Tag: openid

Andrew Examines Identity Online, Unceasingly

So, you’re on the web (or you wouldn’t be reading this) and you need to identify yourself to various web services and to various web readers, many of whom are real human beings. I was enthusiastic about OpenID a few years ago. But OpenID resonated with only a small and rather specialized subset of people.

Most people want to use an online identity they already have, or are already considering having, rather than forging a new “one identify to rule them all”. That cuts the field down rather drastically.

Maybe you want an identity that is lightweight, in the sense that it doesn’t carry the burden of private information. That’s an argument against Facebook, which seems to want to be your identity and to gather somewhat private stuff about you.

Fred Wilson argues that the lightweight criterion suggest Twitter as identity provider.

Twitter is default public and everyone knows that’s what it is. Your Twitter identity is the lightest weight, most public, and therefore the best identity on the web.

I’m inclined to agree with Fred. How about you?

Identity: Usernames, Rings, etc.

Three years ago, I was pretty enthusiastic about OpenID.

Those of us who use (or at least try) too many web services tend to regard OpenID as good news: it means that each of us can sign in to one service in order to access multiple services… Now we get to the bad news. Most of the services I use don’t accept OpenID.

The bad news never went away, and is in some ways getting worse. 37signals will cease to support OpenID on May 1.

There are at least three other strikes against OpenID, besides the fact that many sites don’t accept it. Your ID is a URI, which might seem a little weird unless you are actually a web page. That URI can seem like one more thing to keep track of, bookmark, etc: the OpenID as well as the sites you use it to access. And what do you do when your OpenID provider is down?

So, more and more, we see web services inviting us to sign in using our credentials from one of the big sites, often Facebook. This may seem a little like using the one ring forged in, and always owned by, Mordor.

But we do have our choice of lords of the login. Mike at RWW recently noted that LinkedIn is growing as the login of choice for business-to-business (B2B) sites. He deduces from this that “users prefer certain identities for certain online activities.” So maybe Jekyll and Hyde is a better literary reference than Lord of the Rings when it comes to logins.

OpenID: Who Can You Rely On?

Those of us who use (or at least try) too many web services tend to regard OpenID as good news: it means that each of us can sign in to one service in order to access multiple services. For example, I use ClaimID as my OpenID provider. Once I’ve signed on their, I can use the OpenID it provides me with to sign in to services such as Highrise and…

Now we get to the bad news. Most of the services I use don’t accept OpenID. For example, if you wanted to comment on this post, having an OpenID wouldn’t help you, because WordPress.com doesn’t accept them. It does issue them, though; indeed, I tend to use the OpenID associated with this blog when I leave comments at Blogger, which does accept OpenIDs.

Many have argued against sites providing, but not accepting, OpenID. I did so, rather gently, and with reference to WordPress, about a year ago. Today, Mike Arrington made a similar argument, but rather more vigorously and with reference to web bigcos, today.

The problem… is that the Big Four Internet companies… have made big press announcements about their support for OpenID, but haven’t done enough to actually implement it. Microsoft has done absolutely nothing, even though Bill Gates announced their support over a year ago. Google has limited its support to Blogger, where it is both an Issuing and Relying party. Yahoo and AOL are Issuing parties only.

… Putting my conspiracy theory hat on, it looks to me like these companies want all the positive press that comes from adopting this open standard, but none of the downside. By becoming Issuing parties, AOL and Yahoo hope to see their users logging in all over the Internet with those credentials. But they don’t accept IDs from anywhere else, so anyone that uses their services has to create new credentials with them. It’s all gain, no pain.

Meanwhile, the service that I’d really like to get my OpenID from doesn’t issue OpenIDs – or accept them. It’s FriendFeed: here’s my FriendFeed. An OpenID is actually a URI, and the FriendFeed page is as good an identity page as any.

Hey, I just remembered reading the news that FriendFeed now has an API. Someone should set up a service that issues you an OpenID and gives puts stuff from your FriendFeed on your page.

OpenID: BigCos on Board

This morning the OpenID Foundation announced that Google, IBM, Microsoft, VeriSign, and Yahoo! have joined the board. This is good news, since OpenID is good.

However, there are limits to the goodness of the news. As Michael Arrington points out:

OpenID looks like it’s going to be a winner, so big companies making their user accounts OpenID compatible is a good hedge. Everyone, of course, wants to be an ID issuer, since they get to “own” the user. Less attractive is allowing users from other sites to log into your services, so don’t expect that functionality to come for some time.

Portadentity: All Right Then, Data Portability

Your portadentity is your identity, portable across web services. You probably haven’t heard the term before, because it just occurred to me, and Googling it yields no hits. The concept may well be familiar, since it has received a lot of coverage in the last month or so. A recent example comes from yesterday’s Financial Times.

