Planet OpenID

Johannes Ernst: Black B2B

Fri, 09 May 2008 05:35:00 +0000

Scary, scary. From McAfee's Avert Labs Blog.

Kaliya Hamlin: PARTY!!! after IIW / before DSS Party hosted by Chi.mp

Fri, 09 May 2008 04:40:51 +0000

So this year after the Internet Identity Workshop there is going to be the Data Sharing Summit - in between is going to be the Chi.mp Happy Hour - in honor of Decentralized User-Centric Identity.

It is FREE (if you RSVP) from 6pm to 8pm Wednesday May 14th at Temptations, 288 Castro Street, Mountain View, CA 94041

You can eat there or move on to other fine venues on Castro Street.

I have to say how personally greatful I am to be working with Tony and his team on this event.

I met Tony about 2 months ago in NYC when he came to the Identity Commons meetup that Ryan Janssen hosted with me at Angel Soft. We talked a lot about the community and the history and the future - Ken Jordan, author of the Augmented Social Network: Building Identity and Trust into the Next Generation Internet (2003 First Monday), was there too. He has been doing a great job blogging about the issues on Own Your Identity and I am excited to introduce him to the whole Identity Commons and Data Sharing Community this week.

Kaliya Hamlin: IIW and DSS retweeter set up on Twitter: follow IIW6

Fri, 09 May 2008 04:40:12 +0000

I have a ‘retweeter’ for the week of events set up at Group Tweet. My thought is we should just use one for both events - to help information flow between them. (if people really want a different one for both we can do that but lets discuss)

So how does this work.
First get a twitter account.

Then Follow IIW6 (this is because it is the 6th Internet Identity Workshop)
Then IIW6 will follow you back

When you direct message IIW6 it will be rebroadcast out to all the other subscribers to IIW6.

To direct message you simply type “d iiw6 Kim is giving a great talk in room A”
Then IIW6 will say “via @identitywoman Kim is giving a great talk in room A” and everyone who is following IIW6 will hear it.

With this set up we can talk to each other - back channel like.
The tweets that get sent out are currently sent to public.

If you have never tweeted before I think this a great opportunity to try it.

You can just follow one account - even have it come to your phone (because the volume won’t be that high) to do that you have to set device updates from IIW6 to ‘on’ another step after you click follow. It is very unlikely it will go over you total limit for text messaging for the month usually 150 or 200 messages on a standard plan.

Kaliya Hamlin: More to talk about at the Data Sharing Summit

Thu, 08 May 2008 20:56:53 +0000

Clearly there is lots to talk about next week at the Data Sharing Summit Thursday May 15th at the Computer History Museum with the MySpace Data Avaliability initiative.

OpenID.net: SourceForge + OpenID: Making it happen

Wed, 07 May 2008 23:12:56 +0000

Last week SourceForge quietly added support for OpenID to their site. The news is official now.

SourceForge implemented relying party support (as opposed to just being a provider) which is a trend not often seen by larger players. I wanted to talk with one of their developers to see what it took to make this all happen, especially in a large organization like SourceForge. I spoke with Luke Crouch who was the lead developer on the project.

In this podcast I try to cover some of the questions that large sites have to consider when adopting OpenID as well as ask a bit about the future for open technologies at SourceForge. Hope you enjoy it.

The OpenID Buzz: SourceForge Implements OpenID Technology - Primenewswire (press release)

Wed, 07 May 2008 22:20:55 +0000

SourceForge Implements OpenID Technology
Primenewswire (press release), CA - 3 hours ago
OpenID is an open, decentralized, framework for digital identity that eliminates the need for multiple usernames across different websites. ...

Martin Atkins: Next Week

Wed, 07 May 2008 20:37:40 +0000

Next week is going to be a busy one. From Sunday for a week and a half I'll be visiting San Francisco. The first week is all but consumed with things relating to identity and data portability, which I'll be attending:

The newly-enlarged OpenID Foundation board will be having its first face-to-face meeting.
The OpenID Foundation is organising an "Open House" meeting where everyone in the community is invited to come along and discuss with the board how best to promote OpenID and what directions the community would like the Foundation to head. This event is part of the first day of IIW, and will be at about 1:30pm on May 12th at the Computer History Museum in Mountain View.
May 12th through 14th is another Internet Identity Workshop in Mountain View. I'm looking forward to catching up on what everyone's working on and having some more valuable discussion about problems facing online identity in general and OpenID specifically.
On Thursday 15th, also at the Computer History Museum, is the Data Sharing Summit which I only found out about at the last minute but I will be attending.

The OpenID Buzz: SourceForge Now OpenID-Friendly - Mashable

Wed, 07 May 2008 18:56:23 +0000

SourceForge Now OpenID-Friendly
Mashable, CA - May 7, 2008
SourceForge, an immense base of open software development and discussion, today announces its newly instated mechanism for accepting OpenID users. ...

David Recordon: Internet Identity Workshop 2008

Wed, 07 May 2008 11:00:15 +0000

Next week down in Mountain View is another iteration of the Internet Identity Workshop. For those of you that don't know about it, IIW has been an event that has really helped to shape the user-centric identity community over the past few years. It is where I met people like Drummond Reed and Gabe Wachob which led to the creation of a richer form of discovery for OpenID (and OAuth) services. IIW is almost entirely run like a BarCamp with the majority of the time being scheduled by the people that show up. It really is the conference that helps get stuff done, so if you're in the Bay Area next week you should try to stop by.

http://iiw.idcommons.net/index.php/Iiw2008a

Carsten Potter: Germany: OpenID Related News

Sat, 03 May 2008 18:21:56 +0000

For Saturday evening just three quick notes about OpenID related news from Germany:

Dennis Blöte of event calendaring service Venteria has launched a Ruby on Rails based OpenID server called masquerade. You can have a look at the code here.
Dennis has also launched an OpenID provider as a demo application which works rather well. It’s also one of the first providers supporting Attribute Exchange. And it seems to also support VeriSign’s SeatBelt plugin. Really good.
OpenID provider xlogon has supported the Verein Deutscher Bibliothekare (Society of German Librarians) to enable its website with OpenID. The society needed a convenient way for granting members access to a protected area of its website (see press release, German, PDF).
The society and xlogon also provide a step by step introduction to OpenID on the society’s website. I think it’s crucial to explain a new login system to members as it helps to raise acceptance. Well done.
Oliver Wagner has co-authored an article on the pros and cons of OpenID for the print magazine Das Wirtschaftsstudium (Economic Studies). The magazine focuses on education and career opportunities for students of economic studies. So a different audience will know about OpenID soon. the article can be downloaded already (German, PDF).

