Announcing my candidacy for the board of the OpenID Foundation

My campaign has launched

This is the statement (credit to Michael Richardson for my campaign slogan) that I submitted to answer the call, nominating myself as a candidate for community representative to the OpenID Foundation board:

I have long been involved with the OpenID community and have advocated for its adoption ever since I discovered it. It is a central building block of the emerging Open Stack and of the DiSo Project, an effort that I co-founded to create reusable components for decentralized social networking.

To get right to it: I’m running for a seat on the OpenID board because I believe that there is a need for change, for evolution, for setting a clear direction, and a need for a passionate rededication to the promise that OpenID represents.

Above all else, I also believe that the OpenID brand needs to be strengthened to mean something specific, in the same way that brands like Visa and Mastercard now, many years after their introduction, indicate the ability to use an abstract identifier (like a piece of plastic) to access something of value (namely, your accounts). In the case of OpenID, for some, it may mean connecting with friends or pulling in photos or bookmarks from one’s favorite services. It may also simply mean not having to get another password, or it might provide a more convenient way to identify yourself. But bottom line, the Foundation needs to see through OpenID becoming a strong and recognizable consumer brand.

To do this, we need to:

1) I believe that we must make OpenID more usable, but I also believe we must enhance the value of having an OpenID in the first place. Single sign-on is not enough. Facebook Connect demonstrates real value for both relying parties and for Facebook account owners; OpenID must mean more to people than one less password — it has to be seen as a vehicle leading to the socialization of the web in a way that’s meaningful, durable, and that enhances individual choice — and therefore, freedom.

2) Over the past year, we have chalked up high level support from such companies, and though their support is invaluable, we must continue to increase our visibility and credibility by consistently becoming more inclusive, more diverse and more expansive in our reach. The OpenID community needs to organize itself as an ally to developers, designers, relying parties, businesses, governments, municipalities, and educational institutions, and move beyond the emphasis on large internet companies.

To make OpenID more usable and valuable:

a) To this end, I believe that the Foundation should commission an ongoing series of general user studies on trends in online identity management and conduct surveys on OpenID brand awareness, OpenID usability, virtual identity internalization, and online social behavior. The Foundation should endeavor to become an authoritative source of knowledge, understanding and best practices for creating identity solutions for people on the social web.

b) Personally, I would like to improve the state of the OpenID web site and use of social media. I’ve done quite a bit of work marshalling communities with social software and am happy to take on such responsibilities.

c) I also believe that further progress must be made to harmonize OpenID and OAuth, and that the work that Google has spearheaded in this regard is critical.

d) I would like to centralize the OpenID libraries, either on Google Code or GitHUB, and through the existing bounty program, incentivize the development of optmized language-specific libraries, as we have done with the OAuth community. This effort would be incomplete without the development of a test suite and series of test servers against which various libraries and implementations could be tested.

To help expand scope, reach, visibility of OpenID:

a) To do this, we must develop 21st century trademark guidelines, as Mozilla has, that enable us to maintain the integrity of the name and the mark, while also supporting widespread publishing and promotion of the mark, through non-commercial grassroots communities and networks, just like the Firefox brand. As a former community admin of the Spread Firefox project, I can confidently lend my experience here.

c) There is a need for more decentralized *camp-style events that promote solutions built on Open Stack technologies like OpenID, and we need to increase our presense and marketing materials at popular trade events both within and beyond the web community. I have proposed to O’Reilly a full day of workshops at the upcoming Web 2.0 Expo event in San Francisco and have initiated a conversation with Wired to develop a series of tutorials for their Webmonkey How-to wiki. We need to move beyond web-based outreach and marketing and start encouraging involvement in OpenID from folks in the real world.

d) Along with improving OpenID in desktop contexts and mobile devices, I think that OpenID can become useful in console gaming situations, just as people have become used to the idea of Wii Codes and Xbox gamertags (why aren’t those OpenIDs?!).

OpenID is at a critical juncture, and with the right people involved, the OpenID Foundation and its supporters will usher in the future of the free and open social web. Recent conversations have convinced me that the role of the boardmember brings with it a certain visibility, responsibility, and an opportunity to lead from within that would provide me with a platform to be more effective and to realize my aspirations for OpenID more quickly. I am also impressed by the caliber of individuals running for the board (though I would have preferred to see a more diverse pool of candidates, since OpenID isn’t only used by male internet users). And to put my candidacy in context, I want to make it clear that I will continue to advocate for and advance the cause of OpenID whether or not I am selected to the board.

