Citizen-centric Web, Digital Identity, Life online, Technology, The Web Arts, Web building

OAuth 1.0, OpenID 2.0 and up next: DiSo

OFFICIAL OAuth logoIIW 2007b is now over and with its conclusion, we have two significant accomplishments, both the sum of months of hard work by some very dedicated individuals, in the release of the OpenID 2.0 and OAuth Core 1.0 specifications.

These are two important protocols that serve as a foundational unit for enabling what’s being called “user-centric identity”, or that I call “citizen-centric identity”. With OpenID for identity and authentication and OAuth for authorizing access to portions of your private data, we move ever closer to inverting the silos and providing greater mobility and freedom of choice, restoring the balance in the marketplace and elevating the level of competition by enabling the production of more compelling social applications without requiring the huge investment it takes to recreate even a portion of the available social graph.

It means that we now have protocols that can begin to put an end to the habit of treating user’s credentials like confetti and instead can offer people the ability to get very specific about they want to share with third parties. And what’s most significant here is that these protocols are open and available for anyone to implement. You don’t have to ask permission; if you want to get involved and do your customers a huge favor, all you have to do is support this work.

To put my … time? … where my mouth is (I haven’t got a whole lot of money to put there) … Steve Ivy and I have embarked on a prototype project to build a social network with its skin inside out. We’re calling it DiSo, or “Distributed Social Networking applications”. The emphasis here is on “distributed”.

In his talk today on Friends List Portability, Joseph Smarr laid out an import set of roles that help to clarify how pieces of applications should be architected:

  • first of all, people have contact details like email addresses, webpage addresses (URLs), instant messaging handles, phone numbers… and any number of these identifiers can be used to discover someone (you do it now when you import your address book to a social networking site). In the citizen-centric model of the world, it’s up to individuals to maintain these identifiers, and to be very intentional about who they share their identifiers with
  • Second, the various sites and social networks you use need to publish your friends and contacts lists in a way that is publicly accessible and is machine readable (fortunately does well there). This doesn’t mean that your friends list will be exposed for all the world to see; using OAuth, you can limit access to pieces of your personal social graph, but the point is that it’s necessary for social sites to expose, for your reuse, the identifiers of the people that you know.

With that in mind, Steve and I have started working on a strawman version of this idea by extending my wp-microformatted-blogroll plugin, renaming it to wp-contactlist and focusing on how, at a blog level, we can expose our own contact list beyond the realm of any large social network.

Besides, this, we’re doing some interesting magic that would be useful for whitelisting and cross-functional purposes, like those proposed by Tim Berners-Lee. Except our goal is to implement these ideas in more humane HTML using WordPress as our delivery vehicle (note that this project is intended to be an example whose concepts should be able to be implemented on any platform).

So anyway, we’re using Will Norris’ wp-openid plugin, and when someone leaves a comment on one of our blogs using OpenID, and whose OpenID happens to be in blogroll already, they’ll be listed in our respective blogroll with an OpenID icon and a class on the link indicating that, not only are they an XFN contact, but that they logged into our blog and claimed their OpenID URL as an identifier. With this functionality in place, we can begin to build add in permissioning functionality where other people might subscribe to my blogroll as a source of trusted commenters or even to find identifiers for people who could be trusted to make typographic edits to blog posts.

With the combination of XFN and OpenID, we begin to be able to establish distributed trust meshes, though the exposure of personal social graphs. As more people sign in to my blog with OpenID and leave approved comments, I can migrate them to my public blogroll, allowing others to benefit from the work I’ve done evaluating whether a given identifier might be a spam emitter. Over time, my reliability in selecting and promoting trustworthy identifiers becomes a source of social capital accrual and you’ll want to get on my list, demonstrating the value of playing the role of identity provider more widely.

This will lead us towards the development of other DiSo applications, which I’ve begun mapping out as sketches on my wiki but that I think we can begin to discuss on the DiSo mailing list.


66 thoughts on “OAuth 1.0, OpenID 2.0 and up next: DiSo

  1. Pingback: Anne Truitt Zelenka » links for 2007-12-06

  2. Pingback: Four Starters » Federating the social graph some more

  3. Pingback: Open Social Web Now: #5 at Like It Matters

  4. It seems to me then, what’s missing from this is a standardized method of adding and removing friends from your network. While importing your data into a network is great, having to maintain it by hand sucks. So creating a standardized interface that can be accessed by social network applications through OAuth is just as important as creating a method of displaying this information.

