David Recordon's Blog

Sign in to Sears and Kmart with OpenID!

2009-07-02T18:12:39Z

A lot of the major adoption successes for OpenID have been in the tech industry, though as of yesterday you can sign in to MySears.com and MyKmart.com using an OpenID. Beyond Interscope Records offering OpenID sign in on artist sites like Snoop Dogg's, Sears is really the first major retailer adopting OpenID. More on the OpenID blog and congrats to the team at JanRain that helped make this happen:

“We’re constantly looking for ways to stay innovative in our online initiatives by identifying and implementing technologies that help our users navigate our communities with ease,” says Rob Harles, Sears’ vice president of community. “Our adoption of the OpenID technology helps simplify our customers’ online experience and ultimately helps us meet our goal of ensuring our customers have the most efficient shopping experience possible.”

O'Reilly Radar: FBML, YML, OSML oh my! HTML, meet Social

2009-06-05T18:26:16Z

I just posted FBML, YML, OSML oh my! HTML, meet Social over on the Radar blog:

Given how quickly the Social Web is coming together, I believe that HTML will need to support social elements someday soon. It's great to see this type of innovation by Facebook running in the wild, but the web itself ultimately evolves best when multiple competing approaches come together. Just as OAuth brought together the best practices from AOL, Flickr, Google, Yahoo! and others, there is a similar opportunity to bring together FBML, YML and OSML along with the client-side benefits of XFBML.

OpenID User Experience Continues to Improve!

2009-05-14T18:48:14Z

Google and JanRain shipped some pretty awesome new stuff this morning to their OpenID provider and relying party. They're using the new draft OpenID User Experience Extension so that the user doesn't have to be redirected from one site to another during sign in, but instead sign in via a popup just like Facebook Connect. The design summit that Facebook hosted back in February really crystalized this extension and what the OpenID experience should look like and it's great seeing so many individuals and companies working together to make OpenID continue to rock!

Could bit.ly Grow Into Social Bookmarking?

2009-05-13T03:32:07Z

I have to admit, when bit.ly raised $2 million two months ago I didn't get it and a few others were scratching their heads as well. A month later, I signed up and started using bit.ly and have been addicted ever since! I love games and bit.ly lets me turn my tweets into a game; trying to see how many people I can get to click on something. It's so bad that I tweet less from my iPhone and wait until I can get in front of a web browser to construct a bit.ly URL from my bookmarklet which I can track.

I was never big into social bookmarking, I never really used delicious and only used ma.gnolia mainly to track things which I found interesting. When I log into bit.ly, I now see largely the same thing.

It wouldn't take much for bit.ly to give me a public profile listing recent URLs I've shortened. Ideally they'd show the tweet I used the link in and who else linked to it or wrote about it (which they also already show me). Sounds to me like the main functionality I got out of my ma.gnolia profile.

Might bit.ly go from URL shortening and stats to social bookmarking? Throw in chartbeat too and betaworks has some pretty interesting data.

Why can't the TSA be consistent?

2009-04-30T09:33:52Z

I travel a decent amount which means that I encounter the TSA at a lot of different airports around the country. This morning I'm flying out of Ronald Reagan airport in DC at 5am where once again I saw a lack of consistency in how the TSA chooses to enforce their rules.

The person in front of me was a flight attendant for American Airlines. As Starbucks is located before security, she had a half drunk frappuccino with her and an obvious intent to take it through security. If you haven't flown in the past few years, the TSA has gone to great lengths to ban people from bringing liquids and gels through a security checkpoint.

TSA Officer Pittman who was standing behind the metal detector asked the flight attendant, "is that a caramel frappuccino?"

The flight attendant somewhat casually replies, "no, of course not" and then walked through the metal detector with it in her hand. Officer Pittman clearly saw that she was violating the TSA's liquids rule but did nothing to stop her.

