openid foundation – Factory Joe

This week in video: Facebook and the OpenID Design Workshop

http://www.viddler.com/player/423b8f4b/

Needless to say, it’s been a big week for the open web, with Facebook joining the OpenID Foundation and hosting an OpenID Design Workshop.

Above is the latest episode of theSocialWeb.tv called “An Open Discussion with Facebook”, filmed yesterday on location at Plaxo. John, Joseph and I talk about the week’s news with Dave Morin and Luke Shepard of Facebook, going into some detail about Facebook’s new emphasis on their open strategy.

OpenID Design Workshop

I also recorded a bunch of video from the OpenID Design Workshop (which John McCrea did a great job liveblogging):

OpenID Design Workshop Introductions

Luke Shepard and Dave Morin introduce the schedule for the day; individual attendee introductions.

Julie Zhou from Facebook presents on Facebook Connect

Julie presents the design thinking behind Facebook Connect. Slides.

Max Engel presents MySpace usability research

Max presents usability findings from research on connecting MySpace to other sites, like AOL. Slides.

Brian Ellin presents RPX and the history of OpenID interfaces

A look at the history of OpenID interfaces, with insights into what people type “into the box”. Slides.

Eric Sachs and Brian Kromrey present on federated login research/popup

Eric Sachs and Brian Kromrey talk about their work implementing OpenID and present the new popup flow. Slides.

Joseph Smarr presents on the hybrid OpenID/OAuth flow

Joseph presents the famous “92% Demo”. Slides.

Chris Messina presents on OpenID Contexts

I present on using OpenID in different contexts. Slides.

OpenID Provider Report Back

The results of the 2-hour OP breakout session.

OpenID Relying Party Report Back

The results of the 2-hour RP breakout session.

Jelly Talks

And there’s now video available from the conversation I had last week with Dave Morin on the inaugural episode of Jelly Talks:

Welcoming Facebook to the OpenID Foundation

The day after Facebook’s 5th birthday, I join David Recordon and the rest of the board of the OpenID Foundation in welcoming Facebook as our newest member, in rapid succession to Paypal just a few weeks ago. The significance of both of these companies investing in and becoming part of the OpenID family can not be understated.

I’m particularly excited that Facebook has joined after the conversation that Dave Morin and I had last Friday during our Jelly Talk. Dave and I were in vehement agreement about a lot of things, and tantamount was the need for the user experience of OpenID authentication to improve.

The crux of the issue is that with OpenID, choice is baked in, which is a good thing for the marketplace and ultimately a good thing for users. The problem is how this choice manifests itself in interfaces.

Facebook Connect is simple because there is no choice: you click a button. Of course, that button only works for the growing subset of the web who have Facebook accounts and want to share their Facebook identity with the web site displaying the button, but that’s why their experience trumps that of OpenID’s. If you take away user choice, everything becomes simple.

But I believe that we can do better than that, and that we can arrive at a satisfying user experience for OpenID that doesn’t necessarily have to dispense with choice. And from the sound of our conversation on Friday, and with Facebook’s membership in the OpenID Foundation, I believe that we now have a mandate to confront this challenge head-on, as a top priority.

To that end, Facebook will be hosting the second User Experience Summit for OpenID on February 10th. The goal is to convene some of the best designers that leading internet companies can muster, and bring them together to develop a series of guidelines, best practices, iterations, and interfaces for making OpenID not just suck less, but become a great experience (in same vein as the hybrid OpenID/OAuth flow that we saw from Plaxo and Google last week, and in line with Luke Shepard’s proposals for an OpenID popup).

Although Facebook has not announced any plans for implementing OpenID specificly, their commitment to help improve the user experience suggests to me that it’s only a matter of time before all of the major social networks, in some way, support OpenID. If there were any lingering doubts about the competition between Facebook Connect and OpenID, hopefully the outcome of a successful collaboration will put them to rest.