Nominations close on Monday and I need at least two seconds to be eligible to be voted on. Voting begins on Dec 10 and ends Dec 24, with the results of the election being announced by Dec 31.

In order to vote in the election, you’ll need an OpenID and membership in the OpenID Foundation (which will run you $25). But if you really need a reason to spend $25 and vote for me, here it is:

Now, this is a story all about how My life got flipped-turned upside down. And I liked to take a minute Just sit right there, I’ll tell you how I became the prince of a town called Bel Air. In west Philadelphia — born and raised. On the playground was where I spent most of my days Chillin’ out, maxin’, relaxin’, all cool and all shootin some b-ball outside of the school, when a couple of guys who were up to no good startin making trouble in my neighborhood. I got in one little fight and my mom got scared She said ‘You’re movin’ with your auntie and uncle in Bel Air’.

I begged and pleaded with her day after day, but she packed my suitcase and sent me on my way. She gave me a kiss and then she gave me my ticket. I put my walkman on and said, ‘I might as well kick it’. First class, (yo this is bad), drinking orange juice out of a champagne glass. Is this what the people of Bel-Air living like? Hmmmmm this might be alright. But wait I hear they’re prissy, wine all that. Is Bel-Air the type of place they send this cool cat? I don’t think so I’ll see when I get there I hope they’re prepared for the prince of Bel-Air.

Well, the plane landed and when I came out there was a dude who looked like a cop standing there with my name out. I ain’t trying to get arrested, I just got here! I sprang with the quickness like lightning, disappeared! I whistled for a cab and when it came near, the license plate said fresh and it had dice in the mirror. If anything, I can say this cab is rare! But I thought ‘Nah forget it’ – ‘Yo homes to Bel Air!’ I pulled up to the house about 7 or 8 And I yelled to the cabbie ‘Yo homes smell ya later’ I looked at my kingdom I was finally there to sit on my throne as the Prince of Bel Air.

Ma.gnolia moves to OpenID-only sign ups

Twitter / Ma.gnolia: Our days as yet another ide...

Ma.gnolia.com - sign in OptionsMa.gnolia’s not the first to move to OpenID-only signups, but perhaps one of the first to remove the ability to create new Ma.gnolia-only accounts in favor of the alternative.

If you previously created a Ma.gnolia account you can still sign in with your email address or username and password, but new accounts must be generated using remote credentials from services like Facebook or Yahoo!, or with any OpenID.

This approach offers a couple benefits as well as drawbacks. It’s important to think through these issues from a number of perspectives (users, community, developers and site owners/maintainers) and to think about what this might mean for similarly narrow applications in the future (Ma.gnolia is a social bookmarking site and, like Twitter, does one thing pretty well and sports a number of capable APIs for extending the service).

Users

For existing Ma.gnolia users, not much has changed besides the sign in experience. Once you’ve set your default sign in interface (i.e. OpenID, Yahoo!, Facebook, old skool Ma.gnolia, etc), you shouldn’t need to worry about this choice again, unless you clear your cookies or use a new computer. Once signed in, you use Ma.gnolia as you always would.

The difference comes for new users signing in for the first time. Rather than going through that old dance of providing an email address, waiting for the confirmation, clicking through the confirmation link, filling in your profile, uploading an avatar, blah blah blah, you simply click a button or enter your OpenID URL, confirm your account on your identity provider, return to Ma.gnolia and you’re set. Depending on how you’ve setup your remote account, Ma.gnolia could import your avatar, your name, your email address and other demographic details, which you can customize later, all in one fell swoop.

Now the big question of course is: what happens if someone comes to Ma.gnolia to sign up and doesn’t have a remote account or doesn’t want to use one of their existing accounts?

On the first point, with Yahoo’s adoption of OpenID earlier this year, and AOL, WordPress.com, LiveJournal, and Flickr (among others), we have pretty good coverage for most people. Add Facebook accounts into the mix, and for most of the folks who will be signing up for Ma.gnolia, they’ll probably have another account hosted elsewhere that they can reuse. And, signing up for a new OpenID account elsewhere, at sites like ClickPass, Vidoop or MyOpenID, is barely less convenient than the old process for creating a new Ma.gnolia account (and, the process for obtaining an OpenID will probably get consistently easier over time anyway).

