OpenID

When we look back at 2008 it will be the year that we saw as the start of something great with freeing users’ data and putting it in their control. We’ve already seen some great momentum around the Data Portability project and seen some great events (such as SG FooCamp ‘08). Several more events are just on the horizon and you should make sure you attend.

The first event is the Data Sharing Workshop happening April 18th and 19th in downtown San Francisco. This is happening on a Friday and Saturday so as to best accommodate the needs of attendees and with it right in the city we should see a larger audience for something further down the peninsula.

Directly following IIW 2008a we’ll be having the Data Sharing Summit. This will be a chance for stakeholders across the entire data portability eco-system to come together and talk brass tacks about what we’re trying to accomplish and how to make it a reality. We’ll be focusing on specific technical details and how we’re going to get from point A (today) to point B (tomorrow).

Why two events so close together? Well, we’ve got a lot of work to do and we’re already a quarter of the way through 2008. If you’re at all interested in participating in the data sharing/portability conversation these are the two events to attend without question.

I hope to see you there!

I did the Beer and Blog tonight on how to OpenID enable your blog. Thanks to Justin Kistner for inviting me and thanks to everybody for showing up to hear me talk about OpenID (again and again and again) … ha!

The gist of tonight was to show folks how easy it is to OpenID enable their blogs. With most folks using Wordpress these days, I did a basic install of Wordpress 2.5 RC1 with the wpopenid plugin that Will Norris has built. From a couple of zip files to a full-fledged blog its about 5 minutes total work if you know what you’re doing.

If you want to use your own domain as an OpenID, check out Sam Ruby’s post about OpenID delegation to learn more. (Note: see here if you want to do delegation with myVidoop - yes, shameless plug).

Now, some folks don’t necessarily want to use Wordpress. No problem, there are plenty of other OpenID enabled blog platforms and content management systems. Here are a few more (feel free to leave comments if I missed anything):

• Moveable Type 4.0 - This is a great alternative to Wordpress and Six Apart has really started to put some extra work into making this a great platform for your blog.
• Drupal - Drupal is one of the premier content management systems out there and starting with Drupal 6.0, OpenID (both consumer and producer) is built-in by default. This is a CMS that has really started to mature into a fantastic piece of software with an amazing community.
• MediaWiki - MediaWiki is the defacto leader in wiki applications out there. With the OpenID extension you can make it even easier to create and manage your own wiki with ease.
• Joomla - Another CMS, Joomla with its OpenID extension allows full-integration.
• dotnetnuke - As hard as it is for some folks to believe, people actually build some cool applications on .NET. One of those (and that has native OpenID support), is dotnetnuke which is a content management system for Windows.
• Roll your own - You might want to roll your own applications. If so, check out OpenID Enabled which is a great resource for specific OpenID libraries.

These are just a few of the many applications, frameworks and libraries that are available for OpenID-ifying your sites. Now, Go forth and implement OpenID today!

Marshallk talked about it and David Recordon did as well and Kevin Fox wrote about it yesterday but I thought I’d mention something about it as well.

Yesterday, Ma.gnolia deployed new login infrastructure that is 100% OpenID only. You don’t create a Ma.gnolia account anymore, you come with your OpenID, Facebook account or some other means of login.

Why is this a big deal? Well, it turns out spammers like to create accounts for bogus link love on Ma.gnolia. This stinks for Larry and his crew but also for the community that has grown up around this great site. By pushing this off to other sites, now the Ma.gnolia folks can focus on what makes their site great; not stopping spammers.

This is a really interesting trend and I think something is going to bubble out of this; reputation. We need to be able to take advantage of the fact that a) I have lots of accounts and b) I can link them to one OpenID to prove that this-is-likely-a-real-person.

Props to Larry and his team … well done guys.

One of the most lively discussions at SG FooCamp was the Data Portability talk. Chris Saad was the host and a bevy of folks (Chris Messina, daveman692, Eran Hammer-Lahav, jsmarr, Tantek, Adactio, John Panzer, Eran Sandler and many others) were there talking about how to turn all of the Data Portability energy and excitement into something tangible. One of the ideas was for Chris Saad to turn DataPortability.org into the place for the discussion about how all of these technologies can work together and hopefully relate the conversations happening in each of the communities.

