OAuth 1.0, OpenID 2.0 and up next: DiSo

OFFICIAL OAuth logoIIW 2007b is now over and with its conclusion, we have two significant accomplishments, both the sum of months of hard work by some very dedicated individuals, in the release of the OpenID 2.0 and OAuth Core 1.0 specifications.

These are two important protocols that serve as a foundational unit for enabling what’s being called “user-centric identity”, or that I call “citizen-centric identity”. With OpenID for identity and authentication and OAuth for authorizing access to portions of your private data, we move ever closer to inverting the silos and providing greater mobility and freedom of choice, restoring the balance in the marketplace and elevating the level of competition by enabling the production of more compelling social applications without requiring the huge investment it takes to recreate even a portion of the available social graph.

It means that we now have protocols that can begin to put an end to the habit of treating user’s credentials like confetti and instead can offer people the ability to get very specific about they want to share with third parties. And what’s most significant here is that these protocols are open and available for anyone to implement. You don’t have to ask permission; if you want to get involved and do your customers a huge favor, all you have to do is support this work.

To put my … time? … where my mouth is (I haven’t got a whole lot of money to put there) … Steve Ivy and I have embarked on a prototype project to build a social network with its skin inside out. We’re calling it DiSo, or “Distributed Social Networking applications”. The emphasis here is on “distributed”.

In his talk today on Friends List Portability, Joseph Smarr laid out an import set of roles that help to clarify how pieces of applications should be architected:

  • first of all, people have contact details like email addresses, webpage addresses (URLs), instant messaging handles, phone numbers… and any number of these identifiers can be used to discover someone (you do it now when you import your address book to a social networking site). In the citizen-centric model of the world, it’s up to individuals to maintain these identifiers, and to be very intentional about who they share their identifiers with
  • Second, the various sites and social networks you use need to publish your friends and contacts lists in a way that is publicly accessible and is machine readable (fortunately does well there). This doesn’t mean that your friends list will be exposed for all the world to see; using OAuth, you can limit access to pieces of your personal social graph, but the point is that it’s necessary for social sites to expose, for your reuse, the identifiers of the people that you know.

With that in mind, Steve and I have started working on a strawman version of this idea by extending my wp-microformatted-blogroll plugin, renaming it to wp-contactlist and focusing on how, at a blog level, we can expose our own contact list beyond the realm of any large social network.

Besides, this, we’re doing some interesting magic that would be useful for whitelisting and cross-functional purposes, like those proposed by Tim Berners-Lee. Except our goal is to implement these ideas in more humane HTML using WordPress as our delivery vehicle (note that this project is intended to be an example whose concepts should be able to be implemented on any platform).

So anyway, we’re using Will Norris’ wp-openid plugin, and when someone leaves a comment on one of our blogs using OpenID, and whose OpenID happens to be in blogroll already, they’ll be listed in our respective blogroll with an OpenID icon and a class on the link indicating that, not only are they an XFN contact, but that they logged into our blog and claimed their OpenID URL as an identifier. With this functionality in place, we can begin to build add in permissioning functionality where other people might subscribe to my blogroll as a source of trusted commenters or even to find identifiers for people who could be trusted to make typographic edits to blog posts.

With the combination of XFN and OpenID, we begin to be able to establish distributed trust meshes, though the exposure of personal social graphs. As more people sign in to my blog with OpenID and leave approved comments, I can migrate them to my public blogroll, allowing others to benefit from the work I’ve done evaluating whether a given identifier might be a spam emitter. Over time, my reliability in selecting and promoting trustworthy identifiers becomes a source of social capital accrual and you’ll want to get on my list, demonstrating the value of playing the role of identity provider more widely.

This will lead us towards the development of other DiSo applications, which I’ve begun mapping out as sketches on my wiki but that I think we can begin to discuss on the DiSo mailing list.