What PayPal’s member in the OpenID Foundation could mean

Brian Kissel announced this morning that PayPal has joined the board of the OpenID Foundation as our sixth corporate member, with Andrew Nash, Sr., Director of Information Risk Management and a longstanding advocate for OpenID, as their representative.

That PayPal has joined is certainly good news, and helps to diversify the types of companies sitting on the OpenID Foundation board (PayPal joins Google, IBM, Microsoft, VeriSign and Yahoo!). It also provides a useful opportunity to think about how OpenID could be useful (if not essential) for financial transactions on the web.

For one thing, PayPal already relies on email addresses for identification, and one of the things that I’m strongly advocating for in OpenID 2.1 is the use of email-style identifiers in OpenID flows.

Given that PayPal already assumes that you are your email address, things become more interesting when a company like PayPal starts to assume that you are your OpenID (regardless of the format). With discovery, your OpenID could be useful not just as an indicator of your data resources across the web (essential in cloud computing), but could also be useful for pointing to your financial resources. Compare these two XRDS-Simple entries (the latter is fictional):

<!-- Portable Contacts Delegation -->

    http://portablecontacts.net/spec/1.0
    http://pulse.plaxo.com/pulse/pdata/contacts


<!-- Payment Gateway Delegation -->

    http://portablepayments.net/spec/1.0
    http://paypal.com/payment/

From this simple addition to your discovery profile, third parties would be able to request authorization to payment, without necessarily having to ask you every time who your provider is. And of course no payment would be disbursed without your explicit authorization, but the point is — sellers would be able to offer a much more seamless payment experience by supporting OpenID and discovery.

The pieces are more or less in place here, and with PayPal on board, I think that we’re starting to see how OpenID can be used to smooth the on-boarding process for any number of routine tasks — from specifying where you store your photos to pointing to the service(s) that you use for payment.

I commonly use the metaphor of credit cards for OpenID. One thing that makes credit cards convenient is that the 16-digit unique ID on each card is embedded in the magnetic strip, meaning that it’s trivial for consumers to just swipe their cards rather than typing in their account number. OpenID and discovery, combined, provides a similar kind of experience for the web. I think we need to keep this in mind as we move the state of the art forward, and think about what can be accomplished once people not only have durable identity on the web — but can use those identifiers to access other forms of real-world value (and can secure them however they see fit).

Perception and reality in the land of OpenID

OpenID Logo A couple related posts caught my attention recently about OpenID. As I’m now a board member of the OpenID Foundation, I feel some responsibility for helping to inform folks about OpenID: what it is, how it’s used, why I believe that it has so much potential — and at same time, address what it isn’t, won’t or can’t be, and what the scope of the OpenID solution stack is.

The first is a post by Nick O’Neill from the Social Times blog: “OpenID Organizes the Organizers While Facebook and Google Start Letting Users Login“. It was posted on December 29th.

He begins his criticism with a slight error:

Over the weekend the OpenID Foundation announced that they are having its first election of community board members.

In fact, over that particular weekend, the OIDF announced the results of its election, not the kick off.

But his broader sentiment deserves a response:

[…while] Facebook and Google have launched their own identity services that enable users to instantly log in to any site with third-party accounts[, … the] group seems to still be in the process of organizing though. … I think the group is over planning and under executing.

Josh Catone from SitePoint picked up his point, suggesting that “OpenID Needs to Start Getting Real“. He writes:

What the OpenID Foundation needs to do is start “getting real.” Getting real is a business philosophy from 37signals, a successful web application software company based in Chicago. Though there’s a lot more to their idea, one of the main themes essentially boils down to this: stop screwing around with all the stuff that doesn’t matter and just wastes time (like politics and meetings), and start doing the stuff that needs to get done (like building your app). Don’t worry about the details until people are already using what you’re selling.