I know Chris has done a few of these videos already:

• http://seesmic.com/v/Co8lFpDaMz
• http://seesmic.com/v/fN4utUYa6C
• http://seesmic.com/v/laUHx3ie9j
• http://seesmic.com/v/qcdpwCUX4l
• http://seesmic.com/v/sb8qjEF57p
• http://seesmic.com/v/Dk76sdlGMk

This is a great start and I want to do my part. I like the ideas, momentum and people that have come around the Data Portability Workgroup, so this weekend at SXSW 2008 I’m going to actually do something instead of just listening quietly on the mailing lists … :-)

Myself (look for me in some sort of Portland/Bacon themed t-shirt) and fellow Vidoop partner-in-crime Luke Sontag will be prowling walking the expo floor, taking in sessions, attending pre/post events, raiding BarCamp Austin III and everywhere in between seeking out your thoughts on Data Portability, the Open Web, portable social networking, DiSo, whatever. These topics mean a lot of things to a lot of people and most importantly to those of us in each of our communities (OpenID, OAuth, microformats, etc). The goal is to simply document thoughts from people in the space (and not just the “leaders” either) and make it accessible to everyone wanting to participate in the conversation. Hopefully this will increase awareness and help people come together more effectively on the problems at hand.

A few of the questions I’d like to pose:

• What has the impact of the Open Web been for you, your work or the applications that you use?
• What does Data Portability mean for the work that you’re doing today? For the applications that you use?
• Is portable/distributed social networking/DiSo possible and what are some steps to move it in the right direction today? Where should we be by 2009?
• Every web site seems to have a life streaming component now, does it matter? Is it relevant? What are your thoughts on life/action streaming?
• OpenID and OAuth both have the concept of an end-point that does interesting things for the user. What are some possibilities for this end-point with relation to the work you’re doing? The applications you’re using?
• Google announced the beta of Google Health and its inevitable that more and more of our data will be ending up on-line. Is this a good thing? How can you better manage and protect this data?

These will be short, bite-sized interviews (hopefully under 5 minutes or so) and we’ll get them on-line as quickly as our crack video team can get them up. I’ve already lined up a few really great people to chat with so far and am looking for more. Would you like to weigh in on the questions above? Do you have other questions you’d like to ask? Comment below and I’ll either work the question in or find you at SXSW. See you all in Austin!

What a week its been. This past weekend was SG FooCamp ‘08 (more on that below), on Tuesday I got a new job and then yesterday we made the long-awaited announcement around Google, IBM, Microsoft, VeriSign and Yahoo! joining the OpenID Foundation board. Add to that trying to get a house ready to sell, moving, finding new office space in Portland and speaking at Ignite Portland 2 this has easily been the craziest (and most fun) week I’ve had in years. I really wish I’d had time to write this post earlier in the week.

What I really want to talk about here is about where we’re at now that the dust has settled from SG FooCamp ‘08. When David and I cooked up this event we had one thing in mind and it quickly morphed into something else. The outcome from my perspective was an entirely positive one. Lots of amazing people got to make some really great connections, people hacked on code, discussions (heated and otherwise) were heartfelt and engaging all weekend long.

That said, I’ve certainly taken my fair share of abuse for organizing the event. It was invite-only and for that I’m more than willing to take some heat. David and I chose the invite list and the reality was, there was a finite amount of room (we somehow crammed 105 people in over the weekend and a good chunk of those slept in tents in 30F+ weather). Okay, so where does that leave us?

In my travels this past week, in blog posts I’ve read, in people I’ve seen (even at Ignite Portland) it was clear that everyone wished they could be at SG FooCamp ‘08. People want an open discussion about these things. Me too. And even more so now that we had this event last weekend. Social graph/data portability/distributed social networking/etc … this is as much of a technical problem as it is a policy and best practices one. The weekend showed to me the passion that a small group could have around this space. What if we expanded the scope significantly?

We already have the Internet Identity Workshop as well as the Data Sharing Summit. Both of these are open-space style events and both are really well attended and organized. I think there is room for something combined or even expanded in scope.

I can foresee two tracks to an event like this. One would cover the hacking pieces. How can we use XMPP? What does Google’s Social Graph API reveal? What are the hard problems devs are dealing with? The other track would cover the policy and best practices components. How do we put users in control of their data? What should be the rules/best practices around scrapping? Who owns my data? Yes, I’m suggesting that we bring together a cross-section of people to discuss this. This could/should even be an extension of the DataPortability work going on. Its not a contest and its not about size, but I could easily see 1000 people coming to an event like this and I can only imagine the intensity and camaraderie being 10x what we had at SG FooCamp ‘08.

