Dev Blog AF83

OpenID

Achieving Single Sign On (SSO) in a decentralized way (anyone can be an Identity Provider) with an open technology (anyone can contributre, no patent fees) is great.

But from the enduser’s perspective OpenID is nearly pointless : forms auto-filling and session cookies make sign up/in really easy.

Yet there are further rooms for OpenID to grow :

• SSO remains a real issue on mobile devices where browsers have not yet forms auto-filling and keyboards are small.
• OpenID is good for login in a social network … not to access your bank account. A real and useful SSO should allow you to log in any website. A trust layer for OpenID is beeing specified trouh the PAPE Extension (Provider Authentication Policy Extension) : a website will be able to request from an OpenID provider a certain level of authentification. Here again, mobile has a role to play.

Using OpenID log in, you can transmit some data about yourself. OpenID 1.0 (through Simple Registration Extension) permits very simple data transmission (email, nickname, date of birth …). OpenID 2.0 comes with an improved scheme : the Attribute Exchange extension. But all this implies your data are centralized within your OpenID Provider. Here is where OpenID technolgy ends : Your data is spread across multiple websites … Other protocols are needed for you to access them all.

Portable Social Network

Not having to re-import / invite all your friends / relationships (that is your “social graph”) when joining a new social network … this concept is referred to as Social Network Portability.

Microformats provide a solution. While joining a new social network, your should be able to link to your existing pages on Facebook, LinkedIn, Twitter etc. As these pages should include microformats such as XFN “rel=friend” links any machine can parse them and find out about your friends.

Beyond relationships : Data portabilty

Friends is not just all .. From within any website you should be able to access photos from your Flickr account, contacts from your Plaxo address book, events from your Google Agenda etc.

OAuth is all about this : having a website access your data from another site .. without having to give your password away. It uses redirections allowing the user to log in anothersite, OAuth having data exchanged behind the scene.

OpenID, OAuth, Microformats : how does it fit all together ?

There is an interesting link between OpenID and Microformats : as you OpenID identity (for a given profile) falls into one single URL, it is wise to have all your links to social networks on this page (using XFN “rel=me” tags). Some OpenID providers (such as ClaimID) allow their users to do so.

OAuth and OpenID share their openess and the use of redirections. But they don’t need each other. From the enduser perspective, the OAUth process can be eased if both site implement OpenID.

This is the beginning … Many websites were supposed to implement OpenID .. but still don’t. OAuth has just been released and has not been really implemented yet. Some issues have still not been addresses : data encapsulation ? GData ? what about synchronisation ?

As AF83 is concerned, we can foster this move towards fluid and open-standard based personal information transmission by allowing for OpenID sign in / up, make our web pages more semantic by using microformats and (not that easy) provide an OAuth API to our users data.

This entry was posted on Monday, November 19th, 2007 at 12:05 am and is filed under microformats, oAuth, openid, xhtml. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.