15 Comments

  1. at 10am on Dec 6th # |

    It seems to me then, what’s missing from this is a standardized method of adding and removing friends from your network. While importing your data into a network is great, having to maintain it by hand sucks. So creating a standardized interface that can be accessed by social network applications through OAuth is just as important as creating a method of displaying this information.

  2. at 1pm on Dec 6th # |

    Chris,

    might I offer a non acronymous name for DiSo – “openbook”.

  3. Chris Jay said
    at 2pm on Dec 6th # |

    Great news! but you might want to check that XFN link, I got a nasty surprise when clicking it :)

  4. Erick Papadakis said
    at 9pm on Dec 6th # |

    How is DiSo different from the endeavors down at Dataportability.org?

  5. at 11pm on Dec 6th # |

    @Chris Jay: whoops! Fixed!

    @Erick: I’m a member of the Data Portability group, but I’m antsy to build something!

  6. at 11am on Dec 9th # |

    Hi Chris,

    You might want to take a look at our OpenContacts project; http://wiki.opencontact.org It’s similar in it’s solutions to DiSo but focusing solely on contacts and alos including automated updating.

  7. Chris Obdam said
    at 12pm on Dec 11th # |

    @Chris You’ve added a Magnolia link for OpenContacts but it’s linked to opencontact.org
    Without an S.. :-) Don’t think that’s correct..

  8. at 1am on Dec 13th # |

    Hey Chris, I’ve had so many tabs opened today, that I finally realized I never finished reading this post! Glad I did however. As I’m glad I’ve gotten membership to DiSo and the mailing list. Very much looking forward to working in this group for the betterment of the online community as well as my own nefarious means! (Okay just kidding, honest!)

    Looking forward to “what’s next!”

  9. Todd said
    at 2pm on Dec 13th # |

    “…this project is intended to be an example whose concepts should be able to be implemented on any platform.”

    Is anyone already working on a DiSo for Drupal?

  10. at 3pm on Dec 13th # |

    @Todd: there does seem to be interest so far, but I’m sure we could use some more help!

  11. charles said
    at 9pm on Dec 23rd # |

    I want to get on your list:P

  12. at 3am on Dec 25th # |

    I love the idea and will promote it!

  13. martin said
    at 3am on Dec 27th # |

    This is a fascinating idea. I would like to become a mental supporter due to lack of time – how about an icon/badge/thingy that I can put on my homepage or in my FB profile?

    cheers,
    M

  14. Phillip Rhodes said
    at 7am on Jan 10th # |

    Good stuff. Looking forward to more on Diso. :-)

  15. Vincent said
    at 1pm on Nov 8th # |

    This is exciting! This is very much in line with the software I’m writing right now, which aims to turn the internet into a social network (i.e. regardless of the software you use).

    I implemented a new protocol for notifying a website when you added it to your contact list (blogroll) because I couldn’t find an appropriate standard, but I think I’m on the right track :)

51 Trackbacks

  1. [...] OAuth 1.0, OpenID 2.0 and up next: DiSo | FactoryCity A distributed trust mesh using HTML. (tags: openid social-graph whitelist trust social networking wordpress diso) [...]

  2. [...] the same time OAuth 1.0 and OpenID 2.0 are coming to fruition and Chris Messina is talking about distributing social networking applications. And Hyves —our Dutch social network— [...]

  3. [...] Chris and Steve Ivy work on souping up WordPress plugins as a showpiece for distributed social networks.  Includes an approach to whitelisting via OpenID + XFN I think I first heard Jeremy talk about.  Very interesting. [...]

  4. Luis Villa’s Blog / DiSo. on Dec 6th at 12pm

    [...] OpenID blossoming into something really, really interesting. Yummy. [...]

  5. [...] taste the mythical open, decentralized social network of tomorrow. In context, turns out it was the network of the day-after-tomorrow after all, with Chris Messina posting: Steve Ivy and I have embarked on a prototype project to [...]

  6. DiSo « Superstar IT on Dec 6th at 10pm

    [...] DiSo, NoseRub, OAuth, OpenID While I just mentioned it yesterday and then got back to work, Chris Messina started DiSo, a project to enable OpenID and OAuth within WordPress. The obvious intention is to [...]

