Yahoo!’s (see my post about it). It also means that users don’t have to log in with their complete profile URL (http://www.mybloglog.com/buzz/memebers/username) but can shorten the OpenID to mybloglog.com. OpenID 2.0 and directed identity make it possible.

Also interesting to note is the blog post about MyBlogLog’s OpenID support by Shreyas Doshi, product manager for Yahoo!’s OpenID initiative:

With this change, we have also eliminated the only-one-custom-OpenID-identifier per-account restriction. This means that you can select both your Flickr photostream AND your MyBlogLog profile URL as your OpenID identifiers, in addition to creating a pretty me.yahoo.com identifier.

Can we speculate about del.icio.us and Upcoming OpenID identifiers as well now? More providers? Please become relying parties!

By the way, MyBlogLog also added a nice FOAF icon next to the vCard and hCard icons on profiles. They heard you, Robert. :)

And Digg?

Meanwhile Digg has added XFN support to user profiles and RDFa to submitted stories. Good to see further implementations of open standards on Digg. Maybe we will eventually see OpenID support. Announcements have been made more than once.

Tags: product manager, Shreyas Doshi, Yahoo

MyBlogLog Features hCards

April 25, 2008 in Microformats, Open Standards by Carsten Pötter | View Comments

MyBlogLog continues to impress advocates of open standards. After rolling out microformats like <rel="tag"> and XFN, MicroID, and FOAF it announced the addition of hCards and vCards to the profiles of its users last night.

vCards and hCards

Profiles feature two new icons now: one for vCards and one for hCards:

mybloglog profile

Clicking the vCard icon (that’s the left one), the vCard can be downloaded to a computer and added to a user’s favourite address book. Clicking the hCard icon, a separate page is displaying profile information:

mybloglog hcard

Privacy Settings

People having a MyBlogLog account know that they can add rather private information like their telephone number to their profiles. Though they can decide if this information is publicly viewable, only by their contacts or by nobody. MyBlogLog has added those privacy settings to the hCard and vCard information as well. So if users decide their telephone number is only available to their contacts, other people can’t access that information by hCard or vCard. The same applies for services which parse hCards.

That’s actually pretty cool because this is the first service I am aware of that offers granular privacy settings for hCards. I am sure that this implementation also helps reducing fears that contact information will be widely available on the web without users’ consent.

Well done! :)

« Older entries