I agree with O’Neill that so far the OpenID Foundation seems to be spending too much time on organizational stuff, and not enough time on actually doing what needs to get done. In a chapter of their book “Getting Real,” 37signals talks about how meetings can kill productivity. “Every minute you avoid spending in a meeting is a minute you can get real work done instead,” they write. From my admittedly outsider’s vantage point, it appears that the people behind OpenID are getting too caught up in the organizational stuff, getting too lost in the details, and not spending enough time on execution.

My perspective, of course, is that of an outsider. I’m not privy to what’s going on behind closed doors, so to speak. So my perception of what’s really going on could be off. But at this point in the game, public perception is what it’s all about.

And therein lies the heart of the problem. Perception is reality in the land of OpenID and will shape the thinking of developers, users and those who make up the OpenID and user-centered identity communities unless we initiate a campaign to earnestly counter those perceptions.

Nevermind that for OpenID to succeed, it must be developed with the involvement of many different groups, each with slightly different ideas, objectives and release cycles. Unlike Facebook Connect, OpenID is essentially consensus technology. To advance, it must secure and maintain the buy-in and adoption of many parties on every forward step. But let’s ignore that for a moment, because that’s an issue for us to overcome.

Jim Louderback (veteran of PC Mag) recounted his miserable experience trying to sign in to Disqus with his OpenID in a post titled “I can haz OpenID?“. Apparently, he can not, since he abandoned his comment and resorted to posting it to Twitter instead. The problem apparently had to do with Clickpass, but that’s besides the point, as the experience left a serious impression (emphasis mine):

And that gets me back to OpenID. I love the idea of having one set of identification credentials that I can use around the web. If it all works right, it’ll be awesome, birds will sing and the swallows will return to wherever they’ve disappeared from. But it won’t all work right, not all the time. We’re talking software here, and the internet, and the egos of childish web developers. Occasional (or more often) fail is guaranteed.

It’s even worse than I feared. A few days after my Disqus debacle I was talking with a developer friend of mine who was bemoaning the sorry state of OpenID implementations. It seems that all the big sites have their own flavors, and the OpenID foundation just doesn’t have enough clout to force a single standard across the web.

That’s a bad state of affairs. It guarantees more fail – and also guarantees epic finger-pointing. Who will lose? The users, first, who won’t be nearly as patient nor accommodating as I am. But in the end the whole glorious promise of OpenID will be left in tatters, and we’ll be back to our walled-gardens of identification. And that’s just too bad – because an open, interoperable identity system is actually one of the best ideas I’ve heard in a long time. Too bad no one can get their act together to actually build it right.

And these are the stories that will be told and retold because it’s not the successes that are heralded — it’s the epic failures. As much as I like to rag on Twitter about OAuth, their service is a million times better than it was six months ago during the Summer of the Fail. Twitter ops deserve a lot of credit for making hard decisions about which features should be cut in order to scale the service.

But when it works, people don’t shower Twitter with praise. It’s expected. It’s only when there are problems that people raise their voices — and it’s no different with OpenID. Unfortunately it’s this cacophony of complaints that ends up shaping the negative perceptions of OpenID.

So, when the Japanese chapter of the OpenID Foundation releases figures that show significant and gaining consumer awareness of OpenID in Japan that contradict the outdated and statistically insignificant findings (PDF) that Yahoo presented last year (on which so much criticism was heaped), few seem to notice.

Progress in Japan alone isn’t enough of course. But it does suggest that there is more to the story of OpenID’s overall progress and success in the marketplace. It also suggests that OpenID has yet to succumb to Facebook Connect or that it ever will (or that that’s even the right question).

Still, what all this says to me is that the OpenID Foundation and the community at large have its work cut out for itself.

As more people begin to believe in the promise of OpenID, more people will commit themselves to the success of OpenID, taking ownership of the idea, and promoting it their friends and family (as they did with Firefox). Our opportunity is to make good on the hope that people have for OpenID and effectively channel it to challenge the bruised perception that defines OpenID today. If we succeed, changing perceptions truly will change reality.