Okay, so … who’s going to do it? I was really hoping to hear word of a another Data Sharing Summit from Marc and Kaliya. I think its a great basis for this event and I’d love to help make it a reality. The sooner the better in my opinion. People are hungry to discuss this and with the maturation of technologies like OpenID, OAuth and microformats we have the building blocks we need to make it happen. I’m ready to roll up my sleeves, anybody else?

Its been a long time coming and certainly a huge milestone for OpenID. Everyone on the board is really excited about this news. Here are a few snippets of the coverage:

• O’Reilly Radar - OpenID Foundation - Google, IBM, Microsoft, VeriSign and Yahoo
• ReadWriteWeb - OpenID News: Big Co’s Put Money Where Their Mouths Are
• Dick Hardt - Industry Giants join OpenID Foundation Board
• VeriSign Innovation - OpenID Foundation: Does the world really need yet another identity organization?
• TechCrunch - OpenID Welcomes Microsoft, Google, Verisign and IBM
• Mike Jones of Microsoft - Microsoft Joins the OpenID Foundation and its Board of Directors
• Mashable - Google, Microsoft, Yahoo, IBM and VeriSign Join OpenID Foundation
• TechCrunch UK - Google, Microsoft, Verisign and IBM join OpenID

(links courtesy of daveman692)

As always, the best is yet to come … :-)

I’m at SFO on my way back to Portland after a fantastic weekend in Sebastopol, CA at SG FooCamp ‘08. A really, really huge thanks to Tim O’Reilly, Sara Winge, Tony and the rest of the O’Reilly staff for providing a fantastic venue for this event. Also, we had some great sponsors in BBC, Google, MyStrands, Six Apart and Yahoo! We couldn’t have done it without you.

As a little background, David Recordon and I came up with the idea for SG FooCamp literally 44 days ago. The original idea was to get a bunch of hackers together, lock them in a room for a weekend and see what happens with respect to distributed/portable social networking, data portability, etc. Slowly but surely the invite list went from 10, to 25, to 30 … then David mentioned it to Tim and the idea was hatched to turn it into a FooCamp style event and host it in Sebastopol. Sweet. Now we can go all the way up to 70 people. We blew through that about an hour later and by the time all was said and done, we had over 100 people show up for the event.

It rained most of the weekend in Sebastopol (I must have brought it from Oregon with me) but the rain actually forced folks to stay inside and participate … the sessions were fast and furious and some of them pretty intense. It was cramped inside the O’Reilly facility but it sort of reminded me of the old school OSCON events hosted in the basement of the Portland Marriot; small spaces led to so many great conversations (and the booze helped to lubricate things).

Some of my favorite moments:

• Putting names with faces for just about everybody else I follow in Twitter
• Chris Mocko amazing us with his statistical prowess (”I’m less likely to be a werewolf this round”)
• Drinking the XMPP koolaid - XMPP may be the killer app that drives things like OAuth and OpenID … its the data stupid. Really cool stuff Twitter is doing in this space.
• Great OpenID/OAuth discussions
• Portland representin’ with Matt Tucker, Renny Gleeson, Brian Ellin and myself (and technically Brad and David)
• Watching Brad and Eran figure out OpenID <-> Email identifier specification in a matter of minutes.
• Discovery, discovery, discovery.
• Talking about OpenID as a URL (why is that interesting?) as well as UI.
• Realizing that Joseph Smarr is not only a great developer and evangelist for Plaxo, he’s also a great entertainer and tequila provider … err enabler.
• Fantastic Open IPR discussions (yes, this can be fantastic) … I’m always drawn finding an end solution and the idea was hatched for an administrative org like “The Open Web Foundation” to help technologies like OpenID, OAuth and others … who knows if it makes sense … hoping to talk more about this.
• Quality time with Chris Messina.
• Renny Gleeson coining the term “ebrandgelist” and thinking he actually coined it … :-)
• Making Sara Winge laugh and doing my video interview after far, far too much cider.
• Endless games of werewolf until late, late, late into the night.
• Getting to meet Chris Saad and talk seriously about Data Portability (have a whole other post to share on this).
• Sleeping outside both nights while the temperature was in the 30’s … I knew I kept that +15 bag for a reason.

I took about 500 pictures over the weekend and will be posting them on Flickr soon (its going to be tough; Ignite Portland 2 is on Tuesday and I’m not ready!)

