As has become a bit of a tradition, I’ll be giving my 4th OpenID talk. This year, I’m hoping to focus a bit on the exciting new developments from the OpenID community and looking at some of the things being built on top of OpenID (like the OpenID/OAuth hybrid model and the DiSo project).
Also, Chris Messina will be one of the keynote presenters - also talking about online identity. We had Chris on the lullabot podcast this week - be sure to check it out!
Finally, for those of you coming to DC - I’m going to round up interested parties on Saturday for an OpenID code sprint. Hope to see you there!
]]>However, one of the more interesting things (I think) is the final release of Attribute Exchange 1.0. I think attribute exchange (think profile data sharing and updating - and digitally signed assertions) represents the killer next step in online identity. Kudos to everyone involved! Time to get crackin' on some code :)
]]>This may date Dick's presentation (OSCON 2005), but in it he points to the issue of then social networking golden child Friendster and their feature for adding your amazon wishlist to your profile. The key point being: you gave Friendster your username and password to amazon - thus implicitly releasing full access to your amazon account to Friendster. So, in keeping things current, I have been using Facebook as my example social network - specifically their feature to import contacts from Gmail/Hotmail/etc:
We can all see the problem here, right?
So, enter the Facebook platform and a whole slew of developers and service providers anxious to take advantage of that amazing Facebook user base. So now we get things like this:
To enable twitter support (as Facebook tells me 12 of my friends have already done), I have to give facebook my twitter account details?!
Now, the point of this post isn't to harp on Facebook. It's a great service and I use it and enjoy it. And really, they don't have a choice (do they?)- they want to offer great features and there needs to be some way to link user accounts across these multiple services. This is exactly (one of) the problems that Identity 2.0 aims to solve.
The problem here is that we, the users, don't own our identity on the internet. There are walled gardens and data silos of information about us. Twitter and Facebook both have directory entries - a username and a password - that they use to identify me but there is no correlation that the directory entries match. I can't verify that they do without giving one system full access to the other to verify that the username on each system actually correspond to the same person. This is where we need user-centric identity. This is "why OpenID".
]]>Other bits of interest: we stood up a work-in-progress OpenID Provider (OP) for Bryght at home.bryght.com (using all native drupal code). It's *very* much still a work in progress, but also one of the earliest OP's "in the wild" to support the 2.0 draft spec (or most of it anyway). Similarly, SXIP has a demo Relying Party (RP) that supports attribute exchange - that will come in handy for testing against.
Thanks again to the folks at SXIP for hosting a great event, and thanks to everyone who showed up!
]]>