Quite honestly, I could care less if people are allowed to bring coffee through the security checkpoint, but I expect my government to hold themselves to a consistent and higher bar. It isn't about this one flight attendant "sneaking" a frappuccino through security, but rather that the rules and laws the TSA has created should be enforced uniformly and not ignored when it is convenient. I'd obviously love to see the prohibition of liquids changed, but until then we've all got 3-1-1 to live with.

Books, Games and Wine

2009-04-15T23:15:07Z

It's been awhile since I've posted about stuff not related to OpenID, so I figured it would be good to share some things from the past few weeks I've really enjoyed!

World of Goo - I first played this game on a Wii at my friend's house a few months ago and it's incredibly awesome. Such a simple idea of building structures out of "Goo Balls" with a bit of physics included so if you're structure sucks then your Goo Balls will topple over. The Mac Heist Bundle includes it for OS X, so now I'm addicted again on my laptop.

Amazon Kindle - I bought a new Kindle (I didn't have one of the original ones) a few days before I went on vacation in Belize about a month ago. It's really easy to read and being able to make the font small to fit more on a page during the day and then a few sizes larger at night is a huge help. Made it through The Shadow Factory while in Belize which is about the NSA directly leading up to and then after 9/11. Right now I'm working my way through Freakonomics. Most books for the Kindle seem to cost about $10.

Custom Google Maps - FedEx was supposed to deliver 180 Moleskin notebooks to me via next day air this week and blew it. So I played with custom maps on Google for the first time and came up with a way to visually show why FedEx sucks! Wouldn't a live Google Map showing the plane in flight or truck carrying your package be a much better way to track packages than the normal tracking pages?

Airport Mania - I twittered about this iPhone game last week, but it's been a huge time suck! On each level you control planes landing, dropping off passengers, being repaired, refueling, waiting, picking up passengers and taking off. All of this with bonus point optimizations for using the same runway for multiple landings in the row or the same gate for a few planes of the same color in a row.

Doña Paula Malbec 2007 - Picked up this wine randomly from Whole Foods for $14.99 ($11.99 at K&L) and really enjoyed it. Great flavor, not expensive and whitaker, mart and deflatermouse liked it too!

O'Reilly Radar: Facebook in 2010

2009-03-04T18:40:32Z

I just posted Facebook in 2010: no longer a walled garden over on the Radar blog:

A lot of what I've been working on the past two years has been built on the assumption that the model that social networks use today will fundamentally change. Social networks have largely been built on the premise of being walled gardens in such a way that users can't communicate or share content or friends across networks; put simply this is what keeps a Facebook user from being able to send a message to a MySpace user. This is the same model that destroyed AOL, CompuServe and Prodigy's ISP businesses when normal people chose the Internet itself versus their thoughtfully curated walled gardens.

Sharing Activity Streams on the Social Web

2009-03-03T05:51:09Z

Chris Messina and I have been jumping around the country over the past week speaking at FOWA in Miami, TransparencyCamp this weekend in DC and then I spoke at Webstock in New Zealand the week before. All three are absolutely wonderful events and I really want to personally thank the Webstock team and FOWA team for making me feel so welcome! Anyways, Activity Streams is a project started late last year designed to add context to "social feeds" in a very simple way. Martin Atkins has been leading the effort of writing the specifications (Atom Activity Extensions and Atom Activity Base Schema) and we're finally getting to a point where it can be deployed like a beta.

I was using FriendFeed a few days ago and came across an excellent example of why this project is so important. Today, FriendFeed writes custom parsing code for about sixty different services across the social web in order to understand the feeds that each service produces. This means that if I'm using a service that FriendFeed knows about – like Disqus – it works really well. Then again, for services they haven't taken the time to write parsing code for – like TypePad Connect – it doesn't work so well. While I'm certain that FriendFeed could easily write additional code to understand TypePad's feeds, as more social web sites are created it will become increasingly difficult for FriendFeed to keep up with every new service, let alone blogger.

While FriendFeed can certainly keep coding support for new services, it isn't a sustainable proposition for the decentralized nature of the social web. If TypePad published my commenting feeds using Activity Streams markup (which the TypePad team plans to do) and then if FriendFeed parsed the Activity Streams markup, this would have automatically worked! No custom code from FriendFeed and a little bit of extra code for TypePad. Now that's a decentralized social web!

