Why OpenID Attribute Exchange is a lousy idea

October 27, 2008 | Leave a comment

Attribute Exchange is a lovely idea. It happens like this: when you log in, the application you’re logging into asks the application that holds your account whether it knows about certain pieces of arbitrary data about you. Things like your website address, Twitter account, and so on. The smart thing is that, like OpenDD and some other formats, it doesn’t mandate the data an application can ask for. If your account holds your favourite kind of bread, the application you’re logging into can ask for it. This kind of generalised profile transmission is one of the things that will eventually form the foundation of the open web.

OpenID is also a great idea. When you want to log into an application, you tell it about where you keep your main account, and through behind-the-scenes magic (and a security check with your account holder), you’re logged in. It’s lightweight, simple, and has implications not just for the commercial web (where end users don’t currently see the need), but also loosely bound intranet solutions and situations where you want several locally stored web-based applications to use the same login.

So Attribute Exchange is great, and OpenID is great.

The problem for me is that, combined, they’re significantly less flexible than they would be as two separate entities that happened to work well together. For very legitimate reasons, an application provider may have to use BBauth, Shibboleth or some other standard to authenticate accounts across web-based applications. Perhaps some of these standards also has a way to move attributes across from one application to another. Nonetheless, if there was a single standard attribute exchange standard that you could use no matter how you authenticated, the barrier to entry would be much lower, and the standard of generally available code libraries to perform the task would be much higher. (The more eyeballs, the better the code, or so the theory goes.)

When Brad Fitzpatrick announced it, though, it was purely a specification for logging in, originally named Yet Another Distributed Identity System, and he’s been semi-publicly skeptical about the extensions. I think this makes sense. I also agree that OpenID will come into its own when you add an attribute exchange (and service discovery) layer over the top, but there’s no need for this to be rolled directly into the one authentication standard. Just because two ideas make sense when they’re joined together, you don’t have to glue them together into a single specification.

I’d like to advocate a policy of “small pieces, loosely joined” when it comes to open data formats. If each format does one thing really well, we can use them in lots of different combinations without fear of breaking something. More freedom for the programmer means more application possibilities and a better market.

Statistics and assumptions

October 20, 2008 | Leave a comment

By far the most popular photo on my Flickr photo stream is this one:

Megalodon

It’s a picture of my sister in Cornwall, where she was a warden on Looe Island for a summer. It’s had somewhere in the region of 6300 views, accounting for over a sixth of the views on my Flickr account (which has 1800 photos) overall. Perhaps naturally, being a slightly overprotective brother, I thought, “the Internet is full of ratbags; clearly this is popular because it’s a woman in a swimsuit”. In fact, I came this close to deleting it entirely, but at the last minute I thought I’d better double-check.

I’m glad I did: thanks to the title I gave it, it’s on the second page of image search results for “megalodon” on Yahoo! Search. Bizarre, but far less icky.

Having access to visitor metrics is a useful thing. I now know, for example, that one site I run is inexplicably huge in China; I’ve also got a much better idea of Elgg’s main user hubs (something that we’ve previously had to guess at). Although I’m not keen on precise geolocation, or my details being kept in an identifiable way, it’s useful as a site owner to determine what I should be concentrating on, and the rough locations of the people who find the things I do interesting.

You’re no-one if you’re not on Twitter

October 17, 2008 | Leave a comment

As has been reported by everyone and his dog in the tech echo chamber, Evan Williams and Jack Dorsey have swapped roles at Twitter. I really like the Twitter guys; I’ve met Ev and Biz in different contexts, and they’re both extremely open and generous with their time. Although I’ve never met Jack, I bet he fits into the mould. (Biz, of course, is on Elgg’s super awesome advisory board.)

The title of this post comes from the Twitter Song. My head isn’t so far stuck up the prosterior of Web 2.0 that I’ve lost perspective. Nonetheless, I’m a Twitter addict; I have business contacts, friends, relatives and celebrity idols on my friends list. More importantly, I think that they crystalised a new form of communication, which was originally birthed when someone at a mobile phone company decided that SMS could be for more than system messages.

The iPhone is misnamed; it’s not a phone. If you were to measure activity on an iPhone, I think you’d find that actual call activity was a tiny percentage. Instead, it represents a sea change: mobile communications is moving from a last-century landline metaphor to a fully-connected smorgasbord of data-heavy protocols. It’s by no means alone (my Blackberry has a similar purpose), but is the most visible.

What’s cool about Twitter, and the other services that are beginning to catch on to this model, is that it recognises that when you’re on the move, you don’t have time for a lot of information. Posting an update, or reading your friends list, is effortless; you can check and put your device back in your pocket in 15 seconds flat. They’re designed to be part of your life on the move, rather than a destination in themselves.

We’re keen on mobile communication with Elgg too, and have deliberately built the architecture both to allow fully mobile interfaces to be placed over the top, and to allow for API-based service applications for particular tasks. With the 1.1 release, those hooks will be more explicit and fully formed, and we’ll be rolling out some pretty exciting mobile-only features in the future. Stay tuned.

Brighton, Edinburgh and the Elgg Meet

October 16, 2008 | 3 comments

Night on the beach

Last Thursday I found myself in Brighton, which is a revelation – a concentrated community of tech entrepreneurs who get to live by the sea, drink at awesome caf├ęs and have the kind of social values I love. As well as some consultancy at the University of Brighton, we were there for an Elgg Meet, where cool people like Tom Kiss, Steve Purkiss and the crew behind the Brighton Gallery hung out and talked social media with us over a couple of beers.

As a result, I’m heading back in a couple of weeks, spending a healthy portion of my monthly salary on a cheesy novelty hotel room for a couple of nights so I can be there over the Hallowe’en weekend. Tom’s annual Crawl of the Dead takes place on the Friday night – it sounds like it’ll be better than ever, so I’m toying with finding myself some zombie makeup and joining them. Before then, I’ll be hanging out at the Werks, an awesome coworking space that resembles Chris Messina’s Citizen Space in San Francisco.

Right now, I’m in Edinburgh, which is a very different sort of place. I moved away from here four years ago, and it’s interesting to see how it’s changed; in particular, the computer science students are no longer forced to do their work in the basement of the maths and physics block, next to the boiler room. The new Infomatics Forum looks like a piece of science fiction utopia has landed where a grotty old pay-and-display car park used to be, and I’ve been told that they plan on having lots of events and programmes to develop a thriving tech community here. Having left in part because there weren’t those opportunities, I’m going to keep a very close eye on it.

As I said in my previous post, if you’re in Edinburgh on Saturday October 18 and are in any way curious about Elgg, I’ll be at an Elgg Meet at the Peartree from 3-5pm. Please join us! I’ll be shamelessly wearing a heavily-branded Elgg T-shirt, so you should be able to spot me.

Next Page »