Web 2.0 Expo: Mashing Up With User-Centric Identity

(Reposted from my dev.aol.com blog):

Praveen Allavilli and I just finished our talk, "Mashing Up With User-Centric Identity", at Web 2.0 Expo. The final presentation (which differs somewhat from the original version we sent to the conference organizers) is available at http://johnpanzer.com/presos/MashWithIdentity.ppt.

People said it went well; I hope so. We think it's important to deal with 'deputization' and user permissions and I hope we can get a widely accepted OpenID extension to do this as well. In the mean time, our OpenAuth APIs show one way it can be done, and they enable some pretty cool mash-ups.

Tags: web20expo, openid, mashups, praveen, presentations, identity, user centric identity

At Web 2.0 Expo: Recordon and Ellis

Implementing OpenID. With cat pictures too!

Tags: openid, web20expo, recordon, ellis

I am so proud of my alma mater...

Donkey Kong re-imaged using 6,400 Post-It 'pixels' at UCSC.  Sweet.

APP Interop Final Score

The APP Interop event was a lot of fun.  Thanks everybody!  I saw a bunch of people who I've only talked to via email.  And a few I haven't seen in a long time... perhaps since the original Atom kick-off at Google many years ago. 

The final score for AOL Journals is 1-1.  If you want to continue testing against our production endpoint, feel free to update the matrix:

service document: https://journals.aol.com/atomprotocol/service.xml
user: atomprotocol
password: password

I also got a chance to play with EC2 (thanks to M. David Peterson) in an attempt to get our latest server available for testing against.  It was tremendous fun to play with EC2 and I'd love to try using it for a real scalable application.  I did eventually get a server up long enough to verify our current bug fixes, but I didn't have time to fix the date bug that James Snell found. 

I've now found 3 bugs in our date parsing code; it seems to be the most fragile part of the parsing by far.  I'd love to see what test cases other people have for dates.  So far I know I need to add both UTC and various timezones, and now I know we need to round fractional seconds.  (Does anybody but James send fractional seconds?)

At the Atom Interop Event

In Mountain View.

AOL OpenAuth Launches!

Praveen just blogged about the launch of AOL's Open Authentication service.  We'll be talking about this and more at Web 2.0 Expo.  Why launch another authentication service when we already support OpenID?  Because there are lots of cool things that OpenID doesn't yet support.  I think that it really supports user-controlled consent and permissions, for example.  And Praveen is already working within the OpenID community to add some of these capabilities as well.

Bee Colony Collapse Disorder and Cell Phones

This story is popping up all over, apparently due to the possible correlation with cell phone use.  It's funny that "four years left before we all starve to death" doesn't get big headlines, but "cell phones might cause bee colonies to collapse" does... The graduate optimization class that my wife TAs at Stanford just finished their class project.  It was to write code to optimize food production given that you need to allocate some land for natural bee colonies.  Apparently a lot of the commercial bee colonies get trucked around to do their jobs from field to field, and bee colony collapse has been causing a lot of problems with this system.  Whatever the cause, decentralization of bee production seems like a good idea.

Talk @ Web 2.0 Expo: Mashing Up with User-Centric Identity

Praveen and I are going to tag-team in Mashing Up with User-Centric Identity,  at Web 2.0 Expo. It's about how to leverage user centric identity to combine services in a seamless way:

In a Web 2.0 world, users combine services from many providers. Having a common identity across providers eliminates a barrier to entry and adopting a user-centric identity system puts the user in control of how their information is combined. This session is about the opportunities and issues involved specifically with adopting open protocols, the solutions they provide, and open issues that remain to be solved. These include user experience, permission management, and mashup API authentication.

Unfortunately this conflicts with David Recordon's Implementing OpenID talk at the same time, which is likely to be really good and draw a similar crowd.  (Could we simulcast?)

Date: Wednesday, April 18
Time: 1:00pm - 1:50pm
Location: Room 2014, Web 2.0 Expo, San Francisco CA

Tags: user centric identity, talk, openid, mash ups, identity, web 2.0 expo

Animated Bayeux Tapestry by The People Formerly Known as the Audience

Very cool video created by David Newton of the SCA group on MySpace, highlighted by the moderator, and being emailed around today.  I plan to put this up on a loop in our break room.

Tags: bayeaux, animation, people with too much time on their hands

Announcing 10100100101.com

I'm excited to announce that AOL has decided to leapfrog the competition and come out with the next generation blogging service, even more streamlined than Twitter. It's blogging pared down to its bare essentials. And it works great on mobile devices, RSS, and Atom feeds.

Here's how it works: You register your phone, and every 15 minutes, you get an SMS asking "How's it going? (0/1)". You send back 0 if you're feeling down, 1 if you're feeling good, and nothing if you're asleep. We call each of these a How's It Goin', or HIG. You can subscribe to your friends' HIGstreams and see how they're doing. And we're planning a visualization tool which maps the Buddy List connection matrix to a two dimensional projection showing how the emotional states of each buddy affects their neighbors:



Interestingly, having either too few or too many happy buddies makes a buddy sad. Further research is needed.

Tags: 10100100101, next generation blogging, hey its still 10:43 here on the west coast

Authenticated RSS Feeds: Drosophilia of Delegation?

Jon Udell has noticed that authenticated RSS feeds don't work very well.  It's a chicken and egg situation:  There are few authenticated RSS/Atom feeds because there are few feed readers that deal with them, and vice versa.  But beyond that bootstrapping problem there's a larger one.

A lot of popular feed reader services such as My Yahoo or Bloglines are host based.  With current feed authentication mechanisms, this means that you have to hand your user name(s) and password(s) to your feed reader service and let it impersonate you to do anything useful.  Not great.  Recently, Kim Cameron has been blazing away at the concept of impersonation, not just the problem of handing your password out.  I'd like to suggest that authenticated feeds provide an ideal place to experiment with better approaches:  They're read only, the bar is currently very low, and there's a whole host of immediate possibilities that would become possible once you can cleanly authorize a feed reader to read feeds on your behalf.  I think the right way to do this is through a lightweight assertion mechanism that lets you say "I authorize service X to asynchronously read feed Y on my (Z's) behalf".

I'm still trying to digest all of the twists and turns of the thread below.  I am pretty sure that whatever solution is adopted, it has to cleanly allow for the "allow a service to read a feed" to be at all useful.

The Impersonation/Delegation Discussion
Presented in backwards chronological order
Dramatis Personae: Eve Mahler, Kim Cameron, Conor Cahill, Pete Rowley, Phil Windley

Phil Windley: On Impersonation and Delegation
Conor Cahill:  Delegation, Impersonation, and downright access
Pete Rowley: The umpire delegates back
Conor Cahill: SAML, Liberty, and user presence
Kim Cameron: Drilling further into delegation
Kim Cameron: Wrong-headed impersonation

Tags: authentication, delegation, openid, cardspace, feeds, impersonation, drosophili