Mondrian Miami: Tuesday's the "Quiet Night"

2009-02-26T21:49:54Z

Tuesday night, Gary Vaynerchuk, Dave Morin, Josh Elman and I were hanging out pretty late in the Mondrian Miami hotel where we were staying along with about ten other people. The hotel ended up deciding that Tuesday nights were "quiet nights" and kept pushing us from inside to outside to inside to outside again which got pretty frustrating.

The four of us ended up shooting a quick video telling the story and how a few Tweets caused someone else to choose a different hotel for their upcoming trip. Gary also posted about this as How your brand can be affected in 2009 and its impact and it ties directly into a presentation by Alex Hunter of Virgin earlier in the day at FOWA about managing your brand online.

Update: Four hours later and this post is now fourth on the second page of Google results for "Mondrian Miami".

Two New OpenID Working Groups?

2009-02-20T02:28:14Z

Votes have just opened up to OpenID Foundation members around the creation of an OpenID and OAuth Hybrid extension working group and a Contract Exchange extension working group. The OpenID and OAuth stuff is really interesting to me (see what Google and Plaxo did) and the Contract Exchange bit seems crazy out of scope for OpenID. Thus you can guess how I voted! :)

Also, welcome Don Thibeau as the new Executive Director of the Foundation!

While you need to be an OpenID Foundation member to vote ($25 per year), the working groups themselves are open to anyone for participation!

O'Reilly Radar: Anatomy of "Connect"

2009-02-18T04:41:19Z

I just posted Anatomy of "Connect" over on the Radar blog:

I'm here at Webstock in New Zealand working on my talk for tomorrow (Open, Social Web) and one of the things I've been thinking about is all of the different "Connect" applications and products that have recently sprung into existence. I mean, we have Facebook Connect, Google Friend Connect, MySpace (thankfully not "Connect") ID, TypePad Connect, RPX and I'm sure the list goes on. I'm trying to break down all of these products - ignoring the underlying open or proprietary technologies that make them tick - toward a straw man definition of a "Connect" application:

New Zealand: KiwiFoo and Webstock

2009-02-17T10:14:54Z

All sorts of things I should write about from previous trips (still planning a long post on Smithsonian 2.0), but I've been in New Zealand for about five days now for KiwiFoo and Webstock and have been having a great time meeting amazingly passionate and smart people! Tomorrow I'm participating in a New Zealand government workshop around the web which Nat is putting together and then I'm speaking at Webstock on Thursday (Wednesday back home). And thanks to Tom I'm fretting a bit about my talk.

Plaxo and Google's OpenID and OAuth Hybrid Experiment

2009-02-10T22:53:30Z

A few weeks ago Plaxo and Google released an experiment of using OpenID and OAuth together to create a "two-click" signup experience. This was targeted at Gmail users receiving invites from existing Plaxo users.

Today at the OpenID Design Summit at Facebook, Joseph Smarr presented the results and they were pretty mind boggling; 92% clickthrough rate from the invite email all the way through logging into Plaxo with their Google Account (via OpenID) and importing their address book (via OAuth).

ReadWriteWeb sums it up nicely:

This experimental method refers to big, known brands where users were already logged in, it requires zero typing - just two clicks - and it takes advantage of the OpenID authentication opportunity to get quick permission to leverage the well established OAuth data swap to facilitate immediate personalization - at the same time.

From f8 to OpenID

2009-02-06T00:12:48Z

Five months ago I joined Mark Zuckerberg on stage at Facebook f8 during their announcement of Facebook Connect, where I demoed signing in to comment on a Movable Type blog using my Facebook account. Today, I get to join Mike Schroepfer, Chris Messina and my fellow board members in announcing that Facebook has become a board member of the OpenID Foundation.

Initially Facebook is focusing on helping the community improve the usability and user experience of OpenID and Luke Shepard has already blogged his thoughts on how to accept OpenID in a popup without leaving the page. Luke and Dave Morin's involvement in getting Facebook to the point where they are today truly cannot be overstated.

