Tag Archives: Yahoo

Google Becomes OpenID Provider; Plaxo and Zoho Among First Live Sites

Plaxo Signin Screen

What a week for OpenID and the opening up of the Social Web! Following Monday’s big announcement of Microsoft about to become an OpenID provider, today Google announced that it has actually become one (for real), with several sites are already live, accepting Google account credentials for signup and sign in, including Plaxo and Zoho. Google’s rollout is a very big deal for OpenID. Why? 

Like many promising technologies, OpenID has long suffered from the “chicken and egg” problem. Why should any site wrestle with the complexities of becoming a “relying party” (a site that accepts OpenID) if very few mainstream users have an OpenID and know how to use it? And, conversely, if there are very few relying parties out there, why should a mainstream Internet player, such as Google or Microsoft, rush to become a Provider?

The lineup of current (or soon to launch) OpenID Providers now includes, Google, Yahoo, AOL, Microsoft, and MySpace. And we should be able to demonstrate in the coming weeks that second-generation implementations, like what Google is launching with today (and extending soon with Portable Contacts), actually reduce the friction for onboarding new users. The result should be a massive adoption wave for OpenID all over the web. If your competitor’s OpenID-based onboarding of new users has a much smaller dropoff rate than yours, you will find yourself wanting to come up to speed quickly on how to become a relying party, too.

One of the coolest things in the official blogpost for the announcement is what is coming down the pike:

Google is also working with the open source community on ways to combine the OAuth and OpenID protocol so a website can not only request the user’s identity and e-mail address, but can at the same time request access to information available via OAuth-enabled APIs such as Google Data APIs as well as standard data formats such as Portable Contacts and OpenSocial REST APIs. In the future, this should allow a website to immediately provide a much more streamlined, personalized and socially relevant experience for users when they log in to trusted websites.

This combined “Open Stack” approach will fix so much of what is currently broken.

The New "Open Stack"

Today, every time you go to use a new website, you have to give the site your email address and choose a password; you have to upload a photo and fill out the same profile info you’ve done dozens of times before; and, you’ll probably be encouraged to import your address book and invite your friends. The new Open Stack approach can take almost all of the friction out of that process. OpenID lets you signup with existing credentials. XRDS-simple lets the site discover where you keep your data. OAuth allows you to grant restricted access to just that data (without handing over the full keys to your account). And Portable Contacts standardizes how the site can pull in the people data that you want to share, including data from your profile, your friends list, and your address book. And that can all be done in a couple of clicks, with you in control.

These are exciting times, indeed. Congrats to the Google team! 

As has become the standard for just about any “open” launch, Plaxo is among the first live, with Joseph Smarr coding away feverishly in the night. Here’s his post on the launch at the official Plaxo blog. Joseph is also quoted in the Google blogpost:

Joseph Smarr, Chief Platform Architect at Plaxo says, “It’s great to see Google become an Open ID provider in addition to supporting OAuth, which we already use. We are thrilled to be among the first sites to allow users to login with their Google Accounts. This is going to be great for users, Plaxo and the web.”

Tagged , , , , ,

Breaking News: Microsoft Becomes OpenID Provider

In a blogpost that just went live, Microsoft announced that they are ready to roll on the OpenID front, becoming a provider:

Beginning today, Windows Live™ ID is publicly committing to support the OpenID digital identity framework with the announcement of the public availability of a Community Technology Preview (CTP) of the Windows Live ID OpenID Provider. You will soon be able to use your Windows Live ID account to sign in to any OpenID Web site!

This is a Big Deal for opening up the Social Web. Microsoft is joining other large providers, including Yahoo and AOL. And more are on the way, based on who attended the OpenID UX Summit last week (and what they said and demoed there). Even the New York Times is talking about it.

If it hasn’t been clear yet, it should become clear soon that we will exit 2008 with OpenID having moved from “promising” to a vital part of the mainstream Internet experience.

Oh, and be sure to check out Dare Obasanjo’s post on the news, that includes a link to a screencast from Angus Logan. (Dare and Angus are both great “open” advocates within Microsoft.) Congrats, guys! Always great to see the open champions succeed in steering the strategies of the biggest of companies. Oh, and clearly props should go to Mike Jones, who was a key champion of OpenID at Microsoft, as I am reminded by Scott Kveton in the post over at ReadWriteWeb:

“It’s a big deal for OpenID because we’re seeing Microsoft ship code,” said Scott Kveton, chair of the OpenID Foundation. “This is Microsoft putting their money where their mouth is. And it’s due in no small part to Mike Jones, who has been working diligently to promote OpenID within Microsoft. I’m enormously excited to see this happening.