It is a frustrating fact of modern internet life. Users of websites such as Facebook and Google spend hours building up and maintaining friend lists and e-mail address books, but when it comes time to move such social information to another online service they frequently find it impossible to get their data back out. Instead, they must start re-entering their personal details from scratch.

Another statement of the problem is the Smashcut video. It provides part of an argument for “data portability.” I don’t find that term very useful, but suspect that we are stuck with it, and regard it as a price worth paying for the achievements of the Data Portability Working Group (DPW).

At the heart of data portability is your identity. The DPW, consistent with its policy of using existing standards, uses OpenID for digital identity. Your OpenID, together with the data attached to it, is what I’d call your portadentity.

Today’s big news about the DPW is that Microsoft has joined. Read/Write Marshall reacts as follows. Microsoft’s joining the group is an event of sufficiently complex historical meaning that I’m hesitant to try and interpret it here. I won’t try to interpret it either.

I’m more inclined to spend my interpreting energies on Matt’s statement yesterday about Automattic’s vision of a better web not just in blogging, but expanding our investment in anti-spam, identity, wikis, forums, and more. I added the emphasis on identity.

Here’s what I hope Automattic will do about portadentity… all right, data portability.

  • Appoint someone to the DPW.
  • Make WordPress.com a consumer of OpenIDs. It’s currently a producer only.
  • Make it clear where Gravatars might fit in to all this.

Yahoo and OpenID

Yahoo implements OpenID… or does it? Read/Write Marshall asks the key questions.

Though there’s every reason to hope that today’s Yahoo! announcement will lead to ongoing, meaningful advocacy of OpenID by the company and then a future wherein Yahoo! sites accept OpenID from other providers – there’s also plenty of reason to be concerned that neither will occur and that Yahoo! interests are really only served by spreading the use of Yahoo! ID further around the web.

Google Profiles

Yesterday, I realized that I had something called a Google Profile, and that it was linked to my Google Reader account. Today, several of the blogs to which I subscribe using Reader included posts about Google Profiles. One of these, GigaOm, directed me to its colleague Web Worker Daily.

The post at WWD, by Mike Gunderloy, is pretty good, raising some interesting questions. A Google Profile “is simply how you represent yourself on Google Products” – but what are the future plans?

I’m not sure why I’d want a profile that was limited to Google products. I do want a profile that spans products, but I also want a profile that spans vendors.

I’d like to know how Google Profiles will be related to standards such as OpenID. Without a good story on that, Google Profile will begin to look like Microsoft Passport.

What DiSo Means to Me

Many feed readers (mine included) just caught DiSo. That’s not as unhealthy as it might sound. The term refers to distributed social networking. Maybe it might have been called DiSoNe, but that would be a silly name.

DiSo is a free/open source software project. The software will implement web standards such as OpenID and OAuth. 2007 was a big year in terms of the definition of these standards. It seems to me that one of the more immediate goals of DiSo is to make 2008 as big a year in terms of implementation.

The DiSo model “can be described as having three sides… Information, Identity, and Interaction.” I think that the first and last of these sides correspond to Content and Connection. I admit that’s rather like saying that I made myself a hammer a while ago, and now everything looks like a nail. Perhaps I need a term for Identify beginning with C: character? How good a term is that? It depends on how closely web identities resemble fictional characters.

Does all this stuff about standards and models sound rather abstract? I’d say yes, and that if the abstraction is a problem, then the DiSo project is an attempt at a solution. It’ll produce code that people can use. To get gradually more specific:

Well, that’s what I’ve found out or deduced about DiSo so far. I hope that the above is helpful to others. I had to do some digging and head-scratching before arriving at this understanding. I found Anne’s post at GigaOm to be too WordPress-centric (yes, I believe that it’s possible to be too WordPress-centric).

I tend to sync better with Chris Messina’s ideas than with his writing. For example, I don’t find the term The inside-out social network very helpful. And, after reading the last paragraph of his post with that name, I feel rather tired, vaguely inspired, but none the wiser.

Of course, the rather tired thing may be because it’s 3am here. If, due to that or any other cause, there are mistakes in the above, I hope that someone more knowledgeable and/or awake will correct them.

Blogger Drafts OpenID

I’ve just left a comment at the official blog for Blogger in draft. I did so using OpenID. For reasons why it’s good that we can do that, just follow the link.

In OpenID parlance, Blogger is now a consumer of OpenIDs. To be more specific, Blogger proper will be a consumer once the “comment using OpenID” feature moves there from Blogger in Draft (beta).

WordPress.com has been a producer of OpenIDs since March, but has not (yet) become a consumer. I hope that this move from Blogger reminds WordPress.com about OpenID…