Next up, some working code!

I don't normally blog my email, but this was too good to pass up!

2009-01-30T18:26:28Z

David,

I note from your profile that you are involved in the OpenID standard initiative within SixApart.

I am Managing Director for a web authentication technology company which has recently developed a patent-pending, completely secure, un-hackable and unbreakable authentication technology that I think may be of interest to you and your organisation.

The technology is hardware and software based and is built around two factor authentication with an out of band element which is far superior to any other authentication solution on the market.

It is low cost to manufacture/deploy/integrate, extremely simple to use, maintenance free and is presented and utilised in a format regularly used by most adults in the developed world today.

It is like nothing else in the market place (tokens, OTP by SMS, biometrics etc) and does, I assure you, defeat the one attack that all of these technologies are susceptible to – 'man in the middle' attacks.

We are in the process of trying to identify and establish relationships with the most dynamic organisations that are leading the way as OpenID service providers, as we believe that our technology could give your company the cutting edge in authentication solutions, and which could considerably strengthen and compliment your OpenID service.

If you would like to learn more about out technology then I would be more than pleased to share an executive summary with you and to talk further should you be interested. Feel free to reply via InMail/email or you can call any reasonable time GMT.

Kind Regards
Justin Chamberlain
ScreenKeyID

p.s. I may have forgotten to mention that the technology could also be used as a simple yet very significant revenue generator.

OpenID from 2008 to 2009

2009-01-28T17:20:02Z

A few weeks ago I posted a wrap up of 2008 with a list of eleven amazing accomplishments by the OpenID community last year and that the sheer number of public sites which accept OpenID sign in tripled from under 10,000 in January to over 30,000 at the end of the year. It's was very easy for people to get caught up in doom and gloom last year, but I think this macro look at everything we accomplished really was amazing and a great way to lead into 2009.

This morning we announced that PayPal has joined the Board of the OpenID Foundation along with Google, IBM, Microsoft, VeriSign and Yahoo! who were the existing corporate members. I think that PayPal helps to really balance out the types of companies on the board and hopefully will really engage the community when it comes to security and trust. As Michael Calore said on Wired, "There are several issues preventing OpenID from being widely adopted on the web. The issue cited most frequently is the lack of a cohesive, elegant user experience, but there's also a lot of confusion around the issues of security and trust." Like him, I hope that PayPal can help knock one of those items off the list this year.

Checking Out Earth Class Mail

2009-01-05T00:22:26Z

If you know anything about me, you probably know that I'm horrible at replying to email and so you can imagine how much worse I am with paper mail. Back in August, I moved out of my apartment I had been living in for two years and decided that since I was traveling at least eight out of the next ten weeks that it wasn't worth getting a new place immediately. Rather, through the amazing generosity of my friends, found ways to stay on couches or spare beds (it also helps when crucially travels just as much as I do). This of course only made my mail situation worse as I didn't have an easy forwarding address. So, I signed up for Earth Class Mail.

A month and a half later and I was still happy; receiving email telling me I had new paper mail with a scan of the envelope and a web interface where I could choose to open and scan the contents, group together a few pieces of paper mail and ship them to me, shred it, or recycle junk mail.

All of a sudden, I could manage my paper mail via the Internet instead of having huge piles sitting at home which I never touched. This also meant that if I was actually being sent something important and I was out of town, I could see the scanned contents instead of having to wait until I was home. Didn't want to deal with a piece of mail, no problem as it was sitting in their warehouse instead of my living room.

I've been up in Portland the past two weeks for the holidays which coincidentally is where Earth Class Mail is headquartered. A few days, ago their community manager @UncleNate shot me a message asking if I'd be interested in checking out their facility. So yesterday – yes they work on Saturdays too – I drove over to Beaverton to get a tour of their warehouse. It's an old Tektronix building which was originally built not really as a building but rather as a machine. It's full of row after row of shelving that used to have computer controlled robots running on tracks in the ceiling fetching, storing, and moving all sorts of stuff. Today, it's a nondescript security-conscious facility (I couldn't take photos inside) sorting, scanning, storing and shipping a shit ton of mail.