Share This

The OpenID Buzz: What Will Microsoft Do With Credentica?

Sat, 03 May 2008 18:00:01 +0000

Anybody following Identity/Privacy today is rooting for OpenID. They look like the good guys and they have momentum. However the purchase of Credentica by Microsoft in March was below most people's radar screens. You would need a keen interest in Identity/Privacy and Cryptography to have taken notice, and you're already rooting for OpenID, so why even look at what the Beast of Redmond is doing? This must be an evil plan to suck us all into Hailstorm 2.0, right? Maybe not.

It might be worth giving Microsoft some benefit of doubt for a while. First, my CliffsNotes on why Identity/Privacy matters:

To Publishers: You need to show Advertisers/Marketers that your audience/community has some spending power. And you need to personalize the content to make it more useful to your audience/community. You need to do both without giving out any private information that would annoy your audience/community and put them at risk of spammers and bad guys.
To Advertisers/Marketers: You need to know whether the people reading/watching/listening to content have budgets to spend money. Without getting any private information that you might just possibly be tempted to use for some nefarious spamming campaign.
To Users. There are things about you that you want to shout from the rooftops. And things you want to keep away from the eyes of people who might use it to harm you. But you also need to move around online from site to site without any registration hassle.

That was easy enough to write, but it is much more difficult to deliver. Squaring the privacy vs. personalization circle is hard. That's why nothing has yet hit the spot.

The privacy backlash has predictably got the politicians and regulators into the act. Yet, they might just make it worse. A ham-fisted regulation - most regulation related to technology is ham-fisted - would ruin the business for publishers and advertisers and probably be quite easy for the really bad guys to hack.

On top of that, some governments just love to know what all their citizens are doing and that is not always in the citizens' interests. Would you want your government as the repository of all citizen private data? ... That's what I thought!

So who would you trust? Microsoft? Hmm, they tried that with Hailstorm and had their heads handed to them. Maybe Google? After all they already know all your searches and you have to trust them not to use that to identify anything about you personally. And Google said "don't be evil" and we mostly think they included themselves in that injunction. But who knows, even good guys can be tempted or get bored and let the bad guys take over.

So the answer for most people would be "None Of The Above." Which implies that nothing will happen, the status quo will remain. But that is clearly not ideal. It means that your personal information is scattered across lots of sites, most of which will have relatively weak security, so that hackers can easily get it. Just like they did recently at Facebook.

Ok, lets test that. Who would you trust to store all your private information? Please vote in the poll below.

Who would you trust to store all your private information?
( surveys)

That's why Credentica is important. Look at this 5 minute video to understand the technology. I don't know anything about cryptography, but it appears that the people who do understand it believe that Credentica is technically secure.

So then it is a question of trust. What will Microsoft do with Credentica? Which is a question that nobody has the answer to. Although I am sure many people have opinions -- and feel free to leave them in the comments. Steve Ballmer, what's the deal? What do you have planned?

Quite possibly, Microsoft is still figuring it all out. They do have somebody called Kim Cameron who has been thinking about online identity longer and deeper than most. His bio says:

"Kim Cameron is Chief Architect of Identity in the Connected Systems Division at Microsoft, where he works on the evolution of Active Directory, Federation Services, Identity Lifecycle Manager, CardSpace and Microsoft's other Identity Metasystem products.

Kim joined Microsoft in 1999 when it bought the ZOOMIT Corporation. As VP of Technology at ZOOMIT, he had invented metadirectory technology and built the first shipping product. Before that he led ZOOMIT's development team in producing a range of SMTP, X.400, X.500, and PKI products.

Kim grew up in Canada, attending King's College at Dalhousie University and l'Université de Montréal. He has won a number of industry awards, including Digital Identity World's Innovation Award (2005), Network Computing's Top 25 Technology Drivers Award (1996) and MVP (Most Valuable Player) Award (2005), Network World's 50 Most Powerful People in Networking (2005), Microsoft's Trustworthy Computing Privacy Award (2007) and Silicon.com's Agenda Setters 2007.

Kim blogs at identityblog.com, where he published the Laws of Identity."

He's Canadian, so he can't be evil... and he says he is a "strong proponent of OpenID." (As you can hear/see here.)

So it doesn't look like Microsoft is planning to replace OpenID. Perhaps they just plan to make it secure.

OpenID has the right approach with multiple providers, but as Cameron points out, it is open to abuse by hackers and ID phishers. That is where the OpenID's multiple providers have a branding/trust problem. Out in the wild, who knows the difference between MyVidoop, ClickPass, and EvilPhisher? (I made that last one up).

Credentica had/has a Java SDK. I hope Microsoft keeps this, while also offering a .Net equivalent. For many entrepreneurs the Java vs .Net decision is pretty immaterial, the decision comes down to skill availability. Keeping the Java SDK would increase trust a bit.

Microsoft will have to work hard to forge developer trust in this area. If they can win over developers they have a strong story to tell. The game will shift from just being an ID Provider to offering "secure ID" as a feature of your service. In other words, they will shift this "up the stack," which will be a threat to an ID Provider that plans to use that one feature to build a business, but maybe great for other entrepreneurs.

Carsten Potter: More Support for Open Standards on MyBlogLog and Digg

Fri, 02 May 2008 03:09:04 +0000

MyBlogLog is becoming the most talked about service on this blog, I guess. Maybe I should make it a weekly feature.
Well, what’s the news of today then? MyBlogLog is an OpenID provider now. And no, sadly it’s not a relying party as well.

Users who want their MyBlogLog profile URL to be an OpenID identifier have to opt-in at the Yahoo! OpenID site. So it is no surprise that this implementation provides the same features as Yahoo!’s (see my post about it). It also means that users don’t have to log in with their complete profile URL (http://www.mybloglog.com/buzz/memebers/username) but can shorten the OpenID to mybloglog.com. OpenID 2.0 and directed identity make it possible.

Also interesting to note is the blog post about MyBlogLog’s OpenID support by Shreyas Doshi, product manager for Yahoo!’s OpenID initiative:

With this change, we have also eliminated the only-one-custom-OpenID-identifier per-account restriction. This means that you can select both your Flickr photostream AND your MyBlogLog profile URL as your OpenID identifiers, in addition to creating a pretty me.yahoo.com identifier.

Can we speculate about del.icio.us and Upcoming OpenID identifiers as well now? More providers? Please become relying parties!

By the way, MyBlogLog also added a nice FOAF icon next to the vCard and hCard icons on profiles. They heard you, Robert.

And Digg?