TechCrunch now has a piece up with additional coverage

Tagged , , ,

Announcing Episode 15: “On Location at Yahoo!”

We’ve just posted this week’s episode of The Social Web TV, “On location at Yahoo!” I chat with special guest, Allen Tom, Architect, Yahoo! Membership, about last week’s Y!OS rollout and this week’s historic OpenID/OAuth UX Summit.

And, in case you missed it, I did a guest post on the topic at TechCrunchIT, entitled, Facebook Connect and OpenID Relationship Status: “It’s Complicated”.

Oh, and Dare Obasanjo wrote a response to my post, entitled Some Thoughts on OpenID vs. Facebook Connect

Tagged , , , , , , , ,

Live Blogging the OpenID/OAuth UX Summit

From the OpenID/OAuth UX Summit

I’m at Yahoo for the OpenID/OAuth UX Summit. The room is packed with 40 or so folks. Companies with representation include Yahoo, Google, Microsoft, Facebook, MySpace, Plaxo, AOL, SixApart, JanRain, Vidoop, Chi.mp, and Magnolia, and projects including Internet2 and DiSo. The Summit is a response to recent usability studies by Yahoo and Google that show the current state-of-affairs with OpenID and OAuth is quite poor, and we need together to find a user experience for the “open stack” that works for consumers.

I’ll be sharing observations over the course of the day.

First up: Facebook’s Julie Zhuo, sharing experience from Facebook Connect. Idea originated in 2006 with the Facebook API. Initial version didn’t have any flow back to Facebook. Clunkiness of UI. One question for the Facebook Connect UI: How much text is really needed? Showing evolution of the UI to address the fundamental question, “What is Facebook Connect?” Final version includes user’s profile photo (if user is logged in), and thumbnails for both Facebook and the site user wants to connect.

From the OpenID/OAuth UX Summit

Good discussion about what usability revealed, about informed consent and user confusion, and about whether this passes EU privacy laws. (Answer: yes.) Facebook research showed that users had little or no understanding or savvy about phishing and URLs.

By the way, I have to say it — great to see not only is Facebook attending this “open stack” summit, but that they’ve got four people here (including Dave Morin, Josh Elman, and Mike Vernal) and leading the opening session! That’s awesome.

From the OpenID/OAuth UX Summit

Now talking about the Connect Button. First version had tagline “Bring your friends,” but users didn’t know it was a button. Second version said “Register.” Third version said “Connect” and experimented with the user’s profile photo on the button. Final version is just the Facebook “f” and “Connect” or “Connect with Facebook”.

Discussing logout options: unified, per-site, hybrid. Unified is secure, but unintuitive. Per-site is intuitive, but not necessarily secure. Chose unified out of security. Question for the future, if Facebook Connect takes off, may be strange to log out from one site and be instantly logged out of Facebook and all other Connect sites. A good laugh, as Joseph Smarr suggests a slightly more complex alternative. Julie says, “But then you’d make the user have to think.” Joseph’s aside, “That’s spoken like a true mainstream consumer site.” Incredibly active session. Key takeways slide: streamlined login is important. Explain what is going on. Err on the side of security. Flexibility is important.

Next up: Max Engel of MySpace. “The Hybrid Login: OpenID and OAuth.” MySpace will support OpenID, OAuth, and a hybrid of the two. Will use a pop-up iframe. Allows the user to stay in context. Max is showing screens of the experience they are planning. Every MySpace user has a vanity URL, which will be their OpenID. Still trying to figure out whether to support logging with just “MySpace.com”. Key design elements will be similar to Facebook Connect.

Data types: content, address book, registration, profile, friends, activity. Big laugh as Max shows the original OAuth screen, that has so much fine print that it looks like it was designed by a lawyer! Lots of discussion about whether email address should be passed to the site. Why it matters: not just for communicating, but also to avoid duplicate account problem Plaxo has experienced as an OpenID Relying Party and Yahoo OpenID. Chris Messina advancing the idea of email address as OpenID, something under consideration for OpenID 2.1.

Max revisiting that MySpace Data Availability originally was to have zero cacheability of the data, which was not going to fly with anyone. Now planning a “portable profile” plus some cacheable MySpace-specific data. Allen Tom of Yahoo raises the point that the “cacheable” data is all on public pages already, so why not just mark it up with microformats and remove the caching restriction. “If Relying Parties don’t get the data they need, OpenID only creates complexity.” Max just mentioned Portable Contacts in his presentation. Drink!

So many tough questions about complexity and confusion vs. simplicity but lack of clear, informed consent. Good discussion about whether participating sites can use the profile data they pull in to do targeting (including ad targeting). Facebook team says that they allow the site to use the data for targeting on the site, but not to redistribute the data (to an ad network, for example). Makes sense.

Max says that the sell to major websites is much stronger for combination of OpenID, OAuth, XRDS-Simple, Portable Contacts, and OpenSocial. Question from the back of the room, “What do you call all of that?” Answer popping up from Max, Joseph, Chris Messina, and me, “The ‘Open Stack’!”

Rising chorus for coming together to develop a common UI spec for OpenID. A call for five volunteers. Hands raised include Chris Messina (Vidoop), Joseph Smarr (Plaxo), Eric Sachs (Google), Max Engel (MySpace), and, drumroll, Julie Zhuo (Facebook). That’s great!

LUNCH BREAK

Next up: Allen Tom of Yahoo. Over 300 million users have an OpenID from Yahoo. Question shouted, “How many have used it?” Answer: “It has exceeded our expectations.” ;) But, yes, we’re all here because we know we need to improve the user exerience.

Launched BBAuth in 2006. Showing “Find Friends” on Facebook and LinkedIn, using BBAuth. BBAuth and OAuth is to grant long-lived credentials to third-party sites. “Cannot allow weaker credentials to be used to mint stronger credentials.” Talking about various security considerations. Login screen must never be framed. Anti-phishing sign-in seal must always be displayed.

Allen now showing the “scary screen” which users are shown to approve access via BBAuth. *Lots* of small print legaleze. “Based on the feedback on BBAuth, we changed our approach on OAuth, which is what we’ll be using going forward.” Now, been spending a lot of time looking at and talking through the OAuth permissions screen.

Allen now showing and talking about Yahoo’s implementation of OpenID. It is *much* improved over the version they went out the door with (shrinking 14 steps to two). Allen shares that “machine-generated” OpenID URLs have proven *way* more popular than user-selected. Surprised reactions.

Talking now about Plaxo’s experience as an OpenID Relying Party. The business rationale, the philosophical view, and the admission that OpenID experience is not yet today a clear net positive to the key metrics. But Plaxo remains optimistic that the situation can improve dramatically with what’s being discussed here today.

Next up, Magnolia’s Larry Halfft. They’ve used OpenID as a key part of their strategy to reduce spam accounts and have been generally pleased with the results.

Now, Eric Sachs of Google, who just showed what I think is the first public demo of Google as an OpenID Provider. Giving context: SaaS vendors get asked to be a SAML RP for enterprise IDPs. In parallel, Google Checkout folks had questions/issues with login. Giving examples of login on Buy.com and Amazon.com, as an inspiration for a new/better? login experience for OpenID/OAuth. Now the challenge of desktop apps and OAuth. Seems like “No, help me sign in” is the key verbiage of this new “LSO” login model Eric is advocating. Now Google Accounts vs. accounts for Google AppsForYourDomain. Downside to this LSO login approach is that it does not work well for IDPs who are not email providers.

Lots of good-natured joking as we try to do a demo, that requires a Windows computer with .Net and IE as the default browser. Not easy to find in this crowd!

It’s 3:00pm. We’ve now finished the formal agenda and are discussing how folks would like to organize the last two hours.

It’s almost 4:00pm. Joseph Smarr of Plaxo is demoing the “Open Stack” end-to-end stuff that was developed by JanRain for the Portable Contacts Summit. OpenID, OAuth, XRDS-Simple, and Portable Contacts working together to enable simple and secure sign-up with access to user’s profile and address book. Good discussion underway. Joseph now explaining XRDS-Simple and answering a lot of questions.

Joseph Smarr demoing the "Open Stack"

Chris Messina now leading a discussion about the proposal to extend the OpenID spec to allow email addresses as OpenIDs. Mike Jones of Microsoft asserts this creates a major security vulnerability. Discussion underway.

Some discussion of how to handle if the Provider site is down. Mike Vernal of Facebook responding to that question vis-a-vis Facebook Connect. Good response.

5:15. That’s a wrap. What a great day. The UX working group got a bit larger at the end, which is good. Eager to see what they come up with!