  7. [...] Chris on Diso: OAuth 1.0, OpenID 2.0 and up next: DiSo [...]

  8. [...] short, where this is leading to creating a portable network. Chris Messina explains the specifics of the WordPress implementation So anyway, we’re using Will Norris’ wp-openid plugin, and when [...]

  9. [...] yesterday’s post Chris Messina quotes Joseph Smarr who has laid out an import set of roles that help to clarify how pieces of [...]

  10. [...] OAuth 1.0, OpenID 2.0 and up next: DiSo | FactoryCity the future of id. now. (tags: identity) [...]

  11. [...] DiSo The start of an open Facebook based on OpenID? (via Luis again) [...]

  12. [...] OAuth 1.0, OpenID 2.0 and up next: DiSo | FactoryCity (tags: oauth trust openid microformats xfn via:twitter via:factoryjoe) [...]

  13. [...] Messina, who has been working on OAuth and the open social web in general, has a post detailing what he’s doing with both specs and how these two might be used in the future. It means that we now have protocols that can begin [...]

  14. [...] OAuth 1.0, OpenID 2.0 and up next: DiSo | FactoryCity (tags: openid oauth identity) [...]

  15. [...] week also saw the announcement of the DiSo project by Chris Messina. A way of building open social networks using WordPress as the [...]

  16. [...] OAuth 1.0, OpenID 2.0 and up next: DiSo | FactoryCity Chris Messina and friends are doing good work prototyping the next generation of social networking tools (tags: diso oauth openid socialnetworking)   [...]

  17. wp-openid moving to DiSo on Dec 10th at 11am

    [...] case you missed it last week, Steve Ivy and Chris Messina announced the DiSo Project as an incubator of sorts to develop distributed social applications. [...]

  18. [...] From here: [...]

  19. [...] serve as your next social networking profile? Chris Messina, co-founder of Citizen Agency, thinks so. He’s started a project called DiSo, for distributed social networking, that aims to [...]

  20. [...] 12/11/07 Chris Messina has the real to this answer, and it is called DiSo. And the standard API for communication is called OAuth. Technorati Tags: social networking app, [...]

  21. [...] It’ll initially produce code that works with WordPress. Chris Messina, one of the three founders of the project (DiSoManiacs?) stated that this project is intended to be an example whose concepts should be able to be implemented on any pla…. [...]

  22. [...] (vedi The Social Graph problem di Brad Fitzpatrick), citando gli esperimenti di Steve Ivy (vedi DiSo) per esporre la propria contact list verso altre [...]

  23. [...] lui chiama “citizen-centric identity” (o “user-centric identity”). E in un articolo pubblicato su Factory City, egli introduce il progetto DiSo, un acronimo che sta per “Distributed Social [...]

  24. [...] with WordPress: Gigaom announces “The Next Social Network” being put together by Chris Messina called DiSo on the WordPress [...]

  25. [...] Chris Messina (2007) – OAuth 1.0, OpenID 2.0 and up next: DiSo [...]

  26. [...] til at se mere til det her og der, specielt nu da OpenID 2.0 er på banen, skarpt efterfulgt af OAuth 1.0. Også Wired har opdaget mulighederne, DiSo er undervejs, og selv undertegnede har nu en [...]

  27. [...] distribuerede (portable) sociale netværk/identitet/applikationer. Læs fx om det nye initiativ DiSo her. …embarked on a prototype project to build a social network with its skin inside out. We’re [...]

  28. [...] these reasons, we’re following Chris’ work on DiSo – Distributed Social Networking Applications.   He’s working with Will Norris and Steve Ivy [...]

  29. [...] Chris Messina, DiSo’s co-creator, is looking at WordPress as its foundation “to create a distributed social network with its skin inside out.” This project, if successful, might pioneer in unifying the social graph. One social [...]