Meanwhile Digg has added XFN support to user profiles and RDFa to submitted stories. Good to see further implementations of open standards on Digg. Maybe we will eventually see OpenID support. Announcements have been made more than once.

Share This

Johannes Ernst: Intro to OSIS Presentation

Fri, 02 May 2008 00:29:00 +0000

If you want to learn about OSIS, I put my presentation on OSIS at last week's European Identity Conference on-line here.

For the first time, I'm trying out slides plus audio; let me know how it works. This is an export out of Keynote; I was hoping the file would be smaller, but neither Quicktime nor Flash seem to optimize the slides well when exported from Keynote with sound.

[permanent link]

Simon Willison: SourceForge Allows OpenID Logins

Thu, 01 May 2008 13:05:51 +0000

SourceForge Allows OpenID Logins. Excellent—SourceForge is the kind of site that I log in to infrequently enough to always forget my password (and indeed username) making OpenID a great fit.

The OpenID Buzz: Updating WP-OpenID to support ID Selector

Thu, 01 May 2008 03:32:12 +0000

Updating WP-OpenID to support ID Selector all Posted Wednesday, 30 April 2008 Read 1 comment Today I spent a few minutes modifying the WP-OpenID plugin to support JanRain’s ID Selector. I added OpenID support to billso.com last month. This page has more information about the OpenID signle sign-on (SSO) system. Short story: OpenID lets users log in to a site with an ID they obtained on another web site. There are many different providers of OpenIDs, and many Internet users have not heard of t

OpenID.net: SourceForge Allows OpenID Logins

Thu, 01 May 2008 00:15:56 +0000

If you use open source software then you’ve probably heard about SourceForge before. If you develop open source software then you’ve probably even used some of their infrastructure in the past. Today they’ve made it even easier to login to SourceForge with OpenID. SourgeForge.net isn’t acting as an OpenID Provider but rather is accepting OpenID logins; this is a good thing and reinforces the trend of sites like Ma.gnolia only accepting OpenID logins.

In their announcement OpenID on SourceForge.net they say, “OpenID is getting tremendous traction and we’re happy to be jumping into it. it’s bringing us back in touch with fresh web (2.0) technology. as a decentralized open-source standard, it’s a perfect fit for us - it allows us to streamline more user interaction and participation with our site, and hopefully more for the whole OSS community.” As Steven Osborn points out, SourceForge.net is now one of the most prominent single sites that accepts OpenID to login. Steven also goes on to talk about some of the more advanced things SourceForge allows you to do with your OpenID if you do wish to use your profile URL as an OpenID too.

Congratulations SourceForge for continuing to help get OpenID in the hands of open source developers on a daily basis!

The OpenID Buzz: SourceForge Allows OpenID Logins

Thu, 01 May 2008 00:15:56 +0000

The OpenID Buzz: The search for Identity 2.0 - New Zealand Herald

Wed, 30 Apr 2008 22:42:44 +0000

The search for Identity 2.0
New Zealand Herald, New Zealand - Apr 30, 2008
The idea ties in closely with the OpenID movement which Hardt is involved in. OpenID allows web users to register with an OpenID provider and then use one ...

Steven Osborn: SourceForge Ships OpenID!!

Wed, 30 Apr 2008 21:03:10 +0000

SourceForge.net shipped support for OpenID this morning followed by an official announcement on their community forums. In just a few seconds I had my OpenID tied to my existing SF account. Their implementation seems very solid and straight forward.

This certainly makes them one of the largest, most prominent OpenID Relying parties to date.
I sure hope this leads to all of OSTG websites ( Slashdot, Thinkgeek, Freshmeat, etc…) following suit.

Their front page now advertises: 1,840,049 Users + 250,000,000 OpenIDs

Their OpenID management screen is really hot; It allows you to add additional OpenIDs to your account, decide which one you want to make public (if any) and choose one to delegate your SourceForge.net endpoint to. So developers can use http://sourceforge.net/users/username as their OpenID endpoint.

Digg It!

Kaliya Hamlin: IIW Monday is FREE & program announced

Wed, 30 Apr 2008 20:00:24 +0000

If you are wondering what the Internet Identity Workshop is all about we have a new articulation posted on the main wiki page for our upcoming conference. It goes into the range of topics covered along with the technology and social issues. This is our 6th event and I think it will be a great one.

**** MONDAY IS FREE (beginning at 1PM) ****
We have Monday’s program figured out and Monday afternoon is FREE to anyone who wants to come and check out the emerging field. We will open at 1pm.

We will open with a ‘newbie’ perspective from Ryan Janssen who has been an amazing active reader of the community blogs and writing about it as Dr. Star Cat

Everyone will get a hand out of all the community project one pagers.

Presentations will then follow about five centers of gravity in the community that we see:
The VENN OF IDENTITY
1) OpenID - David Recordon
2) SAML/Liberty Alliance - Paul Madsen
3) i-cards - Pamela Dingle

4) Data sharing/linking - Drummond Reed
5) Vendor Relationship Management Project - Chris Carfi

Between 3:30 and 4:00 we will be all together - considering “what useful things can we do” along with other questions please be there for this if you feel all up to speed on “everything”. We think that the presentations will be informative for those already familiar with the landscape it has moved forward since we last were together - so we encourage you all to get there at 1PM.

We are working on a blog push on Thursday May 1st - blog about it that day- (if you miss that day - blog about it anyways over the weekend)

Carsten Potter: Online Shopping with OpenID

Wed, 30 Apr 2008 18:34:10 +0000

A couple of weeks ago Thomas Huhn and I discussed OpenID and online shops. We noticed that hardly any of them have adopted the technology yet. Well, actually I don’t know any at all. Maybe Thomas knows some. However we noticed that more and more shops - at least in Germany - don’t require customers to register an account permanently if they don’t intend to return to the site later. Creating accounts is just a matter of convenience. No need to provide details once again if customers return.

Though from my own experience I can say that I am hesistant creating accounts at online shops. If I have the option to purchase products without that step, I go for it. I rather type in the required information once again if I return to a certain shop later. There is no specific reason why I don’t want to create accounts all over the place. Maybe I just want to keep the number low.

What about OpenID?

Online shops should implement OpenID. That changed things for me. I had to provide necessary details like my address just once. Not to any shop but only to my OpenID provider. There are cool extensions to the OpenID protocol which support this: Simple Registration and Attribute Exchange (also see Dennis Blöte’s excellent article on the topic). Both extensions allow transfer of profile data from an OpenID provider to a relying party, e.g. a shop. The first time I confirm my OpenID to a shop, it (=the shop) asks for that data. If I allow it to always fetch that data all future authentication requests work without me interferring.

So what happens if my address changes? Now you might argue that I still had to update all my accounts at online shops. I think that’s unnecessary. Shops don’t even have to store that data. Thanks to Simple Registration and Attribute Exchange. Assuming my address changes I will update it at my provider. When returning to a shop it simply asks my provider for the necessary details again and gets updated information. It’s really that simple: the shop will always have updated data but doesn’t have to store it and doesn’t even have to ask me for it. When the products are delivered and paid, it can delete my data.

Recommendations

Can online shopping be even more convenient? APML comes to mind. It collects users’ attention data and their interests, e.g. their favourite music or movies. Just think of Amazon’s recommendation system. The data is stored in a file which can be shared and parsed by services that support the standard.

The APML file can be stored everywhere. Why not at my OpenID provider? A shop could ask for that file and it would be transferred to it from my provider and I could get recommendations based on my attention profile even if it’s the first time I visit the shop. That’s not suitable for every kind of shop, of course, but for CD shops it worked if my APML file contained all the music I listened to on Last.fm for example. And that’s the difference to Amazon. Amazon can only recommend products to me if I already purchased products there or surfed the site intensively. A shop supporting APML can do that right away.

As far as I know there is no discovery specification for APML files yet. I had to tell the shop where it is. But I think that problem could be solved someday. I am not a developer, though. So maybe it can’t!? Update May 3: Actually there is discovery already implemented. I just should have had a look at the source of my blog. It looks like this:
<link rel="meta" type="application/xml+apml" title="APML" href="http://example.com/apml"/>

Well, it was even a greater shopping experience if the online shop could update my APML file based on the products I purchased there and wrote it back to my OpenID provider. Once again I don’t know how this could work. Maybe OAuth is a solution or even Attribute Exchange as it is capable of storing data at the OpenID provider. Maybe some clever minds know. I just write stupid articles.

Conclusion

Maybe those ideas are really just plain stupid but I think OpenID could really help making online shopping more user friendly. There are benefits for both customers and shops. Customers don’t have to deal with registration processes anymore and get better recommendations for products they might be interested in. On the other hand, shops will always have more accurate data of their customers and with APML support they could even boost sales because customers are only shown relevant products. Also they can save on data management.

Maybe there is even some revenue for OpenID providers. Since they provide user data and even valuable attention profiles they could get a fixed percentage of sales made ~~by their users~~. Think of credit card companies’ business model.

Share This

The OpenID Buzz: 4 Tech Blogs that are OpenID FAIL (and 1 that isn’t)

Wed, 30 Apr 2008 17:19:27 +0000

After last week’s post about taking a stand for OpenID, Kelly Guimont suggested a list of offenders; that is, tech blogs that don’t walk the OpenID walk. Here are four big tech blogs that fail, as well as one that’s doing things right: TechCrunch - no OpenID support. I sent a note to @TechCrunch on Twitter and didn’t receive a response. Web Worker Daily - no OpenID support. I asked a question (appropriately enough in a post about OpenID) and received this answer: Aaron, thanks for the sugges

The OpenID Buzz: The Weekly Source Code 25 - OpenID Edition

Wed, 30 Apr 2008 07:11:42 +0000

The Weekly Source Code 25 - OpenID Edition Posted in ASP.NET | ASP.NET MVC | DasBlog | Identity | Source Code We spent a lot of time at Corillian (my last job) thinking about Identity, and a few months before I left I started getting into Cardspace and OpenID. This was a little over a year ago. We did a podcast on OpenID as well. At that time, I tried to take the only .NET implementation at the time of OpenID which was written in in Boo written originally by Grant Monroe and port it to C

Brad Fitzpatrick: C++

Wed, 30 Apr 2008 06:50:19 +0000

I've been writing a bunch of C++ lately, both inside and outside of work. Really, once you learn what the gcc error messages actually mean, then it's smooth sailing. My mean time between bugging evan continues to drop ... a little.

I regularly bounce now between C++, Java, JavaScript, Python, Perl, and Sawzall. I wish I could say something more profound than that they all suck in their own special ways. (I suppose the cheery angle is that they're all beautiful snowflakes too, but...)

Actually JavaScript is almost the least annoying, from a language perspective. JavaScript with the whole DOM and browser crap is a whole different story ... but embedded JavaScript is great.

I wrote something in plain C the other day and besides being kinda nostalgically quaint, it kinda blew. I eagerly await rewriting it in C++.

Back to C++ fun....

The OpenID Buzz: Portable Identity and the BBC - ComputerWeekly.com

Tue, 29 Apr 2008 17:37:53 +0000

Portable Identity and the BBC
ComputerWeekly.com, UK - Apr 29, 2008
We've spoken about OpenID before on this blog (see entries from 9 Feb 2008 and 7 Feb 2007) and I've been quite enthusiastic about the prospects for this ...

David Recordon: OpenIDDevCamp Next Week at CommunityOne (JavaOne)

Tue, 29 Apr 2008 17:27:49 +0000

Next week Sun has offered to host an OpenIDDevCamp at their annual day-long CommunityOne developer conference the day before the start of JavaOne. More details are on the OpenID blog but it is Monday May 5th from 11am to 8pm at the Moscone Center in San Francisco. You don't need to be registered for JavaOne to attend, the post on the OpenID blog contains a discount code which will get you in the door.

This isn't the first OpenIDDevCamp, back in January we hosted the first OpenIDDevCamp at Six Apart which was a great success. Unfortunately I'll be on an airplane to XTech, but if you'll be in town for JavaOne then definitely think about stopping by and meeting some of the great people in the OpenID community.

OpenID.net: OpenIDDevCamp at CommunityOne 5/5/2008

Tue, 29 Apr 2008 17:08:27 +0000

What better way to spend Cinco de Mayo then with a bunch of your favorite OpenID community members learning more about OpenID? :-)

Sun has offered to host an OpenIDDevCamp at their annual day-long CommunityOne developer conference the day before the start of JavaOne. Not only will you get a chance to talk with OpenID developers you’ll also get to interact with members of other open source communities (such as Drupal and Ruby on Rails). Vidoop’s Michael Richardson is going to be helping lead the efforts with the help of other community members.

Monday May 5, 2008 - 11am - 8pm
Moscone Center, San Francisco, CA

We’ll be in Hall A and we’ll have tables, white boards and wifi. We’ll get things started at 11am and will run until 8pm. The CommunityOne reception will be in that hall from 6 - 8pm (read: free as in beer).

Please register for the event. In the “referral code” field, put in “OpenID”. That will get you in the door. General session is from 9:30am - 10:45am (see the website for more details).

Once signed up, you’ll receive the SWAG bag, lunch and be able to participate in the reception. Not only do you get access to CommunityOne but you get a free pass for Day 1 at JavaOne. CommuntiyOne is a free event.

Looking forward to seeing you there!

The OpenID Buzz: OpenIDDevCamp at CommunityOne 5/5/2008

Tue, 29 Apr 2008 17:08:27 +0000

What better way to spend Cinco de Mayo then with a bunch of your favorite OpenID community members learning more about OpenID? :-) Sun has offered to host an OpenIDDevCamp at their annual day-long CommunityOne developer conference the day before the start of JavaOne. Not only will you get a chance to talk with OpenID developers you’ll also get to interact with members of other open source communities (such as Drupal and Ruby on Rails). Vidoop’s Michael Richardson is going to be helping lead t

The OpenID Buzz: Spring (Acegi) Security 2.0 Adds OpenID Support, REST Capabilities, and Performance Improvements

Tue, 29 Apr 2008 01:38:00 +0000

Spring Security 2.0 has been released after almost two years of development. This new release replaces Acegi Security as the official security module for Spring applications and includes significant enhancements and new features. By Dionysios Synodinos

Dennis Blöte: On OpenID Attribute Exchange

Mon, 28 Apr 2008 23:01:00 +0000

OpenID lets users verify the ownership of an identifier - namely their OpenID URL. The protocol can also be used to exchange further data and that is what the extensions SReg (Simple Registration) and Attribute Exchange are for.

You all probably know the case where you sign up for a new service using your OpenID: You are asked to identify and in most cases to submit some extra data, like an username and your email address. These are used by the relying party (the service you signed up for) to create an account and prefill the disclosed attributes. Almost every identity provider offers the possibility to manage different personae, so that you can decide which of your information should be used to sign up with. For instance you may have two personae: One for personal use and another one with your business data.

At first, there was only SReg, which has a fixed set of nine attributes: nickname, email, gender, fullname, dob (date of birth), postcode, country, language and timezone. This offers the possibility to exchange some of the most basic user attributes, but has a major disadvantage: The set of attributes is fixed and cannot be extended, so that it is not possible to exchange the name of your home town or your website url.

This is where Attribute Exchange comes into play: AX does not give us a fixed set of properties - it is a namespace in which custom attributes and their types can be defined, as for instance the ones that are defined in AXSchema. An attribute is a combination of type identifier, title, count and value. The type identifier is an URL and defines what the property is - a street address, phone number, blog url, whatever. The title is used to inform the user about the kind of data being requested, for instance “Your ICQ number”. Count defaults to one and offers the possibility to request more than one value of the same type. The value is the data that the user/identity provider discloses.

Right now AX suffers the chicken-egg-problem: It is rarely supported by relying parties and identity providers - why request, when there is no one who responds? Same the other way round… but AXSchema lays the ground to solve this problem: Relying parties are given a set of attributes they can start to request and identity providers who already support SReg can easily migrate to support AX. Theoretically Simple Registration is deprecated, now that there is Attribute Exchange.

But there is even more to it: AX is not just about relying parties fetching user data, the specification already contains store requests, too. Attribute Exchange Store can be used by the relying parties to transfer updated data back to the identity providers. Well, this seems to be far ahead, but nevertheless it offers interesting possibilities and I will spend some time experimenting with it.

Last week I implemented the fetch part of Attribute Exchange in masquerade. It was fairly easy, as it is already supported by the ruby-openid gem and one basically just has to define some extra mappings for type identifiers to persona attributes. The only other identity provider supporting Attribute Exchange Fetch I know so far is MyOpenID. They do not support the AXSchema type identifiers, but I guess this will be fixed soon, which would be great, because MyOpenID seems to be pushing the innovation in the OpenID community.

To offer myself a sandbox in which I can test exchanging data between identity provider and relying party, I also implemented AX fetch requests for venteria. Theoretically - or practically, if your identity provider supports AXSchema - you can now update your venteria profile with your submitted persona details on every login.

I will be using Attribute Exchange extensively in my bachelor thesis, which is about identity management in academia. I will be using masquerade to setup an OpenID provider for the University of Bremen so that we can offer OpenIDs to students, who can use them to sign up for lectures or use them to verify their student status to relying parties. This is an interesting field of research and some work has already been done - for example there is an eduperson namespace defined in Shibboleth. Follow up my progress here, as I will be writing about it in the upcoming weeks

Technorati Tags: OpenID, Attribute Exchange, AX, SReg, Simple Registration

OpenID Directory: Orange Telecom is taking the lead again

Mon, 28 Apr 2008 09:15:05 +0000

Orange Telecom a couple of months ago was the first Telco worldwide that provided their customers with an OpenID. Last Thursday I had the privilege to be part of the ‘User Centric Mastermind’ panel of the 2nd European Identity Conference, which led to some interesting new insights on how Orange is pushing things further.

Moderated by Johannes Ernst the discussion led to the question if Orange wasn’t building a new walled garden for their users: By loosing their OpenID after leaving Orange they would also loose access to any of their accounts that they used with this OpenID before.

It was interesting to hear that Orange had already thought about this problem and decided to “not be evil”, which means that Orange still lets their former customers access their OpenID accounts after the contract has finished. That way the user can change his settings and move to another OpenID provider step-by-step without any hazzle.

This is definitely a best-practice example that hopefully other providers will follow.

The panel “pre-meeting” during lunchtime with (from right to left) Snorri Giorgetti (OpenID Europe), Ariel Gordon (Orange Telecom), Helmer Wieringa (Reed Elsevier), and …

… Thomas Huhn (lifestrea.ms, spreadopenid.org, openiddirectory.com), Johannes Ernst (Netmesh).

Kim Cameron (Microsoft) was late, but jumped right into the discussion.

Kudos to Christoph Ducamp for the photos.

Brad Fitzpatrick: Scaling

Sat, 26 Apr 2008 05:42:46 +0000

I'm going to scale my foot up your ass. Hah.

David Recordon: Web 2.0 Expo -> PodCamp NYC

Fri, 25 Apr 2008 16:39:06 +0000

After an exhausting (two panels and a talk) Web 2.0 Expo in San Francisco, I jumped on a red-eye last night to New York for PodCamp NYC 2. While Anil would normally be the one to attend, he's off having fun at ROFLCon instead.

I really enjoyed Web 2.0 Expo this time around, had a lot of fun on both of the panels and have heard good things about my talk on Open Platforms. Six Apart also had a booth this year which seemed to always be full of people wanting to talk to us and learn more about what we're doing!

I figure one of these days I'll write my thoughts on "data portability" as I keep getting quoted about 5% off from what I said.

Kaliya Hamlin: Identity Commons Q1 2008 Report. DONE!

Thu, 24 Apr 2008 21:08:27 +0000

I am excited that our second set of “official” quarterly reports as been wrangled, compelled, edited and published on the IC blog and in PDF format. If you are wondering what all is happening in the communities work on user-centric identity technology this is the one thing to read and the best part is it is updated very three months. We welcome new groups joining the community - it is a simple process.

We are a community of groups working on addressing the social, legal and technical issues that arise with the emerging, identity, data and social layer of the internet.

Highlights from Q1 2008 Reports

The 6th Internet Identity Workshopis coming up May 12-14, immediately followed by a Data Sharing Summit.

The OpenID Foundation had 5 corporate members join the board - Google, Verisign, Microsoft, Yahoo and IBM. OpenID Japan was founded and guidelines for local chapters are being developed.

OSIS Open Source Identity Systems is working towards the completion of its third major Interop event (at RSA and the European Identity Conference) with 57 projects participating.

XRI 2.0 will be going to a vote within OASIS shortly.

Higgins 1.0 was released on Feb 21st.

Project VRMis leading a 1.5 day workshop at the European Identity Conference and has an active London Chapter. Work continues on the initial text case Personal Address Management

New Groups of Note:

Enterprise Positioning is a community of people inside enterprises who need to understand and explain the application of user-centric identity in that context. page 10

IC Evangelism and Marketing began to help develop clearer messaging for Identity Commons and develop a values statement. page 8

Newbies 4 Newbies have given invaluable feedback on the language used to articulate user-centric identity, helping to improve the Internet Identity Workshop announcement significantly. If you are new to User-Centric Digtial Identity – wondering what they heck is all this stuff – what do these acronyms mean – this is the group for you. page 10

The Photo Group started with three groups on Flickr 1) Identerati Portraits, 2) The Art of Identity and 3) Member Gallery with the photos they have taken. page 11

The Quiet Groups:
IC Collaborative Tools
XDI Commons
Identity Schema
Identity Rights Agreements
Identity Futures
IdMedia Review

PDF of Report

Kaliya Hamlin: Data Sharing Workshop Report

Thu, 24 Apr 2008 20:37:40 +0000

We had an amazing group that gathered for the Data Sharing Workshop April 18 and 19 (Our Summit is coming up May 15th). It was as we had envisioned - a range of people from large portal companies, device manufactures and small startups.

We had 5 great sponsors Vidoop, Plaxo, BBC, Twine, and Broadband Mechanics. We met at the SFSU Center for the Next Generation Internet and collaborated with the dataportability.org community.

Attendees included those new to the space and veterans who have been working on the issues involved for years. We invited 9 different industry people to open our morning by sharing what they saw as the problem and where we were at.

Everyone introduced themselves and then we dove into making a really great agenda wall.

We also had a Wall of Results. Each session was asked to out put an 11×17 piece of paper what they got done.

Here are some notes from those summaries and the wiki. (please feel free to add more to the wiki if you were in a session and took notes)

How to help you help yourself? was one of the opening sessions lead by Angus Logan of Microsoft. This was really focusing on how to get away from the give us your password and we will scrap your data for you method of users getting their data out.
* User Experience is Hard
* HOw do we get sites to adopt new methods?
o Make sure API’s are truly functional equivalent to scraping
o try to make the UX work well
o Get good PR and Goodwill from getting off passwords
o provide libraries, sample code tutorials
o Host hackathons
o be patient - everyone’s really busy

Being careful with the word own was a session lead by Gabe Wachob
The words we choose when talking about these topics because of the unintended consequences:
* if we define in terms of rights?
* frame the term for the public policy discussions that will come
* “control” has similar issues
We need Creative Commons like understandable controls for your data
We need to initiate conversations
Examples
* who “owns” your bank account balance

What is Identity Commons?
This covered a bit of the history and an explanation of our loose community structure. It is outlined on our wiki. We have 12+ community groups

The ecosystem conversation was interesting - the sense that people had was that we are in the age of “data sharing” similar to the time before cel phone number portability. Marc Canter highlighted formats that have become normative and should be abstracted out.
* Social Graph
* Contact list
* Media Gallery
* Ubiquitous Content
* ID - persona’s and groups
* LIVE WEB events
* Feed Actions
* Blogging - Regular and Micro
The following is needed: Marketing of what the benefits are to relying parties and to vendors. Turning the customer acquisition budget.

Questions were raised about what standards are in this space. There were some that were articulated Note that this list is not comprehensive. Please feel free to add more.

Feeds and OAuth:
* Start by trying to access feed as if it were public:
o username -> profile -> feed url
* Get 401 with auth resp. header if it’s only private, or 200 + link_rel to private version
* Do OAuth discovery or the profile/feed URL
* Perform OAuth -> Get token
* ask for feed with token in authorization headers
* SUCCESS!!

WHAT IS DATA PORTABILITY?
This was an interesting rambling conversation for 2.5 hours.

Clarity emerged around stakeholders and means of engagement. concerns were expressed about improving communication.

* Are data portability and OpenID apples and oranges? there was a healthy debate
* Where is the consensus -Today?

* Terminology heard in the converstaion
RSS, APML, i-card, Open Stack, Identity, Permission, Attention, Container, OAuth, owner, viral, openID, FUD, Interoperability, data sharing, data portability, OSIS.

* Means of Engagement
o specs-style reporting
o bi-weekly outreach
o more blogging
o pull input + commentary
o Don’t ask for comment
o date v. marry

* Concerns/ Threats / Challenges
o Hype v. Beef
o What is the story?
o Is DataPortability THE umbrella phrase?
o Politicizing + Emotion
o Lack of clarity on Scope

* Where is the consensus today?
This was not fully clear but there was a good conversation.

URLs are People too…Social Graph API
* Links are relationships
* Rel=”me” connects ourselves
* rel=”friend” etc. connects to friends
Social Graph API is a cache of the distributed social graph of the public web.

Open Social Q & A

Portability by moving Apps to where the data is or bringing the apps to the users contexts.
Networks as different countries * friends may be hidden * technology: 1 Google, 3 apis (people, friends, activities) — Not as border controls but to extend websites to where users are now
Data: person info; viewer friends; page owner (can be viewer); page owner who’s not a person ; not relationships or thoughts but correlations between what people have already created
User Experience: Apps centric, not in terms of google’s functionality or assumptions
Container determines contxt when linking people and because the user builds the container(s), control is appropriately there
Apps: Most successful will be basic data sharing that have universal applicability; word-of-mouth / engagement viral v. demographic targeting or size-of market targeting; to focus on mail functions is to serve the disease, which will eventually develop immunity
Enables data portability by bringing the applications to where the data is.

OpenSocial — A foundation
* openID based
* Opensource problems
* myspace, orkut, are shipping now
* make doing social stuff easier

What is XDI ?
XDI = XRI data Interchange
XRI = eXtensible Resource Identifier.

XDI is a “PDF for Data” - a portable format for sharing data across applications and services
XDI is also a simple RESTful protocol for sharing data using XDI documents
XDI includes portable permissions called XDI Link contracts

An Open Address Book - we had several folks in attendance telco’s and handset makers. they talked about the big idea - ” We need a single schema for person information” then asked Is this realistic? Finally concluding Death of the phone address book? (Long live the phone address book!)

Semantic Web and Data Sharing
Native
* rich
* low interop
* links internal/proprietary/ not at all

HTML
* LCD
* Highly interoperable
* standardized links
* semi-structured

RDF
* rich description
* ? interop
* no links other then correlation
* not structured

XDI
* Rich
* High Interop
* Fully Linked
* Fully Structured

LLLI/Kintera Use Case and Solution:
In this session we explored the OpenID, XRI and XDI solution deployed to satisfy the Le Leche League International distributed data requirements. The software solutions provider Kintera has been a partner with ooTao in this effort. Kintera hosts 128 Million individual profiles so can help create significant adoption figures on its own.

We saw how each individual member and every system component was given an XRI identifier. In the case of individuals the XRIs - i-names were associated with OpenID services for authentication and in the case of system components the XRIs were given public/private key pairs in order to authenticate to other system components.

The result of the LLLI work is a WORKING distributed data management system that leverages distributed identity for its authentication and authentication mechanisms. For more information contact Andy Dale via his iPage at =andy

Restful Data Addressing
Mike Mell Led this session articulating a proposed syntax for Restful data addressing. He articulated these goals:

pure HTTP requests
UserAgent to server
server to server
secure
Fine grained addressing and permissioning of any data node

The wiki outlines specific elements in the syntax along with Response and Authentication Modes.

Doable Now and Soon
This was one of the sessions on Saturdays - with a calm group that had been through a really intense day Friday. There was agreement on the ‘dobale now’ and likely doable soon if the right conversations were had.

Dobale Now
* Portable Identities (OpenID, LiveID, FB-ID)
* OAuth (sever to server) delegated auth.
* Contacts Portability (FOAF, XFN, Microformats, like MicroID)
* Sync (feed sync)
* Social Network Portability (Open Social FB platform)
* Social Application Portability

Doable Soon
* Standard Schema for Profile
* Standard Schema for Address books
* Media portability + metadata + permissions
* Linking ID’s of different ecosystems?

OVERALL
The event was full a success. Many people travelled on planes just to be at this event. Some even from Europe. Since the last summit a lot of clarity emerged around what the problem space was and how different approaches could work on addressing the issues.

Key Areas to be addressed at the Summit on May 15th include:

* more conversation about the business value to vendors to allow user-data out of their systems.

* We want to focus on schemas for profile data and address books, not as much on the social graph at this point.

* Demo’s likely we will have speed geeking at lunch.

* Work is happening on an ‘alpha’ version of an executive briefing . Some thoughts: We are moving in to an interconnected world where implementation decisions are not tied to the technologies. That is, how you participate is not tied to the technologies. We are not just talking about future proofing, but about providing a relatively easy way to give yourself options to work in the various scenarios that analysts are already saying are happening. You can increase the value of your offerings by building on offerings provided by others without needing to throw a lot of money at bringing it together. The objective is to make things easier to interconnect. In part by just defining the nature of the interactions that you want.

* We also need to consider targeting legal and policy decision makers. Perhaps from the EEF? other organizations. We don’t necessarily want to target legal departments in large organizations, but different external bodies involved in policy-making.

* We want to gather a larger group from the different companies involved, especially more product managers and other decision makers from companies such as AOL, Microsoft, Google, Myspace (if possible), etc.
* We welcome further input into the goals and outcome for the Summit - the agenda will be determined by the people who attend. Please contribute on the wiki to the Proposed Topics page.

We had a quite closing on Saturday and people were asked what the got out of the event and what their next actions were. You can click through to see what they answered.

I am really looking forward to the Summit following the Internet Identity Workshop - it is going to be even more amazing then this event was and move the whole field forward.

James Walker: Google SoC: Drupal, OpenID and Attribute Exchange

Thu, 24 Apr 2008 14:58:59 +0000

Summer is coming - which means it's time for Google's Summer of Code. This is the fourth year of the project (and the fourth year that Drupal has been involved). We continue to be one of Google's favourite open source projects this year grabbing 21 spots - which means a $105,000 investment in Drupal development this summer!

I'm excited as this will be my third year as a mentor and my project this year will be OpenID Attribute Exchange support for Drupal. Attribute Exchange is one of the next important pieces in digital identity and one that I'm pretty excited about. My student, Anshu Prateek, has shown a lot of enthusiasm. I think it's gonna be a good summer!

claimID: ClaimID Integrates ID Selector - Making OpenID Easier

Wed, 23 Apr 2008 18:57:26 +0000

A few days ago, we rolled out ID Selector at ClaimID. Designed by the wonderful folks at JanRain, ID Selector is a nifty technology that makes the OpenID sign-in process significantly easier. Here’s what it looks like:

The ID Selector makes it easy to recall your OpenID when you’re logging into a site, solving a plethora of problems that occur when OpenID’s proliferate. We know this will make it easier for you to log in to OpenID, and we also hope that this will drive some more of that sweet OpenID-consuming that is required to push this movement forward.

If you’d like an ID Selector from your website, simply sign up with IDSelector.com. Great work to Brian and Co. at JanRain!

Kaliya Hamlin: The most important news of the day

Wed, 23 Apr 2008 16:53:03 +0000

is the new data portability logo of course.

I am a big fan of having problems be solved in this problem space and just hosted the second collaborative ‘get it done’ workshop in this area in the last 8 months - on Friday and Saturday see the report all about what got done. We have another one coming up in a month - the DATA SHARING SUMMIT May 15th.

Johannes Ernst: OpenID Wins Webware100 Again

Tue, 22 Apr 2008 21:07:00 +0000

Like last year, OpenID has won the Webware award, in the "utility" category.

They write:

OpenID was created to solve one of the Web's biggest annoyances: log-ins. You've already got a verified identity on one site, so why do you need one for every place you visit? With OpenID, site owners can simply built it into their Web apps and services, letting you use your verified credentials from one site in place of having to sign up for yet another log-in.

The hope of OpenID is that it becomes a standard and universal system across every site, letting new sites spring up and have users more comfortable with signing up with less hassle. As of right now, there are nearly 10,000 sites that support OpenID, and many large and popular companies are adding OpenID as an option for new user registration.

[permanent link]

Carsten Potter: An ID Selector, Images, and the BBC

Tue, 22 Apr 2008 21:01:20 +0000

News on OpenID come in daily this week, it seems. OK, it’s only Tuesday and maybe there won’t be any OpenID related news for the rest of the week anymore. So here’s a roundup of the last two days.

ID Selector

JanRain has launched a new tool for relying parties called ID Selector. It’s a widget that is being added to existing login forms. Relying parties can populate it with OpenID providers of their choice. If users click ID Selector they only have to choose their provider and type in the username part of their OpenID; they don’t have to remember the complete URL. The widget remembers the provider even across different relying parties. JanRain also makes sure that only those providers are visible to users which support the OpenID standard the relying party also supports.

ID Selector is a great improvement in terms of usability. While some people have raised security questions (see the discussion on the OpenID mailing list), this is a great step in the right direction to attract more users and maybe even help websites becoming relying parties.

Here’s a screenshot of ClaimID’s implementation of ID Selector:

ConfIdent RecognitionAUTH

ConfIdent Technologies has made its RecognitionAUTH system available to OpenID providers. RecognitionAUTH provides a grid of images of different categories. Users simply choose a few categories and remember them (refer to the example below). People familiar with OpenID providers will know this system already: it is the one myVidoop uses which is no surprise at all as ConfIdent Technologies is a company founded by Vidoop employees. Currently ClaimID, Clickpass, and ooTao feature this system as well. It provides more security than the usual password for login at providers because it adds a second factor for authentication.

BBC Joins OpenID Foundation

The BBC has joined the OpenID Foundation today. It won’t offer OpenID logins soon, though, but it will have a closer look at the technology.

However, at this stage […] this doesn’t mean that we are going to immediately be offering OpenIDs on bbc.co.uk or even promising to do so.

The blog post announcing this also makes references towards OAuth, APML, and RDF. So hopefully there will be some more announcements by the BBC in the not so distant future.

[via OpenID.net]

Share This

OpenID.net: BBC Joins OpenID Foundation

Tue, 22 Apr 2008 18:57:38 +0000

This week (April 22, 2008) the BBC Internet Blog informed readers it has become a member of the OpenID Foundation. Naturally this is exciting news and another indication of how OpenID has the clear potential and momentum to provide great value to users everywhere around the globe. BBC is one of, if not indeed, the single most trusted and internationally esteemed news organizations serving the public around the world today.

“… People have been speculating about the BBC’s attitude towards OpenID for a while. And getting identity right is key to our future plans and with that in mind we are looking very seriously at how the increasing number of data portability technologies could and should work for the BBC.

OpenID, being a shared identity service, is part of that mix and is already starting to gain adoption amongst leading technology companies and the BBC is (I think!) the first large media company to join the likes of Google, Yahoo, Microsoft and IBM in the foundation. This means that we can share our future plans, show support and contribute to existing OpenID technical and marketing work groups.“

claimID: ClaimID enhances security with Confident Technologies RecognitionAUTH

Tue, 22 Apr 2008 16:00:18 +0000

The past year has been an exciting one for OpenID. Millions of OpenID’s have been created, thousands of sites support OpenID, and a growing ecosystem of fans, developers and advocates are proving that an open approach to identity makes sense. As the network of value around OpenID grows, our OpenID providers need to be trustworthy and secure. ClaimID has long been one of the most trusted OpenID providers on the net; while we offer banking-quality security, we felt it was time to take our product to the next level.

To do so, ClaimID will integrate Confident Technologies RecognitionAUTH system. The RecognitionAUTH system offers users an innovative and highly secure second factor in authentication. This enhancement will solve many of the criticisms of the OpenID security model, providing you with an account you can use with confidence going forward.

We’re excited to be working the the Confident/Vidoop team on this integration, particularly our friend and advocate Scott Kveton. In enhancing security, we hope ClaimID users will feel more comfortable, and more secure as they choose us as their identity provider. We hope to deploy RecognitionAUTH soon - so watch this space for more details.

Brad Fitzpatrick: GMail Spam

Tue, 22 Apr 2008 15:53:15 +0000

GMail's anti-spam seems completely ineffective. This is what I woke up to this morning, after 8 hours of sleep:

7 messages I care about (only 1, really, but 6 I'll glance at), and 18 spams.

I was doing better when I was running my own mail server. :( If I look at the headers of these emails, a good number come from home DHCP users. My rule on my mail server, with a few false positives, was that sending email from IPs that reversed as home ISPs just wasn't allowed. Spam went to almost zero.

Also lols on how many of these messages have headers like:

X-IronPort-Anti-Spam-Filtered: true

Good job. I hope that header was faked and not actually IronPort's bragging.

What to do? I really hate mail.

Mark Wahl: Trust vs the Distancing Effect (20080418)

mark.wahl@informed-control.com (Mark Wahl) — Tue, 22 Apr 2008 07:00:00 +0000

Commentary by Mark Wahl, CISA

Trust vs the Distancing Effect (20080418)

Some categories of attacks on identity systems are subversions of trust relationships, in which one party in the system is caused to act based on an incorrect assumption about its own trust relationships.

Walter Benjamin wrote in "What is Epic Theatre? (second version)"

The art of epic theatre consists in arousing astonishment rather than empathy. To put it as a formula, instead of identifying itself with the hero, the audience is called upon to learn to be astonished at the circumstances within which he has his being.

David Recordon: Social Graph Foo Camp Interviews

Sat, 19 Apr 2008 22:30:23 +0000

Back in February we hosted the Social Graph Foo Camp up at O'Reilly's campus in Sebastopol. Scott Kveton, Sara Winge, and I organized it in a matter of weeks and had over 100 amazing people show up for the weekend. Sara has just announced that a series of video interviews are now online from campers. While I didn't end up making one, you can watch Scott's since he was my partner in crime.

You can also read some of the themes and thoughts from SG Foo which were published in O'Reilly's Release 2.0 newsletter.

Simon Willison: HTML 5 vs. Yadis

Sat, 19 Apr 2008 16:35:37 +0000

HTML 5 vs. Yadis. The draft HTML5 spec currently disallows values for http-equiv and link rel which aren’t listed in the spec—meaning both methods of specifying a link to an OpenID server are invalid for HTML5. This should probably be fixed...