But, what if you don’t want to use an existing account, either because you’re worried about associating your other online activities with your bookmarks, or you prefer to keep facets of your identity separate in different contexts? Well, there are two answers here: 1) too bad because, well, Ma.gnolia doesn’t really “need” new signups (more on this later), and besides, it turns out that most of Ma.gnolia’s OpenID users to date (sure, the early adopters) have shown higher engagement and therefore represent higher value to the overall community; and 2) not too bad if you use ClickPass, Yahoo! or another identity provider that supports directed identity — a feature that essentially assigns a unique OpenID URL for each new service that you signup for, keeping your online activities discreet unless or until you choose to unify them.

Community

The benefit to the community here is somewhat speculative, but I can say that there is increasing value in knowing if user_x on one system is the same user_x on another system, and not just due to an accidental (or intentional) name collision. Since Ma.gnolia will now have a verified identity URL for each of its members, it will be conceivably easier to evaluate whether the factoryjoe you’ve stumbled upon is me or not, since I’m the only person who can sign in against factoryjoe.com, my OpenID URL.

This has benefits for the existing group functionality and for contact lists in Ma.gnolia, so that, as you begin to grow an external contact list of URLs for people, Ma.gnolia could watch your list and then alert you when new friends show up and start participating on Ma.gnolia, along the lines of the feature that Dopplr just released and that Facebook has begun offering.

Once Ma.gnolia is able to identify its users from external networks, implicit reputation will emerge in the minds of users who can recognize their friends from other networks. Again, if I’ve identified myself to Ma.gnolia as factoryjoe.com, anyone who uses OpenID on their blog and has seen me leave a comment with my OpenID will have a pretext for interacting with and connecting to me. As it is today, it’s completely hit or miss whether I’ll remember or recognize someone on Ma.gnolia unless they use the same avatar that they use in other social networking contexts — and while that heuristic works most of the time, it’s certainly not trustworthy, given that anyone can upload anyone else’s avatar.

Developers and Site Owners/Maintainers

This last group has somewhat less to do with Ma.gnolia specifically, but, should this trend towards accepting remote credentials exclusively take off, not only will we see increasing value in picking a solid identity provider, but we’ll also see an easier situation for developers and site owners and maintainers who will be able to ostensibly outsource the account management duties of a site. While a drawback is that users may be locked out of their accounts should their identity provider go down (hence the importance of choosing wisely and designing sites defensively!), the major upside is that all the annoying and redundant stuff around building user login pages, error handling, password retrieval and recovery will become the duty of third parties.

To put this in perspective, think of credit cards (my favorite analogy for OpenID): as much as it sucks, when your credit card is declined, it’s not up to the store owner to sort out what went wrong: it’s between you and your bank. The store owner is off the hook. Sure, he can be helpful and forgiving and offer to take another form of credential or point you to an ATM, but ultimately, you’re going to need to resolve the issue on your own. Considering the time that Larry and Todd put in supporting the Ma.gnolia community (two people for over 100,000 members!), they really should be focusing on core issues with the service and improving the basic functionality and performance rather than dealing with trivial account matters that really don’t have much to do with Ma.gnolia’s core offerings.

But that’s just looking at legitimate users — i.e. “real” people.

The far more troubling trend on Ma.gnolia has been the rise of spammers of various ilk, using the site for misguided SEO scams that burden the overall system. You could argue that fighting spammers alone would be enough to warrant the switch to OpenID-only account provisioning if it weren’t for the additional merits I’ve already mentioned (and according to Larry, it looks like this change has already paid off with a considerable drop in spammer activity on the site).

The beauty of relying on URL-based accounts is that other people with a far greater interest in “owning identity” (that is, big services like Yahoo! and Facebook or individuals operating their own blogs or identity providers) is that other, more capable and focused systems are tasked with weeding out the bad actors. And, depending on how you decide to implement this approach, you can choose to trust certain identity providers more than others, just as border patrol does for passports of different origin today. Sure, there will continue to be value and legitimacy in anonymity or pseudonymity in social networking contexts, but using remote identities doesn’t actually affect that. It just means that you have to find the appropriate host that will offer you directed identity. All the same terms of use apply, as well ss the terms of the remote system (therefore, anyone who signs in to your site using a Yahoo! OpenID will have already agreed to the Yahoo! terms of service barring abuse and illegal activities).