Nate walked me through their process from receiving mail and packages to taking all of the normal sized envelopes and running them through modified mail sorting machines. These machines are like those used by the USPS but also scan the front and apply a unique barcode to each piece of mail. This kicks off a job which sends out emails, like the one above, automatically letting everyone know that they have a new piece of mail. From there, mail is sorted into tubs and stored until more jobs come in to open and scan, ship, shred, or recycle a piece of mail.

They're also proactively looking for mail (by the barcode) that needs something to happen to it every time they're re-running a tub through one of the sorters. This means that if I have a piece of mail in tub 183 which I've asked to be shipped to me and you have a piece in the same tub that you asked to be recycled, when they pull the tub and run it through the sorter to automatically find my piece of mail to ship, the machine will also automatically sort out your piece to be recycled. Everyone in the warehouse is wearing pocket-less coveralls and no cell phones, cameras, etc are allowed and the people opening and scanning mail work in separate locked room.

All in all, a pretty cool operation (with even cooler mail robots coming to their warehouse in the future) and it was great for Nate to see that I was a happy customer, that I grew up in and was visiting Portland, and to proactively reach out to show me just how they took over dealing with the paper mail I love to ignore.

Motion for Movable Type

2008-12-16T07:26:05Z

One of the fun projects I've been involved in at work the past few months has been Motion which we're describing as "a new free beta social application for Movable Type." As Anil wrote today in the blog post announcing the public beta:

But the vision of Motion is something we've been working on for a long time, well before we acquired Pownce or before the tech blogosphere started talking about Google Friend Connect vs. Facebook Connect. So, we'd like to outline some of the guiding principles that informed our creation of Motion, as a starting point to the conversation about where social applications in general are headed.

The biggest social network is the Internet itself.

Today’s mainstream social networks are like yesterday’s mainstream media.

Reveal the community you already have.

Your social network belongs under your control.

Your community should start with half a billion members.

The web is in Motion.

Basically, Motion brings even more social feature to Movable Type focused on being able to run an interactive community, a social network, that is connected with the rest of the web. This means that the main page of your site is an aggregation of what your members are posting locally (photos, videos, text, links, etc) as well as the actions they're taking around the web (such as their Twitter updates). Profiles then show what a person has been doing and who they're following. Really just all sorts of interesting stuff that's explained even better on the Movable Type Motion beta page.

It's been a fun project since the team hasn't been thinking about how to cram every latest feature from Facebook, Twitter, Pownce, Tumblr or FriendFeed into Motion, but rather around what real community maintainers are wanting to be able to do with this sort of tool. It also follows through on our announcement at Facebook f8 earlier this year where we said that we would ship support for Facebook Connect, but of course we did it Six Apart style and included support for Google's OpenID Provider as well!

Go open web, go!

Pushing Forward the OpenID Foundation By Looking Backwards

2008-12-12T08:46:31Z

Around two years ago, back before OpenID 2.0 was out and when Sxip was still competing with OpenID, a group of us got together and put up $50,000 to sponsor a developer bounty program for OpenID implementations. Coming out of that (along with Sxip), we formed the OpenID Foundation with the following purpose statement:

The purpose of the OpenID Foundation is to foster and promote the development and adoption of OpenID as a framework for user-centric identity on the Internet. The intent is for the Foundation to serve as a public trust organization representing the community of developers, vendors, and users in much the same way that Open Source Development Labs (OSDL) has done for Linux, the Mozilla Foundation has done for Firefox, the Dojo Foundation has done for the Dojo Toolkit, and the Apache Software Foundation as done for numerous Open Source projects. While this organization is not identical to any one of those, it embodies aspects of each that enable it to support the unique needs of the OpenID community.