Tagged , , , , , , ,

APIs Popping Up All Over (Thanks to Mashery)

The latest episode of The Social Web TV has just been released, hosted by Chris Messina and me, and with special guest Clay Loveless, Mashery’s chief architect. Mashery is the company powering new APIs from the New York Times, Netflix, Best Buy, and MTV, among others. The fact that a company can make a good business out of building and supporting APIs for mainstream companies is another good sign that the Social Web is opening up, big time.

Head on over to The Social Web TV to watch and get the supporting links, or click on the embed below:

Tagged , , , , , , , , , , ,

A Big Day for the Open Stack: Y!OS Launches

"We're Open at Yahoo!"

Congratulations to the team at Yahoo! Today, they rolled out the first phase of Y!OS, the bold strategy to transform the Internet’s top destination into a social hub that richly interacts with the web at large. Great coverage at TechCrunch and CNET. I won’t wade in with a product review just yet, as I haven’t had a chance to deeply interact with all the new features or trick out my profile. I will try to give a little bit of context to this historic moment, one that Yahoo marked with a gigantic banner decked out with logos of the most important open building blocks, including OpenSocial, OpenID, and OAuth. Alas, we haven’t yet picked a logo for Portable Contacts. ;^(

What we’re seeing here is a major proof point that we are, as I have predicted, about to ride one of Silicon Valley’s “big waves” — those major disruptive changes that open not just new markets, but whole new business ecosystems. Those wave come once every 15 years or so (PCs in the late ’70′s and the Web in ’93, exactly 15 years ago). This big wave is the “Social Web,” and it will change the Internet as we know it, bringing the missing “people layer” to everything. And we’re all building it on a common “open stack”:

The New "Open Stack" for the Social Web

The Open Stack was a major topic of discussion at FOWA in London last week, with sessions and talks on it by David Recordon and Chris Messina, and a pointed question about why Facebook has not embraced it directed to Mark Zuckerberg in the “fireside chat.’

For a good overview of Y!OS, check out Cody Simms of Yahoo as a special guest recently on The Social Web TV:

And don’t miss Dare Obasanjo’s “The New Yahoo! Profile and Doing Data Portability the Right Way.”

Oh, yeah, and one last pic. Joseph Smarr and I were so proud and excited to see this day, that we had to dash over and take our picture with the gigantic “open” banner!

Joseph Smarr and John McCrea at the Y!OS Giant Banner

Tagged , , ,

Joseph Smarr at Web 2.0 on the New “Open Stack”

Joseph Smarr, Plaxo’s chief platform architect, and de facto leader of the Portable Contacts initiative, gave a talk today at the Web 2.0 conference in New York. Entitled “Tying it all together; Implementing the Open Web,” it was a rallying cry for developers to jump in and get working on the new “open stack” of OpenID, OAuth, OpenSocial, XRDS-Simple, and Portable Contacts. See converage from attendees Kris Jordan and Steve Kuhn (who quips about Joseph, “Dude talks fast”)!

Joseph asserted that the industry has now come together around a common vision for the future of the Social Web — a vision that abandons the walled garden model in favor of a new services layer that interconnects social hubs with the rest of the web. The service layer is comprised of Identity Providers, Social Graph Providers, and Content Aggregators:

A Common Vision for the Future of the Social Web

And, indeed, that is the vision behind the strategies we see from Google (with Friend Connect; which launched for real today), Plaxo (with Pulse), MySpace (with Data Availability), Yahoo (with Y!OS), and, yes, even Facebook, too (with Connect).

Joseph goes on to observe that there are two pathways to that vision, one built on Facebook’s proprietary stack and the pathway chosen by MySpace, Google, Yahoo, Plaxo, and many others, built on the new open stack:

The New "Open Stack" for the Social Web

Tagged , , , , , , , , , , ,

Thanks, SGI, for the Gift of OpenGL!

I am so pleased to see SGI in a good news story today, after all the years of decline and sadness. Apparently there’s been a problem brewing with the license under which SGI was making OpenGL available, as in it was a license that was “accepted by neither the Free Software Foundation (FSF) nor the Open Source Initiative,” according to Bruse Byfield of Linux.com. The problem has now been resolved through a new license. Details can be found in a press release from SGI. The new license was applauded by both the Free Software Foundation (FSF) and the Khronos Group, an organization developing royalty free standards around OpenGL.

I’ve been thinking about OpenGL recently, as it helped introduce me to open standards, years ago when I worked at SGI. Back in late 1995, after I persuaded SGI to become the first licensee of Java, I tried (and failed) to convince Sun to follow SGI’s lead to make Java a truly open standard, rather than a Sun proprietary thing, with heavy licensing.

