Web 2.0 Expo: Mashing Up With User-Centric Identity

(Reposted from my dev.aol.com blog):

PraveenAllavilli and I just finished our talk, "Mashing Up With User-CentricIdentity", at Web 2.0 Expo. The final presentation (which differssomewhat from the original version we sent to the conferenceorganizers) is available at http://johnpanzer.com/presos/MashWithIdentity.ppt.

People said it went well; I hope so. We think it's important to dealwith 'deputization' and user permissions and I hope we can get a widelyaccepted OpenID extension to do this as well. In the mean time, ourOpenAuth APIs show one way it can be done, and they enable some prettycool mash-ups.

At Web 2.0 Expo: Recordon and Ellis

Image from AOL Pictures

Implementing OpenID. With cat pictures too!


I am so proud of my alma mater...

Donkey Kong re-imagedusing 6,400 Post-It 'pixels' at UCSC.  Sweet.

APP Interop Final Score

The APPInterop event was a lot of fun.  Thanks everybody!  I saw a bunchof people who I've only talked to via email.  And a few I haven't seenin a long time... perhaps since the original Atom kick-off at Googlemany years ago. 

The final scorefor AOL Journals is 1-1.  If you want to continue testing againstour production endpoint, feel free to update the matrix:

service document: https://journals.aol.com/atomprotocol/service.xml
user: atomprotocol
password: password

I also got a chance to play with EC2 (thanks to M. David Peterson) inan attempt to get our latest server available for testing against.  Itwas tremendous fun to play with EC2 and I'd love to try using it for areal scalable application.  I did eventually get a server up longenough to verify our current bug fixes, but I didn't have time to fixthe date bug that James Snell found. 

I've now found 3 bugs in our date parsing code; it seems to be the mostfragile part of the parsing by far.  I'd love to see what test casesother people have for dates.  So far I know I need to add both UTC andvarious timezones, and now I know we need to round fractional seconds. (Does anybody but James send fractional seconds?)


At the Atom Interop Event

Image from AOL Pictures

In Mountain View.

AOL OpenAuth Launches!

Praveen just blogged aboutthe launch of AOL's OpenAuthentication service.  We'll be talking about this and more atWeb 2.0 Expo.  Why launch another authentication service when wealready support OpenID?  Because there are lots of cool things thatOpenID doesn't yet support.  I think that it really supportsuser-controlled consent and permissions, for example.  And Praveen isalready working within the OpenID community to add some of thesecapabilities as well.


Bee Colony Collapse Disorder and Cell Phones

Thisstory is popping up all over, apparently due to the possiblecorrelation with cell phone use.  It's funny that "four years leftbefore we all starve to death" doesn't get big headlines, but "cellphones might cause bee colonies to collapse" does... The graduate optimizationclass that my wife TAs at Stanford just finished their classproject.  It was to write code to optimize food production given thatyou need to allocate some land for natural bee colonies.  Apparently alot of the commercial bee colonies get trucked around to do their jobsfrom field to field, and bee colony collapse has been causing a lot ofproblems with this system.  Whatever the cause, decentralization of beeproduction seems like a good idea.


Talk @ Web 2.0 Expo: Mashing Up with User-Centric Identity

Praveen and I are going to tag-team in Mashing Up with User-Centric Identity,  at Web 2.0 Expo. It's about how to leverage user centric identity to combine services in a seamless way:
In a Web 2.0 world, users combine services from many providers. Havinga common identity across providers eliminates a barrier to entry andadopting a user-centric identity system puts the user in control of howtheir information is combined. This session is about the opportunitiesand issues involvedspecifically with adopting open protocols, the solutions they provide,and open issues that remain to be solved. These include userexperience, permission management, and mashup API authentication.
Unfortunately this conflicts with David Recordon's Implementing OpenID talk at the same time, which is likely to be really good and draw a similar crowd.  (Could we simulcast?)

Date: Wednesday, April 18
Time: 1:00pm - 1:50pm
Location: Room 2014, Web 2.0 Expo, San Francisco CA


Announcing 10100100101.com

I'm excited to announce that AOL has decided to leapfrog the competition and come out with the next generation blogging service, even more streamlined than Twitter. It's blogging pared down to its bare essentials. And it works great on mobile devices, RSS, and Atom feeds.

Here's how it works: You register your phone, and every 15 minutes, you get an SMS asking "How's it going? (0/1)". You send back 0 if you're feeling down, 1 if you're feeling good, and nothing if you're asleep. We call each of these a How's It Goin', or HIG. You can subscribe to your friends' HIGstreams and see how they're doing. And we're planning a visualization tool which maps the Buddy List connection matrix to a two dimensional projection showing how the emotional states of each buddy affects their neighbors:

Interestingly, having either too few or too many happy buddies makes a buddy sad. Further research is needed.

Authenticated RSS Feeds: Drosophilia of Delegation?

Jon Udell has noticed that authenticatedRSS feeds don't work very well.  It's a chicken and egg situation: There are few authenticated RSS/Atom feeds because there are few feedreaders that deal with them, and vice versa.  But beyond thatbootstrapping problem there's a larger one.

A lot of popular feed reader services such as My Yahoo or Bloglines arehost based.  With current feed authentication mechanisms, this meansthat you have to hand your user name(s) and password(s) to your feedreader service and let it impersonate you to do anything useful.  Notgreat.  Recently, Kim Cameron has been blazing away at theconcept of impersonation, not just the problem of handing your passwordout.  I'd like to suggest that authenticated feeds provide an idealplace to experiment with better approaches:  They're read only, the baris currently very low, and there's a whole host of immediatepossibilities that would become possible once you can cleanly authorizea feed reader to read feeds on your behalf.  I think the right way todo this is through a lightweight assertion mechanism that lets you say"I authorize service X to asynchronously read feed Y on my (Z's)behalf".

I'm still trying to digest all of the twists and turns of the threadbelow.  I am pretty sure that whatever solution is adopted, it has tocleanly allow for the "allow a service to read a feed" to be at alluseful.

The Impersonation/Delegation Discussion
Presented in backwards chronological order
Dramatis Personae: Eve Mahler, Kim Cameron, Conor Cahill, Pete Rowley,Phil Windley

PhilWindley: On Impersonation and Delegation
ConorCahill:  Delegation, Impersonation, and downright access
PeteRowley: The umpire delegates back
ConorCahill: SAML, Liberty, and user presence
Kim Cameron: Drillingfurther into delegation
Kim Cameron: Wrong-headedimpersonation

Tags: , , , , , ,

Suspended by the Baby Boss at Twitter

Well!  I'm now suspended from Twitter for stating that Elon's jet was in London recently.  (It was flying in the air to Qatar at the...