I’m a candidate for the board of the OpenID Foundation!

The OpenID Foundation board election opened up on December 10. After a grueling nominations process (not really), we were left with 17 candidates vying for seven community board member seats. Your candidates are (alphabetized by first name):

So far, a great deal of discussion has gone on about the various candidates’ platforms on the OpenID general mailing list. Candidates have also written about things that they would like to change in the coming year on their blogs as well, notably Dave Recordon and Johannes Ernst.

For my own part, I wrote up many of my ideas when I announced my candidacy. I also maintain a wiki page of goals that I have for OpenID.

The three issues that are at the top of my list should I be elected to the board really come down to:

establishing OpenID as a strong consumer brand
improving the user experience and ease-of-use of OpenID
enhancing the value of adopting OpenID for individuals, businesses, and organizations

I will lay out my rationale for these positions in a series of upcoming posts.

In the meantime, if you’d like to vote in this election, you will need to register for a $25 year-long membership in the OpenID Foundation (basically providing you the privilege to participate in this and other foundation elections and activities).

I also solicit your feedback, concerns and wishes for OpenID. Though I have plenty ideas about the kind of work that needs to go into OpenID to make it into a great cornerstone technology for the open web, I’m also very interested in hearing from other people about their experiences with OpenID, or about their ideas for how we can advance the cause of OpenID in 2009.

Announcing my candidacy for the board of the OpenID Foundation

This is the statement (credit to Michael Richardson for my campaign slogan) that I submitted to answer the call, nominating myself as a candidate for community representative to the OpenID Foundation board:

I have long been involved with the OpenID community and have advocated for its adoption ever since I discovered it. It is a central building block of the emerging Open Stack and of the DiSo Project, an effort that I co-founded to create reusable components for decentralized social networking.

To get right to it: I’m running for a seat on the OpenID board because I believe that there is a need for change, for evolution, for setting a clear direction, and a need for a passionate rededication to the promise that OpenID represents.

Above all else, I also believe that the OpenID brand needs to be strengthened to mean something specific, in the same way that brands like Visa and Mastercard now, many years after their introduction, indicate the ability to use an abstract identifier (like a piece of plastic) to access something of value (namely, your accounts). In the case of OpenID, for some, it may mean connecting with friends or pulling in photos or bookmarks from one’s favorite services. It may also simply mean not having to get another password, or it might provide a more convenient way to identify yourself. But bottom line, the Foundation needs to see through OpenID becoming a strong and recognizable consumer brand.

To do this, we need to:

1) I believe that we must make OpenID more usable, but I also believe we must enhance the value of having an OpenID in the first place. Single sign-on is not enough. Facebook Connect demonstrates real value for both relying parties and for Facebook account owners; OpenID must mean more to people than one less password — it has to be seen as a vehicle leading to the socialization of the web in a way that’s meaningful, durable, and that enhances individual choice — and therefore, freedom.

2) Over the past year, we have chalked up high level support from such companies, and though their support is invaluable, we must continue to increase our visibility and credibility by consistently becoming more inclusive, more diverse and more expansive in our reach. The OpenID community needs to organize itself as an ally to developers, designers, relying parties, businesses, governments, municipalities, and educational institutions, and move beyond the emphasis on large internet companies.

To make OpenID more usable and valuable:

a) To this end, I believe that the Foundation should commission an ongoing series of general user studies on trends in online identity management and conduct surveys on OpenID brand awareness, OpenID usability, virtual identity internalization, and online social behavior. The Foundation should endeavor to become an authoritative source of knowledge, understanding and best practices for creating identity solutions for people on the social web.

b) Personally, I would like to improve the state of the OpenID web site and use of social media. I’ve done quite a bit of work marshalling communities with social software and am happy to take on such responsibilities.

c) I also believe that further progress must be made to harmonize OpenID and OAuth, and that the work that Google has spearheaded in this regard is critical.

d) I would like to centralize the OpenID libraries, either on Google Code or GitHUB, and through the existing bounty program, incentivize the development of optmized language-specific libraries, as we have done with the OAuth community. This effort would be incomplete without the development of a test suite and series of test servers against which various libraries and implementations could be tested.