  5. Pingback: Luis Villa’s Blog / DiSo.

  6. Pingback: tekArtist » Diso Is Born. OpenSocial Delayed Until Next Year.

  7. Erick Papadakis says:

    How is DiSo different from the endeavors down at

  8. Pingback: DiSo « Superstar IT

  9. Pingback: DiSo Project :: Welcome to the Diso Project

  10. Pingback: DiSo, A OpenID And OAuth Prototype | iface thoughts

  11. Pingback: EnThinnai Blog » Blog Archive » Self Maintained Contact Information

  12. Pingback: James Governor’s Monkchips » links for 2007-12-07

  13. Pingback: Irregular Verbiage » Blog Archive » Tech Links

  14. Pingback: People Over Process » links for 2007-12-08

  15. Pingback: The Progressive Economics Forum » Will privacy concerns kill Facebook?

  16. Pingback: afongen » links for 2007-12-09

  17. Pingback: Four Starters » Federating Social Networks review

  18. Pingback: a work on process » links for 2007-12-10

  19. Pingback: wp-openid moving to DiSo

  20. Pingback: Diso - OpenID and beyond in Wordpress : Rohan’s blog

  21. Chris Obdam says:

    @Chris You’ve added a Magnolia link for OpenContacts but it’s linked to
    Without an S.. 🙂 Don’t think that’s correct..

  22. Pingback: The Next Social Network: WordPress - GigaOM

  23. Pingback: n.sputnik » Could A Decentralized FaceBook/F8-Type Platform Become "Web 3.0"?

  24. Pingback: What DiSo Means to Me « Changing Way

  25. Pingback: Biccio. » Il tuo blog come carta d’identità

  26. Pingback: Social Networking: un enorme social network chiamato Web (Parte 2) | Stalkk.ed

  27. Pingback: WordPress Wednesday News: WordPress Theme Viewer Waits, New Social Network, Security Issues, Austin Grows, Gravatars Enabled, WordPress Books, Matt Cutts, and More : The Blog Herald

  28. Pingback: » Projekt DiSO

  29. Hey Chris, I’ve had so many tabs opened today, that I finally realized I never finished reading this post! Glad I did however. As I’m glad I’ve gotten membership to DiSo and the mailing list. Very much looking forward to working in this group for the betterment of the online community as well as my own nefarious means! (Okay just kidding, honest!)

    Looking forward to “what’s next!”

  30. Pingback: Eksponering » OpenID — nu med billeder

  31. Pingback: - om portable sociale netværk » Facebook åbner op?

  32. Pingback: claimID weblog - Manage your online identity. » Archive » DiSo and the future of Social Networks

  33. Pingback: WordPress Blogs: The Next Social Network? « Gormful

  34. Pingback: EnThinnai Blog » Blog Archive » Distributed Social Network

  35. “…this project is intended to be an example whose concepts should be able to be implemented on any platform.”

    Is anyone already working on a DiSo for Drupal?

  36. Pingback: - om portable sociale netværk » Interessante links fundet d. 13. December

  37. Pingback: Del primer weblog a redes sociales a partir de Wordpress « Historias de un Webmaster

  38. Pingback: What’s New, Marcus? • Links I’m Reading Today

  39. Pingback: Redes Sociales con WordPress | WOW Magazine

  40. Pingback: Marc’s Voice » Blog Archive » 25 who mattered in 2007

  41. This is a fascinating idea. I would like to become a mental supporter due to lack of time – how about an icon/badge/thingy that I can put on my homepage or in my FB profile?


  42. Pingback: Wordpress too complicated to be THE next social network

  43. Pingback: What is the future of Content Management Systems related to Social Networks —

  44. Pingback: »  Links I’m Reading Today

  45. Pingback: Verteilte soziale Netzwerke mit Wordpress: DiSo —

  46. Pingback: Note to Facebook, Myspace and Other Social Silos: DIE

  47. Pingback: Raúl Vera (rojo) » Blog Archive » De Wordpress a las Redes Sociales, una evolución natural

  48. Pingback: Friendfeed - det är nu det händer · Mindpark

  49. Pingback: DiSo as explained by @kveton and @mtrichardson - Sponsored by Vidoop at Beer and Blog

  50. Pingback: Peter Van Dijck’s Guide to Ease » Blog Archive

  51. Pingback: » OAuth and WordPress

  52. Pingback: Soziales Netzwerk auf Basis von Wordpress? - Netzlogbuch

  53. This is exciting! This is very much in line with the software I’m writing right now, which aims to turn the internet into a social network (i.e. regardless of the software you use).

    I implemented a new protocol for notifying a website when you added it to your contact list (blogroll) because I couldn’t find an appropriate standard, but I think I’m on the right track 🙂

  54. Pingback: The DiSo Project and Thinking of Ways to Collaborate

  55. Pingback: The Song Remains The Same » Blog Archive » A Road Sign In A Digital World

  56. Pingback: DiSo - One Year Later |

  57. Pingback: Where we’re going with Activity Streams | FactoryCity

  58. Pingback: DiSo Is Born. OpenSocial Delayed Until Next Year. « tekArtist

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s