HTTP signatures

May 6, 2013 | Leave a comment

It looks like I’m not the only person who likes the idea of signed HTTP requests as an authentication method.

Joyent and Digital Bazaar have co-written an Internet draft for cryptographically signed HTTP requests:

Several web service providers have invented their own schemes for signing HTTP requests, but to date, none have been placed in the public domain as a standard. This document serves that purpose. There are no techniques in this proposal that are novel beyond previous art, however, this aims to be a simple mechanism for signing these requests.

Signed HTTP requests are also a key feature of something I’ve been working on. It’s great to see the idea pick up momentum.

The Progressive (Profitable) Web

April 2, 2013 | 2 comments

Ryan Holiday laments the loss of Google Reader and RSS in general in Our Regressive Web, arguing that if someone came up with them today, we’d think they were brilliant ideas:

Nothing better has risen up to replace them. The underlying needs of a fairly large user base (that these services meet) still exist.

We’re just regressing.

[...] RSS is impervious to blogging’s worst, but most profitable traits. [...] No wonder nobody ever pushed for widespread adoption. Of course it died a slow death—along with Google Alerts and Delicious. Their mission is antithetical to the ethos of our new media age. Where noise, chatter and pushing—not pulling—rule the day.

Our Regressive Web by Ryan Holiday, on Medium

He’s right. Aggregated content – content on the reader’s terms – has a huge potential userbase, but it wasn’t profitable for either the bloggers or the aggregators, so it languished. Sure, you could tack some Google Ads onto the end of each post in a feed, but control over the form that the content is presented in is granted fully to the user. Where’s the opportunity to upsell? Where are the branding opportunities or the baked-in communities, carefully designed to maximize ongoing engagement?

The irony is that blogs have actually downgraded their on-page advertising over time. If you visit TechCrunch today, you’ll only see two ads above the fold. Check out io9, and you’ll see none at all. The redesigned ReadWrite has a few more: a giant banner above the fold, and then four small squares with another ad in the stream of content itself.

Wouldn’t it be nice if you could have your cake and eat it, too? Allow the user to consume content on his or her terms, while also allowing the content producer to make money?

Here’s an idea I’ve been working on in my own time. It’s a little technical, but bear with me:

  1. Add a simple social layer to the web. I still like the idea of the HTTP header I described in httpID. Your site may connect to my site with a mechanism like OpenID Connect and get an authentication token automatically. Think of it like a one-way friend request. Of course, I can then reciprocate by connecting to your site to create a two-way relationship.
  2. Add authentication to feeds. Each feed has just one URL. An aggregator may sign the request for a feed with an OAuth-like signature. (We’re sidestepping HTTP digest auth for obvious reasons.) The software producing the feed may choose to acknowledge the signature, or not; by default, you get all the public posts you’d normally get when accessing a feed.
  3. Manage connections and restrict access to content. I see everyone who’s connected to me from a control panel, and can reciprocate from there. More importantly, I can add any of my connections to access groups. So if I add you to a group and publish a piece of content so that it is only accessible by that group, when your site requests my feed using a signed request, you’ll see that content.
  4. Optionally: sell access to premium content. Once you can selectively broadcast content to a finite group of people, you can sell access to that group. (And of course, you can have more than one paid-access group.) For example, I’m a subscriber to NSFW, a paid publication with an online presence. They could push all their articles to me as a subscriber, while making a handful of taster articles available to everyone. You could even include a pointer to a subscription URL within that social handshake from part 1. If you decentralize the financial transactions (and why not?), you could even give a small cut to the platform owner.

All of the above is complementary to feed standards like RSS and Activity Streams, as well as to federated social web protocols and methodologies like OStatus. It’s super simple to both use and implement – but could add a layer of commerce to the content web, while also decreasing our dependence on large content silos whose interests are not in line with their customers.

Engine attribution

March 21, 2013 | 2 comments

This site is (right now) powered by the WordPress open source blogging engine. If you hit “view source” in your browser, somewhere near the top, this is what you’ll see:

<meta name="generator" content="WordPress x.x.x" />

(Where x.x.x is the current version.)

I’m in the process of moving away from WordPress. More about that another time. But as part of this, I’ve been wanting to check out the sites of folks who participate in the IndieWeb community and figure out what they’ve been using. The IndieWeb community believes in owning your own content and pushing out to silos, and many of its participants create their own publishing platforms and release them as open source. (Again, more on this from me another time.)

So here’s a proposal. Let’s use that “generator” metatag to link to our home-spun platforms, and include a link to the repositories for those platforms, or at least pages that ultimately link to those repositories. For example:

<meta name="generator" content="My platform http://github.com/myplatform/core" />

That way, while there’s no need to place a visible link where it might not be relevant, people who are interested can always find a way to your software, where they can make use of it, learn from it, or even help extend it.

Silos, the open web, and selfdogfooding

March 14, 2013 | Leave a comment

Tantek Çelik has written an important post about silos vs an open, social web:

The answer is not to not “only [be] relevant to geeks”, but rather, reframe it as a positive, and be relevant to yourself. That is, design, architect, create, and build for yourself first, others second. If you’re not willing to run your design/code on your own site, for your primary identity on the web, day-in and day-out, why should anyone else? If you started something that way but no longer embrace it as such, start over. Go Selfdogfood or go home.

It’s thought-provoking, and worth a read: On Silos vs an Open Social Web.

Tantek defines “selfdogfooding” as “using your own creations on your own personal site that you depend on, day to day.” That’s an important perspective, because for one thing, many of us don’t have personal sites anymore, and yet more of us never did. Some of us have social networking profiles, but I wouldn’t classify those as sites.

I’ve been thinking a lot about how I interface with the modern web, and in the wake of the Google Reader closure that’s an even more important discussion. I like the POSSE: (Publish Own Site, Syndicate Everywhere) approach very much – by publishing to something I directly control and then pushing out to sites like Twitter, Facebook and Google+, I’m the one who’s in charge of my presence on the Internet, without losing any of the network effects.

This poses other questions. When you control the entire platform that your presence runs on, and you know how to write code, what should your presence look like? Right now I’m using WordPress to power this site, and ThinkUp to process my interactions with the wider social web, but what could I build myself?

This dovetails nicely with another question I’ve been asking myself lately. I designed the architecture for Elgg 0.x in 2004, and the original 1.x architecture was set down two years later. What would an easy-to-use open source social platform that was easy to deploy onto shared hosting look like, given the set of technologies we have available to us in 2013? Let alone what we know now about user behavior and design? It’s a different web out there, and I don’t know. But if I want to, I can explore; the best way to do that is to use it myself.

Updated to add: I built this. It’s called idno, and I’m using it over at werd.io.

« Previous PageNext Page »