We then laid out five areas of responsibility for the Foundation:

Stewardship of Intellectual Property
Facilitation of Specification Development
Facilitate the Development of Open Source Reference Implementations
Facilitate the Development of Interoperability Testing
Marketing, Education, and Evangelism

Obviously some things have changed from what we wrote in that document, but it's interesting as I look back to where the Foundation has largely focused instead:

Stewardship of Intellectual Property — The OpenID Foundation worked with a variety of individuals and companies to develop a legal framework based off of prior work which has since been reused and evolved to fit OAuth and OpenSocial. It isn't perfect, but I think we were successful.
Facilitation of Specification Development — We've created a process to develop specifications that fits into the legal framework, though quite honestly it's still too hard to get started (one of the reasons I'm involved in the Open Web Foundation). That said, there also aren't enough checkpoints along the way to make sure that a new specification really should be a piece of OpenID. I think this stems from OpenID 2.0 turning into a technology that tried to please a lot of different people, instead of staying true to a much narrower vision and problem.
Big Companies — Since Microsoft announced that they would be supporting OpenID 2.0 in early 2006, the Foundation's board has spent a lot of time on how to get big companies more involved and funding the organization. Growing the diversity of any technology community is important to enable long term success, but I also feel that we've lost track of our original vision. With the exception of the Linux Foundation (renamed from the OSDL), none of the organizations listed in our original purpose have corporations as members of their board for funding but rather all mainly rely on contributions. The OpenID Foundation instead charges $50,000 per year to any company which wishes to serve on its board while maintaining n+1 parity of community board members to corporate (n). While a great funding model when companies are willing to pay, this also means that a) the Foundation has to be delivering each company $50,000 worth of value each year (as one prospective company told me, that's equivalent to one full-time junior engineer which is why they're not joining) and b) makes equal participation for smaller companies and startups nearly impossible. DeWitt Clinton (Google's board representative) and I have since proposed a funding model based on contributions instead, but that has largely been shot down by the rest of the board. (I'd much rather have five-hundred member company logos on the site who each paid $150 than fifty paying $500+. Companies will happily donate money if they feel like they're getting value; Google, Yahoo! and Microsoft all each donate $100,000 to the Apache Software Foundation each year.)
Marketing — The site looks pretty good, we're spending time talking to people using and thinking about implementing OpenID about what they need, and even made some buttons. Most of this though happened first outside of the Foundation and then was later spun in. :-\
Process — We have a lot of it. :)

This week was the beginning of the first election of seven community board members for the Foundation. Four (IIRC) will serve a two year term and the remaining three will serve a one year term. As more big companies write $50,000 checks to become board members, the board will then appoint more community board members to retain n+1 parity until the next election (though based heavily on the results of this election).

I'm running again along with a great group of sixteen other candidates. It costs $25 to become a member and vote, which I encourage you to do if you're interested in the future of OpenID and what the Foundation should be doing.

While a lot of us know that the Foundation must do more to provide real value to the entire OpenID community next year, it shouldn't just be about marketing and turning OpenID into a product. We must also look back to the goals and responsibilities originally laid out and make sure that we're getting OpenID as a technology to where it needs to be if we want any hope of it becoming a piece of an overall product that can compete with the likes of proprietary Facebook Connect.

If I had my way, next year the big things I'd strongly advocate for are:

Revamping the funding and membership structure of the Foundation. I'd rather have companies donating because they want to versus paying because their competitors are.
Hiring an Executive Director who understands a mix of open source and more traditional corporations/marketing. We need someone who can speak to developers, analysts and CEOs; not just one of those groups.
Bringing together the various international organizations. It doesn't help that the OpenID Foundation, OpenID Europe Foundation, and OpenID's Japanese Chapter largely operate independently. We must find a structure that works around the World so that companies only need to join/support one organization, agree to one set of policies, and there be many voices moving one message World-wide. (This is why I've cast two of my seven votes in this election for Nat who runs the Japanese Chapter and Snorri who runs the European Foundation.)
Funding Open Source development since many of the current libraries are lagging as their maintainers have moved on to other projects. There should be great plugins for Rails and Django with solid libraries in PHP, Python, Ruby, Java, and Perl. We also need to help the community develop a great JavaScript front-end (like JanRain's RPX which is pretty cool) that sites can easily adopt for their sign-in UI to help solve usability problems. The Foundation should be able to work with Google's Summer of Code project to help make this even more possible.
Working with the OAuth community to bring OpenID and OAuth even closer together. The OpenID+OAuth hybrid work is a start, but it's very clear that OpenID needs to allow a user to grant ongoing access to protected data if they wish to do so (which is what OAuth does).
Funding and facilitating the development of interoperability testing tools. Today it's nearly impossible for OpenID Providers and Relying Parties (sites which accept OpenIDs) to make sure that they did it right.