From a developer perspective, it will also get easier to support this approach as libraries to handle remote account provisioning and delegated authorization (using OAuth) will proliferate. Ideally it will lead to more innovation and more experimentation and more qualified signups for services when user sign-in is outsourced, just like server hosting is now handled by S3 and computation is handled by Amazon’s EC2 (etc.).

It’s not that Ma.gnolia’s abandonment of new native accounts is that much of a revelation, but it does offer the chance to reconsider how taken-for-granted account creation and instantiation has become. I know that Leslie Chicoine of Satisfaction has been thinking about latent registration where users are exposed to the value of the site before being forced down the sign up rabbit hole. Migrating to remote accounts is just one more way of lowering the barrier to demonstrating your core value and engaging new users immediately. It’ll be very interesting to watch the response on Ma.gnolia and to see whether, in reducing the number of spammers on the site, it also has the unintended effect of reducing new signups by real people. Somehow I doubt it, especially if it gets easier to incorporate Ma.gnolia as a service in remote applications like Facebook and OpenSocial containers.

The Fried Henderson and the value of being clever

I started off this morning with a partially composed blog post in mind owing to my reaction to a lengthy conversation I had yesterday (tweeted for reference). For whatever reason it took me all day to sit down to tackle it, but perhaps I needed the day to stew over it in the back of my mind.

The basic premise is this: cleverness is a huge asset when applied to constraint-based technological innovation and is probably the most necessary attribute that someone can bring to your organization today.

Only the truly clever will avoid unnecessary reinvention at all costs to the point that, to the lay observer, this individual may seem like a downright lazy corner-cutter. Instead, cleverness is a honed skill that takes time, dedication and above all, a commitment to cultivate an appreciation for not only doing the least amount of work possible, but also the ability to pick the least amount of work possible that will also afford the most leverage in actually solving the problem.

This is not trivial stuff either, and I’ll tell you why in a bit.

First, I’ll identify 37 Signals‘s Jason Fried and Flickr’s Cal Henderson as my inspiration for this line of thinking. Conversations with both of these guys has taught me a lot about the value of cleverness and its relevance in each their respective successes. These guys are ruthless; whenever I’m stuck hemming and hawing between potentialities, I always ask myself, man, if I pinged Jason or Cal right now and asked what I should do, what would he say?

Well, after doing just that countless times, I’m pretty confidant, especially after yesterday’s exchange, that I can now serve myself. I’ve started to use what I’ll call the law of minimal reinvention. Or, to contradict myself and invent something new, maybe I’ll call it the The Fried Henderson Law.

The Fried Henderson is an approach to problem solving rooted in erudition, experience and a love of World of Warcraft. The trick is in seeing the opportunity space clearly, adding the right constraints (as many as possible), and then avoiding reinvention at all costs. More often than not, it’s triangulating a solution: what’s the shortest distance between where we are now and getting to the pub afterwards to celebrate our success? Or, to put it into Fried Henderson terms, what’s the least amount of work that I can do to satisfactorily solve this problem so I can get back to World of Warcraft?

Well, clearly, if you’re going to not only get back to WoW but avoid additional interruptions, you’re going to need to document your work. And, if you’re writing your own documentation, as the 37 Signals guys do — constantly — you’ll quickly realize the benefit of creating small and simple isolated solutions that can be reused as components over and over again, playing along with Tantek’s Building Blocks model. Better yet, the most clever folks will resort to using existing applications and solutions built, maintained — and documented — by others, and — provided the licensing rights check out — will use the solutions of other similarly clever folks over needlessly wasting effort reinventing a redundant solution.

Given the current state of the web, web services and the “mashup-cum-widget economy”, this is crucial and absolutely necessary to consider when hiring today. You don’t need someone who feels compelled to prove him or herself by reinventing yet another AJAX framework; the candidate who searches Google for an existing implementation with documentation is the one you hire. This is the candidate that you want, the one that is resourceful, can get things done typically under or near budget and with probably fewer resources and less time than an equally qualified but overly inventive individual. To make it catch-phrasey, you want someone who essentially subscribes to the Friend Henderson dictum.