What started as a weekend of hacking turned into a chance to bring together a bunch of different folks that don’t necessarily know each other. The biggest thing I’m taking away from this weekend is the direct connection to so many fantastic people. Now when I see their tweets, I’ll hear their voices and see their faces. I don’t know if we’ll do this event again. There was so much interest and we could have done a Social Graph conference on this (easily I think). Hopefully we can weave some of those themes into upcoming events like the Data Sharing Summit or even IIW.

Thanks everybody for participating and I can’t wait to see everybody again soon.

One of my favorite discussions of day 1 at the OpenIDDevCamp was around what you could do with an OpenID end-point. About 15 people showed up to whiteboard and talk first at high-level and then drilling down into the details.

Now, a bunch of folks have been talking about this idea of moving to URL’s as identifiers in recent weeks (even me). The idea is simple; your OpenID is an unique end-point that can act to describe for sites where you get specific services from. For example, if I prove that I’m scott.kveton.com then a website could feasibly query that URI and ask “hey scott.kveton.com, you just logged into my site, can I have your friends list?” or “where can I find your calendar?”

We did our best to try to keep the discussion simple first and then drive into the details of the existing technology. Some basic service types we might want to describe included personal contact information, address book (aka social network or friends list), bookmark service, calendar, photo service or instant messaging. Defining them opaquely we get “my photo service is provided by Flickr” or “I use Google for my calendar”. That’s the easy part.

We had two problems to contend with after we’ve described the types of services we want to expose: privacy and ability to query in or out-of-band. How much information do I want public? How can I share it if I want it to be private for only a few people? Since OpenID works within the browser (consider this “in-band”), what if I want a service (like my photo or calendar service) to update something of mine with my permission when I’m not in front of the computer?

When talking about privacy, it looks like we have the components we need already. In the case of the public data, we can accomplish this with microformats or XRDS right at the OpenID URL. My contact information in hCard, my friends in XFN, etc. Using XRDS you could share where you get specific service types. If you want to lock this up a bit, you can use Attribute Exchange. It allows you to share only what you want to who you want. Ideally you’d be using the same URI’s for both in this scenario.

To deal with the in/out-of-band data problem the idea was floated to leverage OpenID + AX for in-band and OAuth + AX for out-of-band. If I’m logging into a site via OpenID with my browser, I could use Attribute Exchange (AX) to move my private (and public if I want) data. If the web service wants to update something for me or my OpenID provider wants to update something on a service, it can use OAuth which ideally would be automatically setup when the user logs in for the first time to the service.

In the future, we could even consider having an XRDS entry to describe how to add or remove entries into my list of services I use. Now you could have a web service ask you if you’d like to use them as your default photo service or calendar. Very cool stuff.

Now, we have the pieces described for what we want to do. The best part is we’ve been able to turn our OpenID end-point into the choke point for our public and private data. I can see all kinds of applications for other types of information you might want to land there as well (can you say your lifestream?). Looks for some folks (maybe those attending OpenIDDevCamp?) will implement these features in the near future. Let’s get some code out there and start playin’ with it!! Yeah! :-)

Interesting morning today. Did a podcast with Brian Oberkirch on trends in ‘07 and what to look for in ‘08 with respect to digital identity, portable social networking and activity streams. While I’m on the call, I get a twitter (see insert) from @dan_mcweeney saying “Why won’t the OpenID guys just add onto their server the ability to ‘friend’ other OpenIDs?” This I get at the same time as seeing a tweet from @kevinmarks talking about URL’s are people too. Moments later I see another tweet from Kevin talking about Scoble and his recent run-in with Facebook. Talk about the perfect storm for data portability.

I said it on Twitter this morning and I’ll say it again:

@jkuramot i still hold that the single most interesting thing about OpenID is that you prove you own a possible service end-point.

Yes, I just blockquoted myself … ha! None of this stuff is going to proliferate because its open, because it has an awesome community, etc. Its the data stupid. If I can prove that I own the URL (and guess what, its actually me and I’m a person) now I can do all sorts of interesting things there. Put my friend list there. My activity stream. My updates. Contact information. You name it. Plug in a little OAuth love and now I can start talking about having sites talk to me when I’m not in front of my browser. Wowzers.

The fact is, data wants to be free. It doesn’t care about Google or Facebook, etc. Users will do interesting things with their data and trying to stop them is like trying to catch a fly with a set of chopsticks. My lord 2008 is going to be fun.

Update: I’m not the only one thinking along these lines.

I’ve been pondering a “Predictions for 2008″ post for most of the month. I had all kinds of ideas for crazy things I could predict (for example: giant Internet crash leaving millions without Twitter updates leading to mass riots and utter chaos) but with my record for this year, I’d be afraid they would all come true and then I’d be held responsible. Instead, I wanted to talk about trends in 2007 and what they will mean for 2008. Boring, I know … :-)

Almost Famous

Originally uploaded by seminomad.

We’re at a crossroads right now on our march to the “open web”. If you’ve ever seen the movie Almost Famous you might know what I’m alluding to. There is a great scene with Philip Seymore Hoffman (playing Lester Bangs) and Patrick Fugit (playing William Miller):

Lester Bangs: Your writing is damn good. It’s just a shame you missed out on rock ‘n’ roll.
William Miller: It’s over?
Lester Bangs: It’s over. You got here just in time for the death rattle. Last gasp. Last grope.

What Lester is referring to is the fact that rock n’ roll was already a big business. It wasn’t a place any more for the romantic rockers fighting the system. It was the system and it took a visit from Jimmy Fallon’s character to make that clear to William Miller during the movie.

I’ve always been curious about what happens to an industry as it matures. We saw it with newspapers, the telephone, railroads, etc … you name it. Disruptive technologies always cause a proliferation of new businesses but over time we see massive consolidation leading to just a few big entities that decide how things happen and when. The barrier to entry in the market grows and competing with these big companies becomes virtually impossible as competition melts away. The Internet and web are no different.

We’re at the same crossroads that Lester Bangs talked about that rock n’ roll ended up at. The Internet has already seen massive consolidation in 2007 and its clear that the trend will continue. Even more, the US government’s ears have finally perked up and the possibilities (network neutrality - what an oxymoron) by people who think the Internet is a series of tubes is chilling. We’re on the verge of this whole thing being owned by a few companies and regulated by their proxies in public office.

But there’s hope.

If there is one thing we’ve learned in 2007 its that the power of the user is growing. Power to the people and all that. Users want control, they want their privacy if they ask for it and they are voting with their feet. We’ve also seen the emergence of and the realization of a lot of technologies that are helping to define the “open web”. Its these technologies that are helping to answer the needs of users by allowing them to maintain control and manage their privacy. We have to see more of this in 2008 or I’m afraid we go the route of rock n’ roll.

OpenID, OAuth and microformats emerged as the key building blocks to the open web. Everyone jumped on the “open” bandwagon. OpenSocial, Android appeared from Google. Verizon got in on the action. Facebook. You name it. But things are still pretty darn painful. We have some of the pieces for helping make sure the web and the Internet stay open for good, but we have a ways to go.

Looking across the social networking world, I’m still of the opinion that its not something you just do. Your social network is a tool and it should be available everywhere you go. Social networking should be a feature sites, not a destination.

Of course, I’m not alone in thinking this:

The future of social networking is coming into focus and it looks like Facebook-ish features will be increasingly be integrated into your everyday applications.

- Larry Dignan, Social networking: Quietly being subsumed by your everyday apps, 11/14/2007

and of course:

Now it’s practically a given that your time online is social time. Between commercial and peer pressure, you’re expected to maintain both a public presence for general interaction and a semi-private sphere for friends and family, both updated in real time with your activities, opinions, latest interests, location, and cultural tastes. The vehicles for this presence were homepages at first, then blogs, and now the widget-laden profiles on the social networking sites, along with an endless flow of pinging, poking and tweeting. It’s sort of funny that a system built by notoriously socially awkward geeks has turned into a mammoth, never-ending cocktail party. But that’s where we are, and right now, billions are being bet on monetizing the world of constant acquaintanceship.

- John Murrell, Good Morning Silicon Valley - SiliconValley.com

2008 to me will be about building the final pieces of the open web. I don’t see a world with one or two winners in the social networking space. I still don’t believe social networking is a destination; its a feature. How do we make that a reality? Well, we have to be able to interoperate among sites. Users need control of who they are and what relationship they have and those have to work everywhere they go. We need standards and protocols that are open to do that. 2008 will be about creating the final pieces of technology we need to make this reality and then it will be a mad dash to see it all come together.

I for one, will be working hard to make this happen … looking forward to a fruitful (and not Almost Famous) ‘08 … peace out!