  30. [...] to building a distributed social network using WordPress as the basic platform. A week back, Chris Messina mentioned in his blog about his plans to work on a “prototype project to build a social network [...]

  31. [...] OAuth 1.0, OpenID 2.0 and up next: DiSo | FactoryCity – With OpenID for identity and authentication and OAuth for authorizing access to portions of your private data, we move ever closer to inverting the silos and providing greater mobility and freedom of choice, restoring the balance in the marketplace and el [...]

  32. [...] un proyecto nuevo llamado DiSo (Distributed Social Networking Applications), un nuevo proyecto de Chris Messina para intentar crear una red social descentralizada sobre WordPress utilizando Open ID, [...]

  33. [...] of open source implementations of these distributed social networking concepts. or as Chris puts it: “to build a social network with its skin inside [...]

  34. [...] el blog de GigaOm me entero del nuevo proyecto de Chris Messina, llamado DiSo (Distributed Social Networking Applications), el cual busca el objetivo de crear una [...]

  35. [...] all the BarCamps that have erupted around the world. OpenID2, oAuth, microformats, Diso – Chris is helping to make the world of open social networking – a reality. And giving all the code [...]

  36. [...] project that by using OpenID as an identifier and WordPress as publishing platform wants to “build a social network with its skin inside out.” With some sophisticated blogroll-related plugins, bloggers would be able to build a social [...]

  37. [...] project I am trying to get involved with in the future is probably DiSo which stands for Distributed Social Networks and is very much going in the aboce described [...]

  38. [...] a group of open source implementations of these distributed social networking concepts. or as Chris puts it: “to build a social network with its skin inside [...]

  39. [...] post explains, what the DiSo project by Chris Messina and Steve Ivy is all about. Just read this or this for an english [...]

  40. [...] to Matt & Toni: Three ways for WordPress to become more of a social network’. The DiSo project is targeting WordPress first in an effort to create an open social network. An interview with Chris [...]

  41. [...] un proyecto nuevo llamado DiSo (Distributed Social Networking Applications), un nuevo proyecto de Chris Messina para intentar crear una red social descentralizada sobre WordPress utilizando Open ID, [...]

  42. [...] sagt allting som idag ligger låst i olika applikationer på datorn eller på nätet. Läs tex om OAuth och OpenID här. Det är spännande tider av öppenhet och möjligheter, och alla verkar dras in i [...]

  43. [...] Chris Messina’s announcement of the collaboration effort with Steve Ivy [...]

  44. [...] a group of open source implementations of these distributed social networking concepts. or as Chris puts it: “to build a social network with its skin inside out”. Specifically, they’re starting [...]

  45. [...] Chris Messina, who says we currently treat user credentials “like confetti,” is more than a little excited and is building a series of WordPress Plugins to take advantage of these formats. Stephane Daury is excited too. Related:TruthShortcodesWidgetsInstallation & OptionsbSuite 4 [...]

  46. [...] seit Ende 2007 wird immer wieder darüber nachgedacht, ob sich ein soziales Netzwerk auf Basis von WordPress realisieren lassen [...]

  47. [...] Distributed Social projecthttp://factoryjoe.com/blog/2007/12/06/oauth-10-openid-20-and-up-next-diso/ More on how OpenID and OAuth could perhaps be used in this context. [...]

  48. [...] we move into the economic downturn, startups (and grassroots efforts) will shift from focusing on the last epoch of social graph and media sites to looking at [...]

  49. [...] not sure that anyone mentioned it really, but a couple of weeks ago was the one year anniversary of the DiSo Project. In that time, Chris and I were both hired by Vidoop to work [...]

  50. [...] DiSo Project is just over a year old. It’s remained a somewhat amorphous blob of related ideas, concepts and aspirations in my [...]

  51. [...] taste the mythical open, decentralized social network of tomorrow. In context, turns out it was the network of the day-after-tomorrow, with Chris Messina posting today that: Steve Ivy and I have embarked on a prototype project to [...]