So. For completeness I should point out that sometimes it’s okay to invent something again. Or to solve a problem in a novel or more effective way given changes in the environment, attitudes or opportunity space (broadband, reduced importance of privacy, launch of the iPhone, etc.). There are also a large number of uninvented solutions out there (namely the ones that haven’t been invented yet, in case my language yoo confooze) — for example, solving the cross-domain social networking problem (though some folks are working on it *ahem*). Or fixing drag and drop upload in the browser. Or getting people into the browser too. Etc etc.

The point isn’t to not be creative but instead to be clever, in a do-as-little-as-necessary way. There are so many great tools and technologies out there today with so little of their full potential discovered or exposed (I mean, had you thought of using Google Maps for viewing panoramas?! Neither had I!) that it’s silly to consider reinventing existing infrastructure when others have already done your work for you!

Do as Jon Hicks says and be a creative sponge for sure, but also following the rule of Fried-Henderson and be clever in what you endeavor to create! If someone has already bothered to create a better solution and to support it, for shuck’s sake, use it!

BarCampAustin, BarCampPlannersSummit and CoworkingMeetup

BarCampAustin logo

Hot on the news that co-organizer Whurley has joined BMC Software as Chief Evil Genius, we’re kicking off the start of BarCamp/Refresh/Dorkbot at Bourbon Rocks in Austin alongside the start of SXSW.

A couple notes… BarCampAustin starts started today and continues into tomorrow (yes, this overlaps with the first day of SXSWi). Highlights include $10 screenprinting of your own custom BarCamp tshirt and Austin favorite SoulHat will be playing Saturday Night — along with other surprises throughout. As co-organizer Erica O’Grady says, This is definitely going to be a BarCamp you won’t want to miss 😉

Now, as for agendas… just want to point out that we’ll probably be doing both a session and a coordinating meeting of some kind related to coworking tomorrow. This is the meeting that we previously discussed but didn’t set a definite time on. I think it’d be best if we planned to take this on tomorrow from 3:30 to 4:30 — trying hard not to conflict with too many panels… so that Tara can join in, since she’ll be jetting off to Vegas to perform reconnaissance at Community Two Point Oh Con.

Otherwise, the rest of the week is pretty well covered by Jeremy Keith’s microformats mashup until we arrive at the on Thursday.

So, while I’m at it, I want to pimp out Twitter (not like it needs it — but you can follow what’s going on by sending the command join sxsw — though unfortunately there’s no “unjoin” if you want to tune us all out) and Conferenceer — both will prove indispensable tools throughout the week and beyond.

Does it ever rain on the internet?

Trying to map natural phenomena to the digital…

“Rain.”

Does it ever rain online? Y’know, not so much like “water” or “precipitation” but the phenomenon of “moisture” condensing, rising up into the atmosphere, and then returning to the surface to distribute nutrients, replenish the environment, to wash away the residue of life unfolding.

….

What I’m also wondering about are those bottom-dwellers… like the sucker fish at the bottom of fish tanks in Chinese restaurants… do they exist online? …as part of the positive ecosystem — not like viruses or pests like spammers, but creatures that perform maintenance on the conditions of the environment.

And the two classes are: natural occurring phenomena and voluntary maintenance actors.

So I’m just wondering about this.. that’s all.

Monolingual 1.3.7 adds Sparkle

Finally, no more Sourceforge nonsenseMonolingual 1.3.7 has added support for Sparkle!

Combined with AppZapper and Xslimmer, Monolingual is a great way to keep your system light and free from superfluous language files that can take up hundreds of megabytes…

What I’d really like to see, though, is these three apps get together to come up with a blacklist feature to protect sensitive apps that don’t like to be messed with. I know that Xslimmer is doing something like this — now to get AppZapper and Monolingual to sign on!

MC Chris at Isotope

Just coz I think you should be aware and that I’m up and jet-lagged back in SF after a horrendous experience with the worst airline ever (possibly even worse than American Airlines), I thought you should know that MC Chris (mastermind behind Fett’s Vett) is coming to Isotope Comics in Hayes Valley tonight at 8pm to perform a free, all ages gig.

Ok, now to go sleep.