To help expand scope, reach, visibility of OpenID:

a) To do this, we must develop 21st century trademark guidelines, as Mozilla has, that enable us to maintain the integrity of the name and the mark, while also supporting widespread publishing and promotion of the mark, through non-commercial grassroots communities and networks, just like the Firefox brand. As a former community admin of the Spread Firefox project, I can confidently lend my experience here.

c) There is a need for more decentralized *camp-style events that promote solutions built on Open Stack technologies like OpenID, and we need to increase our presense and marketing materials at popular trade events both within and beyond the web community. I have proposed to O’Reilly a full day of workshops at the upcoming Web 2.0 Expo event in San Francisco and have initiated a conversation with Wired to develop a series of tutorials for their Webmonkey How-to wiki. We need to move beyond web-based outreach and marketing and start encouraging involvement in OpenID from folks in the real world.

d) Along with improving OpenID in desktop contexts and mobile devices, I think that OpenID can become useful in console gaming situations, just as people have become used to the idea of Wii Codes and Xbox gamertags (why aren’t those OpenIDs?!).

OpenID is at a critical juncture, and with the right people involved, the OpenID Foundation and its supporters will usher in the future of the free and open social web. Recent conversations have convinced me that the role of the boardmember brings with it a certain visibility, responsibility, and an opportunity to lead from within that would provide me with a platform to be more effective and to realize my aspirations for OpenID more quickly. I am also impressed by the caliber of individuals running for the board (though I would have preferred to see a more diverse pool of candidates, since OpenID isn’t only used by male internet users). And to put my candidacy in context, I want to make it clear that I will continue to advocate for and advance the cause of OpenID whether or not I am selected to the board.

Nominations close on Monday and I need at least two seconds to be eligible to be voted on. Voting begins on Dec 10 and ends Dec 24, with the results of the election being announced by Dec 31.

In order to vote in the election, you’ll need an OpenID and membership in the OpenID Foundation (which will run you $25). But if you really need a reason to spend $25 and vote for me, here it is:

Now, this is a story all about how My life got flipped-turned upside down. And I liked to take a minute Just sit right there, I’ll tell you how I became the prince of a town called Bel Air. In west Philadelphia — born and raised. On the playground was where I spent most of my days Chillin’ out, maxin’, relaxin’, all cool and all shootin some b-ball outside of the school, when a couple of guys who were up to no good startin making trouble in my neighborhood. I got in one little fight and my mom got scared She said ‘You’re movin’ with your auntie and uncle in Bel Air’.

I begged and pleaded with her day after day, but she packed my suitcase and sent me on my way. She gave me a kiss and then she gave me my ticket. I put my walkman on and said, ‘I might as well kick it’. First class, (yo this is bad), drinking orange juice out of a champagne glass. Is this what the people of Bel-Air living like? Hmmmmm this might be alright. But wait I hear they’re prissy, wine all that. Is Bel-Air the type of place they send this cool cat? I don’t think so I’ll see when I get there I hope they’re prepared for the prince of Bel-Air.

Well, the plane landed and when I came out there was a dude who looked like a cop standing there with my name out. I ain’t trying to get arrested, I just got here! I sprang with the quickness like lightning, disappeared! I whistled for a cab and when it came near, the license plate said fresh and it had dice in the mirror. If anything, I can say this cab is rare! But I thought ‘Nah forget it’ – ‘Yo homes to Bel Air!’ I pulled up to the house about 7 or 8 And I yelled to the cabbie ‘Yo homes smell ya later’ I looked at my kingdom I was finally there to sit on my throne as the Prince of Bel Air.