I know that plenty of other people will strongly advocate for marketing, productization, etc so don't worry those won't be underrepresented either. :)

A Meeting Canary!

2008-12-05T19:58:01Z

Talk from FOWA London

2008-11-19T04:27:43Z

I had an absolutely great time last month in London speaking at the Future of Web Apps! Chris Messina and I gave a 3-hour tutorial on the "Open Stack" and then I spoke about Blowing Up Social Networks with Open Tech later in the week. Video and slides below along with a quick interview with Simon Mackie from Carsonified.

Boxee on the Apple TV

2008-11-10T23:56:56Z

I've been playing with this for a few weeks, it's really cool to watch Hulu on a giant projector and pull TV shows from my laptop. Gizmodo has a great writeup of how to use Boxee with your Apple TV!

TheSocialWeb.tv Visits Google

2008-10-31T19:22:32Z

This week John, Joseph and I shot an episode of TheSocialWeb.tv (Episode 16: "OpenID's Historic Week: Microsoft and Google Go Live") with Eric Sachs from Google's Security Team. Eric's team implemented Google's OpenID Provider and we ended up with a very interesting episode where he talks about some of the background going into why they chose OpenID and challenges they see needing to be solved in the future.

On Google and OpenID 2.0

2008-10-30T00:55:23Z

Following Microsoft on Monday, AOL last year, and Yahoo! earlier this year, Google is now an OpenID Provider. That said, people seem to like controversy...

Google is taking advantage of a feature in OpenID 2.0 known as "Directed Identity". This allows an OpenID 2.0 Relying Party to start the OpenID protocol flow using a known URL (Yahoo!'s is http://openid.yahoo.com/) to allow for "one click" style login dialogues. By performing discovery on this URL, using the XRDS XML format, the OpenID Provider advertises the OpenID Endpoint URL for the Relying Party to make a request against. Google is doing this correctly with the URL to perform discovery against being https://www.google.com/accounts/o8/id.

The piece that Google is currently doing differently is requiring pre-registration of each OpenID Relying Party before users can login to a given site. This does break the common deployment of OpenID on the web today, but Eric Sachs of Google has said on the OpenID mailing list that this is temporary as they work to stabilize their OpenID Provider:

We just need to do the standard scaling, stability, translation quality, etc. evaluation to make sure there are no major problems. If we are lucky, that won't take much time. However it is more then likely that we will need to tweak things in our user interface to make it easier to understand, and unfortunately translating any such tweaks into 40+ languages takes awhile.

As for using email addresses as OpenIDs, this is something the OpenID community is talking about quite a bit right now; Google included.

Internet Identity Workshop is Coming Up

2008-10-18T17:56:59Z

I'm currently in Spain for a bit of vacation with my mom before speaking at a conference here in a few days. Was at FOWA last week in London and had a great time (need to post more on that separately) and the Carsonified crew really know how to put on a great show!

In any case, the seventh? Internet Identity Workshop is coming up in a few weeks in Mountain View. To date there have been over 10 events like this - open space with the agenda made live by the people who are making the identity (relationship) layer happen. Some people say that in some ways the intensity of IIW is like 6 months on a mailing list the whole industry moves forward. So, if you're able to make it to Mountain View November 10th through 12th and are at all interested in online "identity" stuff then you should check it out. http://www.windley.com/events/iiw2008b/register.shtml