Ma.gnolia

Marshallk talked about it and David Recordon did as well and Kevin Fox wrote about it yesterday but I thought I’d mention something about it as well.

Yesterday, Ma.gnolia deployed new login infrastructure that is 100% OpenID only. You don’t create a Ma.gnolia account anymore, you come with your OpenID, Facebook account or some other means of login.

Why is this a big deal? Well, it turns out spammers like to create accounts for bogus link love on Ma.gnolia. This stinks for Larry and his crew but also for the community that has grown up around this great site. By pushing this off to other sites, now the Ma.gnolia folks can focus on what makes their site great; not stopping spammers.

This is a really interesting trend and I think something is going to bubble out of this; reputation. We need to be able to take advantage of the fact that a) I have lots of accounts and b) I can link them to one OpenID to prove that this-is-likely-a-real-person.

Props to Larry and his team … well done guys.

I’m really excited to hear that Ma.gnolia.com is having such great luck with OpenID. They have been one of the early adopters of this technology and its paying off:

So far, over 15% of new Ma.gnolia members are seeing the advantage and getting their OpenID when they join Ma.gnolia. Considering how new OpenID is, and that it takes a bit of un-learning of old sign-in habits, we’re really delighted to see this adoption rate.

Chris introduced Larry and I a few months ago and gave me a chance to give him an earful about how great OpenID was. It didn’t take them long to get it working on their site once they figured out some of the tricks of the trade. I was really excited that Ma.gnolia decided to become an affiliate as well!

Its sites like Ma.gnolia and Zooomr that are really great showcases for OpenID and the potential is holds.

Saw Simon mention a three-step process for getting an OpenID show up on reddit and of course I have to link to it because they are using MyOpenID as the example … :-)

This is also a great time to mention the affiliate program that we launched a few weeks ago. If you run your own site but don’t want to host an OpenID server, you can sign up as an affiliate and redirect users to MyOpenID.com to get their own OpenID. The user is presented with a logo from your site as well as a description of why they were directed there. You can see an example from my blog here.

Some of the better known affiliates are Ma.gnolia.com, a great social-bookmarking site and Zooomr, a really amazing photo-sharing site. If you don’t want to run an OpenID server, we’re more than happy to do it for you. And you can even use your own domain if you want to.

Finally, if you want to run your own OpenID server you can do that as well. phpMyID is a great standalone PHP OpenID identity provider that was just released a week or so ago. You can then manage your own server and deliver identities yourself.

Well, I kind of scooped Larry and I’m bummed for that. I wasn’t sure if he was as close as he was to releasing OpenID support. Fortunately, nobody reads this blog so I think I’m in good shape … :-) In any case, sorry about that Larry.

Well, this afternoon they have officially launched with OpenID support.

I’m a fan of Ma.gnolia and am really excited to see it supporting OpenID’s now. This is great stuff. Way to go Larry and the rest of the Ma.gnolia team!

If you currently run a site with a large number of users and are looking at adopting OpenID you have a few things you need to consider. I’ve been talking with Larry Halff from the social bookmarking site Ma.gnolia (which kicks ass btw) and they are looking at adopting OpenID. Larry has quite a few users and so he had to take those folks into account before implementing OpenID.

What we have seen with the open source projects that are adopting OpenID is to simply tie it to an actual account within the system. For example, the Drupal plugin does this. This is the easiest mechanism since you can then tie the OpenID to attributes that you need specifically for your application. In the case of Drupal, they have the concept of an avatar. OpenID’s simple registration does not have this attribute so you can’t get it from the identity provider (yet - more on that later). So when a user logs in with an OpenID, their OpenID is tied to a new account within that Drupal installation. Then you get the benefit of all of the “extra” attributes that you might want to have for that account.

In Larry’s case at Ma.gnolia, when the user logs in for the first time, they ask for the ‘nickname’ of the user via the simple registration mechanism. When they get that back from the users’ identity provider, they check to see if it matches an existing Ma.gnolia account. If it does, the user is presented with a dialog to enter that Ma.gnolia user’s password. This allows the user to link an existing Ma.gnolia account to an OpenID (so they don’t have to re-enter all of their bookmark information again). If it doesn’t match, they create a new Ma.gnolia account and tie it to the OpenID via a seperate OpenID associations table.

Now, as I mentioned before, simple registration is pretty limited in its abilities at this time. However, there is a mechanism for arbitrary attribute exchange that has been proposed. In the case of Drupal, a site running Drupal could upload attributes that would be tied to the user at their identity provider (with the users’ permission of course) and these attributes could be used for any Drupal site. The ability to have rich profile information via attribute exchange is something that is going to make OpenID a really powerful platform for delivering digital identities.