Now, as we work to solidify and gain traction for a “new open stack” for the emerging Social Web, I continue to be inspired by the bold idea behind turning SGI’s proprietary “GL” (Graphic Library) and into OpenGL.

The new open stack is comprised of OpenID, OAuth, OpenSocial, XRDS-Simple, and Portable Contacts. Projects as diverse as MySpace Data Availability, Y!OS, Google Friend Connect, and Plaxo Pulse now share a common vision (of an open interoperable Social Web) and are being built out on this common set of open spec building blocks. Each company can innovate faster by not having to waste development resources on creating one-off proprietary APIs. Each company can see more rapid uptake by developers, since those developers can write once and have there code work in more places. And each company can be part of the virtuous cycle of acceleration by contributing code to the open stack.

Exciting times!

The New "Open Stack" for the Social Web

Tagged , , , , , , , , , , ,

Yahoo’s “Y!OS”: Strong Proof the Web is Going Social — and Open!

Some really big news came and went last week, with relatively little attention paid to it by the mainstream media. Yahoo, the top Internet site in a major battle to regain it’s “mojo,” unveiled the details of “Y!OS” (Yahoo Open Strategy), a truly bold move that completely re-defines the notion of a portal. [See also nice coverage on Mashable by Rob Diana.]

Just as the “open” wave is transforming social network from walled gardens into aggregation hubs for connecting with the rest of the Web, Y!OS will transform Yahoo from a traditional portal into something entirely new. They’re doing it all by building on top of open spec building blocks, including OpenID, OAuth, and OpenSocial. And they’re not just taking these blocks off the shelf; they’re also giving back, contributing their own innovations in the spirit of let’s-all-work-together to keep the web open.

To learn more about Y!OS, we invited Cody Simms, Sr. Director of Product Management from Yahoo on to our weekly Internet TV show, The Social Web TV. Cody is a really dynamic guy; I think you’ll agree this is a great episode!

Tagged , , , , , , ,

Live Blogging from the Portable Contacts Summit

The much-anticipated Portable Contacts Summit has kicked off, with folks from companies large and small and representatives of various open-spec communities. Joseph Smarr of Plaxo is leading the opening session and is going through a bunch of demos of working code.

Some quotes:

“The Portable Contacts train has left the station, and it’s a bullet train.”

“I’ve got more demos than I have Firefox tabs.”

“One good pipe deserves another.”

Joseph is demoing the power of having technical alignment between Portable Contacts and OpenSocial RESTFul APIs. What that means is that any site that is OpenSocial compliant will be Portable Contacts compliant — without having to do any additional work!

Folks in attendance include people who work at Google, Microsoft, Yahoo!, MySpace, Facebook, Hi5, Plaxo, Six Apart, Seesmic, JanRain, Skydeck, ShopIt, Current.TV, Interscope Records, and more. Today’s event is hosted by MySpace.

12:00 Joseph demoing interop between Plaxo and MySpace.
12:05 Now a demo of JanRain’s myOpenID with support for Portable Contacts
12:07 Now on to Google, another instance of compliance via OpenSocial RESTful APIs
12:08 iGoogle, GMail, and Orkut (all leveraging the same backend)
12:09 Brian Ellin of JanRain about to do a demo of an end-user application
12:11 Brain implemented Portable Contacts last night in Ruby

lunch break

1:00 About to resume. Saw amazing discussions over lunch. I won’t name names, but some would be shocked by the various pairings of competitors breaking bread together
1:15 Joseph leading a deep dive on the spec. Lots of questions, discussion.
1:30 Lots of great questions and discussion about OAuth and XRDS-Simple
3:00 Wow! Just barely made it all the way through the spec. Impressive. Everyone is fried.
3:30 Unconference phase now, but really informal; organically forming conversation circles.
4:15 About to do the next steps and wrap up

Kevin Marks, of Google, is doing a nice job live tweeting the event. He’s @kevinmarks on Twitter.

UPDATE:

Great posts from the team at ShopIt and from data portability maven Daniela Barbosa.

And another fine post from the godfather of open, Marc Canter.

Here are a few photos so far:

Spec-compliant name tag

Joseph Smarr kicks off the Summit

Around the room

Brian from JanRain

Brian of JanRain and Joseph of Plaxo

Portable Contacts deep dive

Tagged , , , , , , ,
Follow

Get every new post delivered to your Inbox.

Join 29 other followers

%d bloggers like this: