Tag Archives: Plaxo

Yahoo and AOL Enhancing OpenID with Data Portability via the “Simple Registration” Extension

As many of my readers know, the user experience (UX) for OpenID has been a source of confusion and an impediment to broader adoption. That gave rise to an OpenID UX Summit a few weeks ago, hosted by Yahoo and attended by Google, Microsoft, MySpace, AOL, Plaxo, Facebook and many others. It also was a major focus of sessions and late-night discussion at last week’s Internet Identity Workshop. Today, we get to see some of the fruits of those efforts, as Yahoo rolls out (in a limited test) a new implementation of OpenID, currently live with just two test sites, Plaxo and Jyte; and AOL releases preview support for data portability via SREG.

Yahoo’s post describes the details:

Today, we are announcing the start of a limited test of the Simple Registration extension for the Yahoo! OpenID service. The Simple Registration extension allows OpenID RPs to request user profile data from the OpenID provider. Yahoo! will be providing Yahoo! OpenID users the ability to share the following Simple Registration fields for this initial test: Full Name, Nick Name, Email Address, Gender, Language and Timezone. The Yahoo! OpenID user will have full control on whether to share their profile data with the OpenID relying party. We will use the Yahoo! Profiles API to populate the user card which will be presented on the Yahoo! OpenID Review and Confirm page.

Joseph Smarr of Plaxo also has a post on the matter, including screenshots of the improved onboarding flow. As Joseph points out, this is really something bigger than single sign-on; the key is that the identity can bring with it, at the user’s option, some of their social data. This is an important step forward for data portability:

I think we can continue to expect more and more data to flow across the OpenID link, which will make it increasingly valuable for Relying Parties like Plaxo, and should incentivize many more sites to become RPs themselves. It’s great to see this virtuous cycle in motion, and Plaxo is eager to work with any and all OpenID Providers who want to improve their UX and empower their users to use more of their data across the web!

So, if you don’t have a Plaxo account yet, you can sign up for one with your Yahoo OpenID. If you choose to share your basic account info, you’ll land on a registration form that is pre-populated with with almost every field you need to activate your account. You only need to add your birthday and your country. (In a future release, we hope to get those last two fields as well, so we can do away with the form entirely.) Oh, and the user’s language choice will come along, too, so we can drop them into the appropriate localized version of Plaxo. Sweet!

George Fletcher of AOL also has a post on the AOL and SREG, entitled “OAuth and SREG and MapQuest! Oh My!” I’m still trying to figure out where I can go see the AOL OpenID w/ SREG live. Any pointers, anyone?

It’s great to see the pace of innovation on the Open Stack begin to accelerate.

For more on Yahoo’s test release, we made it the primary topic of this week’s episode of The Social Web TV, complete with a “magical” demo. (We didn’t know about the AOL news when we shot!):

Tagged , , , , ,

Facebook, Microsoft and Data Portability

Michael Arrington has a great piece up on TechCrunch entitled “The Very Curious Microsoft-Facebook User Data Relationship“. In it, he shines a spotlight on a most curious thing — that Facebook has given Microsoft access to data on Facebook users that they have said they would not give to anyone, as it would violate users’ privacy. Specifically, he shows screenshots of an import of a Facebook friends list into Microsoft’s IM client, Messenger, in which the user ends up with the email addresses of all of the their friends (and can then connect with them or invite them to Messenger).

As you may recall, this was at the heart of the controversy now know as “Scoblegate,” in which Plaxo had created a Facebook importer that brought a user’s friends list, including email address over into the Plaxo address book. Aside from the interesting questions Michael Arrington raises, I would add this observation: It is great to see this functionality out there, live since March, without a single bit of controversy. That speaks to the utility of data portability. If social networking really is about real people and real relationships, it would be great if sharing information were real sharing of information, not tethered-sharing , which is essentially “social DRM”.

Also, really funny how the official blogpost from Microsoft directly references the Scoblegate incident! That is a head-scratcher!

Updates:

One, I’d love to hear Dare Obasanjo’s perspective on this. A refresher on his position on this issue as of last January.

Two, check out the comment on TechCrunch from Facebook’s privacy officer, Chris Kelly. While he corrects a few things, he does not deny that they are sharing email addresses with Microsoft.

Tagged , , , , , ,

Smarr and Engel on the Open Stack, Part Two

Here’s more from the Open Stack breakout at yesterday’s first birthday event for OpenSocial, led by Plaxo’s Joseph Smarr and MySpace’s Max Engel. Joseph demos all sorts of interoperability made possible by the combination of OpenID, XRDS-Simple, OAuth, Portable Contacts, and OpenSocial.

And here’s Part One, in case you missed it.

Tagged , , , , ,

OpenSocial Birthday, Open Stack and the Smarr and Engel Show

The first of my videos from today’s anniversary event for OpenSocial is now up. The following segment was recorded late in the day at a breakout session led by Plaxo’s Joseph Smarr and MySpace’s Max Engel. Joseph and Max did a great tag-team discussion on the new “Open Stack” and how it can take us beyond the widget phase of social apps to the emerging world of the Social Web. The videos include several live demos that string together open spec building blocks, inlcuding OpenID, OAuth, Portable Contacts, XRDS-Simple, and the OpenSocial RESTful APIs.

I was so impressed with Joseph and Max, that I really want to encourage them to work up a longer tutorial session that we can share with the world via video. If you have interest in how the Open Stack will bring about the open Social Web, you’ll definitely enjoy the following two clips. (Clip two to follow once it’s encoded on Viddler.)


Part I

Tagged , , , , , , , , ,

From the OpenSocial First Birthday Event

I’m in San Francisco at the OpenSocial First Birthday event, hosted by MySpace. I’m capturing video a, which I hope to upload later today or tonight. In the meantime, I’ll share photos along the way. Looks like there are a couple hundred folks here.

In just over a year, OpenSocial has achieved a reach of over 600 million potential users. There have been over 300 million app installs. And sites like MySpace and Hi5 are signing the praises of this new platform, and along with many others, contributing to make it more robust.

Part of the crowd for the OpenSocial Birthday event
The Audience Awaits

David Glazer of Google presenting
Google’s David Glazer Reviews an Amazing First Year

Lane LiaBraaten of Google on the Community
Lane LiaBraaten of Google Talks about the Community

Joseph Smarr of Plaxo was just introduced, as a slide that many have come to love is being projected on the big screen. It’s the “new open stack” slide, that shows OpenSocial as part of a larger open ecosystem, together with OpenID, OAuth, Portable Contacts, and XRDS-Simple.

A New Open Stack is Emerging
A New Open Stack is Emerging

Joseph Smarr of Plaxo, now on the OpenSocial Board
Joseph Smarr of Plaxo Talks about Where We Go from Here

Okay. All for now. More later!

Tagged , , , , , ,

Harnessing the “People Power” of Social Media

On this week’s show, Joseph Smarr and I discuss the significance of how Obama’s team harnessed the “people power” of social media. The stuff we’re all working on to open up the Social Web is not just about socializing, but is also about fundamental changes in society that social media can facilitate.

The episode is also up over at The Social Web TV.

Tagged , , , , , , , ,

Live-Blogging Joseph Smarr’s Talk at the Widget Summit

WidgetSummit08 Cover Slide

I’m up in San Francisco for the Widget Summit, live-blogging a talk by Plaxo’s Joseph Smarr, entitled “The Widgets Shall Inherit the Web.” You can download the Powerpoint here. (Joseph will also upload to SlideShare later.) Talk is starting now..

“There’s a fundamental transition going on, as fundamental as the birth of the Web. The Web is going social, and the Social Web is going open.”

Widget authors: you’re ahead of your time! Widgets thrive in an environment with users, data, social graph, and activity. But, widget have had to live where the data is, inside existing social networks. But soon, the data will come to you, thanks to the “Open Stack”. Widgets are about to be turbocharged “by several orders of magnitude”

Lots of social sites.

Lots of open “building blocks” (OpenID, OpenSocial, OAuth…)

How do the pieces fit together? And what will the Social Web look like?

The social web is broken today. On each site, we have to do the same dance. Create account, enter profile data, upload photo, etc. Currently, social apps have limited options.

New building blocks establish who I am, who I know, and what’s going on

Joseph Smarr at Widget Summit

Who I am. Create a portable, durable online identity. Key technology: OpenID. Key standard gaining real traction and momentum. Showing the Plaxo sign-up page with support for OpenID, including special support for Yahoo OpenID and Google OpenID. Showing JanRain’s MyOpenID with pre-fill of info during onboarding. Faster registration, fewer lost passwords. Good for Plaxo, good for user, and good for Identity Provider. Joseph listing off the major providers: Yahoo, Microsoft, Google, AOL, and (soon) MySpace. “Now is the time to get on board.” “Registration flows historically have high dropoff rates.

Joseph now talking about rel=me (XFN) microformat…

Showing “me on the web,” the trace of publicly-asserted linkages between his blog, and his profile on lots of different services, traced via Google’s social graph API. Showing how is Plaxo you can use that data to lower the friction for letting a user declare the sites they use so they can easily set up feeds. And the loop continues; Plaxo public profile pages can include “you on the web” and it’s marked up in microformats, consumable on other websites.

Now showing the same stuff for a personal blog. Example is David Recordon of SixApart.

Who I know

Tap into the real relationships via Contact APIs from existing address books, typically webmail. Scraping has been the norm, but clearly not good from a security standpoint. Now there are real Contacts APIs from Yahoo, Microsoft, and Google, and that’s great.

Of course, that data is not public, so you need a way to grant access to it securely, which brings us to OAuth. “How do I let users grant access to their data without giving up their passwords to third-parties?” Each of the big players created their own unique, proprietary auth technology, which led to a lot of developer pain. So the big players are now shifting over to OAuth, an open spec approach to the problem. But one-time import is not as good as continuous discovery, which brings us to the concept of friends-list portability.

Showing nice integration between Flickr and Google. “If you haven’t done it, check out import on Flickr. You’ll be surprised.” Now on to Dopplr.

What’s going on

The last piece is the rich context of what the people you know are doing online. Now to OpenSocial, that let’s you build social apps that can run (almost) anywhere. Showing the original integration on Plaxo. “What’s really cool is the sharing of the activity stream into the feed.” “OpenSocial has gone mainstream, big time.” Showing graph of number of users (reaching to something like 500 million, I think.)

Now RSS/Atom. “Syndicate your activity”. Giving example of recent Netflix API which has Atom feeds of Netflix ratings, protected behind OAuth, which Joseph integrated in Plaxo. Now Jabber/XMPP for “real-time update stream between sites”. Example: Twitter integration in Plaxo.

“If you’re a big site, folks might do a custom integration, but if you’re a small site, be on the lookout for open standards that you can draft off of.”

Joseph Smarr at Widget Summit

Now, to pull it all together.

The user is at the center. Then all around, socially-aware sites of the Web. In the middle? A new services layer, with Identity Providers; Social Graph Providers; and Content Aggregators. (My editorial add: Some companies may focus on one or two of the layers, but the brass ring is the triple play.) Joseph now saying his version of that, and pointing out what Facebook, Yahoo, and others are up.

Now, a day in the life of the Social Web

Using me as an example, checking out a microbrew enthusiast site. I use my OpenID to onboard. I write a review, and it flows to my aggregator of choice. Joseph discovers it and joins the site to. All part of a “virtuous cycle.” This is just like the virtuous cycle that gave birth to the Web. More sites lead to more people downloading a browser, which leads to more people making websites. Repeat. It’s the same now, but to make it happen, the data must be able to flow. “Open” is the breakthrough.

Returning to “Who I know”…

“Something I glossed over.” How does friends-list portability actually work? Discovery via XRDS-Simple.

As with auth, all the big guys came up with their own Contacts APIs. Now, we’re moving to Portable Contacts. More info here.

“What’s cool is that we worked with the OpenSocial community to align Portable Contacts with the OpenSocial RESTful APIs, so you’ll get support for Portable Contacts for free from any site that is OpenSocial RESTful APIs.”

There’s now a clear vision, shared by Facebook Connect, MySpace Data Availability, Yahoo Y!OS, Google Friend Connect, and Plaxo Pulse: Identity Providers; Social Graph Providers; Content Aggregators.

“What’s even cooler? Almost everyone is building on the new Open Stack. And it’s not hard to imagine Facebook joining this movement, too.”

MostBuildingOnOpenStack

Tagged , , , , , , , , , , ,

Google Becomes OpenID Provider; Plaxo and Zoho Among First Live Sites

Plaxo Signin Screen

What a week for OpenID and the opening up of the Social Web! Following Monday’s big announcement of Microsoft about to become an OpenID provider, today Google announced that it has actually become one (for real), with several sites are already live, accepting Google account credentials for signup and sign in, including Plaxo and Zoho. Google’s rollout is a very big deal for OpenID. Why? 

Like many promising technologies, OpenID has long suffered from the “chicken and egg” problem. Why should any site wrestle with the complexities of becoming a “relying party” (a site that accepts OpenID) if very few mainstream users have an OpenID and know how to use it? And, conversely, if there are very few relying parties out there, why should a mainstream Internet player, such as Google or Microsoft, rush to become a Provider?

The lineup of current (or soon to launch) OpenID Providers now includes, Google, Yahoo, AOL, Microsoft, and MySpace. And we should be able to demonstrate in the coming weeks that second-generation implementations, like what Google is launching with today (and extending soon with Portable Contacts), actually reduce the friction for onboarding new users. The result should be a massive adoption wave for OpenID all over the web. If your competitor’s OpenID-based onboarding of new users has a much smaller dropoff rate than yours, you will find yourself wanting to come up to speed quickly on how to become a relying party, too.

One of the coolest things in the official blogpost for the announcement is what is coming down the pike:

Google is also working with the open source community on ways to combine the OAuth and OpenID protocol so a website can not only request the user’s identity and e-mail address, but can at the same time request access to information available via OAuth-enabled APIs such as Google Data APIs as well as standard data formats such as Portable Contacts and OpenSocial REST APIs. In the future, this should allow a website to immediately provide a much more streamlined, personalized and socially relevant experience for users when they log in to trusted websites.

This combined “Open Stack” approach will fix so much of what is currently broken.

The New "Open Stack"

Today, every time you go to use a new website, you have to give the site your email address and choose a password; you have to upload a photo and fill out the same profile info you’ve done dozens of times before; and, you’ll probably be encouraged to import your address book and invite your friends. The new Open Stack approach can take almost all of the friction out of that process. OpenID lets you signup with existing credentials. XRDS-simple lets the site discover where you keep your data. OAuth allows you to grant restricted access to just that data (without handing over the full keys to your account). And Portable Contacts standardizes how the site can pull in the people data that you want to share, including data from your profile, your friends list, and your address book. And that can all be done in a couple of clicks, with you in control.

These are exciting times, indeed. Congrats to the Google team! 

As has become the standard for just about any “open” launch, Plaxo is among the first live, with Joseph Smarr coding away feverishly in the night. Here’s his post on the launch at the official Plaxo blog. Joseph is also quoted in the Google blogpost:

Joseph Smarr, Chief Platform Architect at Plaxo says, “It’s great to see Google become an Open ID provider in addition to supporting OAuth, which we already use. We are thrilled to be among the first sites to allow users to login with their Google Accounts. This is going to be great for users, Plaxo and the web.”

Tagged , , , , ,

Live Blogging the OpenID/OAuth UX Summit

From the OpenID/OAuth UX Summit

I’m at Yahoo for the OpenID/OAuth UX Summit. The room is packed with 40 or so folks. Companies with representation include Yahoo, Google, Microsoft, Facebook, MySpace, Plaxo, AOL, SixApart, JanRain, Vidoop, Chi.mp, and Magnolia, and projects including Internet2 and DiSo. The Summit is a response to recent usability studies by Yahoo and Google that show the current state-of-affairs with OpenID and OAuth is quite poor, and we need together to find a user experience for the “open stack” that works for consumers.

I’ll be sharing observations over the course of the day.

First up: Facebook’s Julie Zhuo, sharing experience from Facebook Connect. Idea originated in 2006 with the Facebook API. Initial version didn’t have any flow back to Facebook. Clunkiness of UI. One question for the Facebook Connect UI: How much text is really needed? Showing evolution of the UI to address the fundamental question, “What is Facebook Connect?” Final version includes user’s profile photo (if user is logged in), and thumbnails for both Facebook and the site user wants to connect.

From the OpenID/OAuth UX Summit

Good discussion about what usability revealed, about informed consent and user confusion, and about whether this passes EU privacy laws. (Answer: yes.) Facebook research showed that users had little or no understanding or savvy about phishing and URLs.

By the way, I have to say it — great to see not only is Facebook attending this “open stack” summit, but that they’ve got four people here (including Dave Morin, Josh Elman, and Mike Vernal) and leading the opening session! That’s awesome.

From the OpenID/OAuth UX Summit

Now talking about the Connect Button. First version had tagline “Bring your friends,” but users didn’t know it was a button. Second version said “Register.” Third version said “Connect” and experimented with the user’s profile photo on the button. Final version is just the Facebook “f” and “Connect” or “Connect with Facebook”.

Discussing logout options: unified, per-site, hybrid. Unified is secure, but unintuitive. Per-site is intuitive, but not necessarily secure. Chose unified out of security. Question for the future, if Facebook Connect takes off, may be strange to log out from one site and be instantly logged out of Facebook and all other Connect sites. A good laugh, as Joseph Smarr suggests a slightly more complex alternative. Julie says, “But then you’d make the user have to think.” Joseph’s aside, “That’s spoken like a true mainstream consumer site.” Incredibly active session. Key takeways slide: streamlined login is important. Explain what is going on. Err on the side of security. Flexibility is important.

Next up: Max Engel of MySpace. “The Hybrid Login: OpenID and OAuth.” MySpace will support OpenID, OAuth, and a hybrid of the two. Will use a pop-up iframe. Allows the user to stay in context. Max is showing screens of the experience they are planning. Every MySpace user has a vanity URL, which will be their OpenID. Still trying to figure out whether to support logging with just “MySpace.com”. Key design elements will be similar to Facebook Connect.

Data types: content, address book, registration, profile, friends, activity. Big laugh as Max shows the original OAuth screen, that has so much fine print that it looks like it was designed by a lawyer! Lots of discussion about whether email address should be passed to the site. Why it matters: not just for communicating, but also to avoid duplicate account problem Plaxo has experienced as an OpenID Relying Party and Yahoo OpenID. Chris Messina advancing the idea of email address as OpenID, something under consideration for OpenID 2.1.

Max revisiting that MySpace Data Availability originally was to have zero cacheability of the data, which was not going to fly with anyone. Now planning a “portable profile” plus some cacheable MySpace-specific data. Allen Tom of Yahoo raises the point that the “cacheable” data is all on public pages already, so why not just mark it up with microformats and remove the caching restriction. “If Relying Parties don’t get the data they need, OpenID only creates complexity.” Max just mentioned Portable Contacts in his presentation. Drink!

So many tough questions about complexity and confusion vs. simplicity but lack of clear, informed consent. Good discussion about whether participating sites can use the profile data they pull in to do targeting (including ad targeting). Facebook team says that they allow the site to use the data for targeting on the site, but not to redistribute the data (to an ad network, for example). Makes sense.

Max says that the sell to major websites is much stronger for combination of OpenID, OAuth, XRDS-Simple, Portable Contacts, and OpenSocial. Question from the back of the room, “What do you call all of that?” Answer popping up from Max, Joseph, Chris Messina, and me, “The ‘Open Stack’!”

Rising chorus for coming together to develop a common UI spec for OpenID. A call for five volunteers. Hands raised include Chris Messina (Vidoop), Joseph Smarr (Plaxo), Eric Sachs (Google), Max Engel (MySpace), and, drumroll, Julie Zhuo (Facebook). That’s great!

LUNCH BREAK

Next up: Allen Tom of Yahoo. Over 300 million users have an OpenID from Yahoo. Question shouted, “How many have used it?” Answer: “It has exceeded our expectations.” 😉 But, yes, we’re all here because we know we need to improve the user exerience.

Launched BBAuth in 2006. Showing “Find Friends” on Facebook and LinkedIn, using BBAuth. BBAuth and OAuth is to grant long-lived credentials to third-party sites. “Cannot allow weaker credentials to be used to mint stronger credentials.” Talking about various security considerations. Login screen must never be framed. Anti-phishing sign-in seal must always be displayed.

Allen now showing the “scary screen” which users are shown to approve access via BBAuth. *Lots* of small print legaleze. “Based on the feedback on BBAuth, we changed our approach on OAuth, which is what we’ll be using going forward.” Now, been spending a lot of time looking at and talking through the OAuth permissions screen.

Allen now showing and talking about Yahoo’s implementation of OpenID. It is *much* improved over the version they went out the door with (shrinking 14 steps to two). Allen shares that “machine-generated” OpenID URLs have proven *way* more popular than user-selected. Surprised reactions.

Talking now about Plaxo’s experience as an OpenID Relying Party. The business rationale, the philosophical view, and the admission that OpenID experience is not yet today a clear net positive to the key metrics. But Plaxo remains optimistic that the situation can improve dramatically with what’s being discussed here today.

Next up, Magnolia’s Larry Halfft. They’ve used OpenID as a key part of their strategy to reduce spam accounts and have been generally pleased with the results.

Now, Eric Sachs of Google, who just showed what I think is the first public demo of Google as an OpenID Provider. Giving context: SaaS vendors get asked to be a SAML RP for enterprise IDPs. In parallel, Google Checkout folks had questions/issues with login. Giving examples of login on Buy.com and Amazon.com, as an inspiration for a new/better? login experience for OpenID/OAuth. Now the challenge of desktop apps and OAuth. Seems like “No, help me sign in” is the key verbiage of this new “LSO” login model Eric is advocating. Now Google Accounts vs. accounts for Google AppsForYourDomain. Downside to this LSO login approach is that it does not work well for IDPs who are not email providers.

Lots of good-natured joking as we try to do a demo, that requires a Windows computer with .Net and IE as the default browser. Not easy to find in this crowd!

It’s 3:00pm. We’ve now finished the formal agenda and are discussing how folks would like to organize the last two hours.

It’s almost 4:00pm. Joseph Smarr of Plaxo is demoing the “Open Stack” end-to-end stuff that was developed by JanRain for the Portable Contacts Summit. OpenID, OAuth, XRDS-Simple, and Portable Contacts working together to enable simple and secure sign-up with access to user’s profile and address book. Good discussion underway. Joseph now explaining XRDS-Simple and answering a lot of questions.

Joseph Smarr demoing the "Open Stack"

Chris Messina now leading a discussion about the proposal to extend the OpenID spec to allow email addresses as OpenIDs. Mike Jones of Microsoft asserts this creates a major security vulnerability. Discussion underway.

Some discussion of how to handle if the Provider site is down. Mike Vernal of Facebook responding to that question vis-a-vis Facebook Connect. Good response.

5:15. That’s a wrap. What a great day. The UX working group got a bit larger at the end, which is good. Eager to see what they come up with!

Tagged , , , , , , ,

Netflix: Welcoming a New API for the Social Web

Netflix Developer Network

Yesterday, I learned in a piece by Marshall Kirkpatrick at ReadWriteWeb that Netflix would be opening up an API today. According to Marshall:

the API will allow access to data for 100,000 movie and TV episode titles on DVD as well as Netflix account access on a user’s behalf.

So I checked this morning, and indeed the company has taken the password restriction off of a new Netflix Developer Network site.

This is a great move for Netflix, and it fits in a broader “opening up” trend, in which sites of all sites are making social mashups a central part of their strategies for growth. The Netflix API and site were developed by Mashery, a company that has been making some great moves lately. As covered by Brad Stone of the New York Times, Mashery was also behind the recently launched APIs for Best Buy and for MTV. Great to see the new API uses OAuth for secure access to the data!

Here’s the official blogpost from Netflix. It includes this great section on why they did it:

Why are we doing this? Because we have limited resources and we can only work on so many items at once. We hope that by opening up our APIs we will enable the creative desires of other developers to make a variety of wonderful applications. We expect to see different movie finding approaches, queue management tools, mobile phone applications, social network applications, the integration of Netflix information and capabilities into a variety of other applications, and more. And that, in the end, will further delight our members and other movie watchers in their quest to find and watch movies they’ll love.

Chatting with my colleague and co-host, Joseph Smarr, Plaxo’s chief platform architect, I asked him for his thoughts on the new API. He said, “This is a truly awesome API release. It shows that Netflix is genuinely committed to giving their users full control over their data, and doing it with open standards like OAuth and a familiar REST interface with JSON and ATOM output. Developers couldn’t ask for more, and I’m sure we’ll see incredible uses of this API popping up very soon. We’ll certainly be using it at Plaxo!”

Tagged , , ,
%d bloggers like this: