OpenID Connect

I’ve been doing some work with OpenID and OAuth lately, making use of the excellent DotNetOpenAuth library. I am pretty much a beginner when it comes to these technologies, but I have been able to get up-to-speed fairly quickly. I was a big fan of Facebook Connect, and I quite like the new Graph API too (which uses OAuth 2.0). Though it was easy to develop against, I think the biggest benefit of Facebook Connect was the excellent end user experience. It was consistent and simple.

In contrast, OpenID is a little more cumbersome, and a lot less consistent. The discussion on how to make it easier and sexier has been going on for a while now. It seems like some significant progress will be made this week when OpenID Connect is discussed at the Internet Identity Workshop. What is OpenID Connect?

We’ve heard loud and clear that sites looking to adopt OpenID want more than just a unique URL; social sites need basic things like your name, photo, and email address.

We have also heard that people want OpenID to be simple. I’ve heard story after story from developers implementing OpenID 2.0 who don’t understand why it is so complex and inevitably forgot to do something. Because it’s built on top of OAuth 2.0, the whole spec is fairly short and technology easy to understand. Building on OAuth provides amazing side benefits such as potentially being the first version of OpenID to work natively with desktop applications and even on mobile phones.

Chris Messina has some additional thoughts on the proposal here:

After OpenID 2.0, OpenID Connect is the next significant reconceptualization of the technology that aims to meet the needs of a changing environment — one that is defined by the flow of data rather than by its suppression. It is in this context that I believe OpenID Connect can help usher forth the next evolution in digital identity technologies, building on the simplicity of OAuth 2.0 and the decentralized architecture of OpenID.

It sounds very exciting – I hope OpenID Connect becomes a reality!

Happy 5th Birthday Facebook!

Today is Facebook’s 5th birthday. Hard to believe it has been around that long, actually. Over 150 million people have joined since launch, and Facebook is now a household name. I remain a regular user of the site, though I’m not nearly as active there as I once was. I guess you could say the buzz eventually subsided for me.

I am continually amazed at how many people have Facebook accounts. Almost my entire family does – even my Grandma, who just joined last week! And it’s more than just having an account. My parents are very active on the site, far more active than I am. This is important.

Why? Because of Facebook Connect. I’ve been playing with it recently, and I’m impressed with how easy it is to integrate into a website. Essentially Facebook Connect is a single-sign-on service. Instead of creating a new account at a website, you can just login with your Facebook credentials. Additionally, the site can publish stories to your feed if you allow it. It’s pretty slick.

Facebook Connect needs lots of active users to be successful. It also needs participating websites. Though there aren’t very many yet, I expect adoption to pick up. It’s easier to decide on Facebook Connect than on something like OpenID because you don’t have to explain what it is, and chances are your users already have a Facebook account anyway.

It’ll be interesting to see how Facebook changes over the next five years. I’d bet that Facebook Connect will play a big part in any changes.

For more on Facebook’s 5th birthday and some up-to-date statistics, check out Hitwise and VentureBeat.

Yahoo and Google become OpenID providers

Post Image The OpenID single sign-on project got a major boost this week when Yahoo announced it would enable it’s 250 million users to use their Yahoo logins for authenticating at OpenID websites. And just yesterday, Google announced that Blogger accounts can now be used as OpenID logins. OpenID is definitely gaining momentum.

So what is OpenID?

OpenID eliminates the need for multiple usernames across different websites, simplifying your online experience.

You get to choose the OpenID Provider that best meets your needs and most importantly that you trust. At the same time, your OpenID can stay with you, no matter which Provider you move to. And best of all, the OpenID technology is not proprietary and is completely free.

It’s a really good idea, and works fairly well in practice. I think a major question new users will have is, which provider should I use?

See I think most users have a Yahoo account and a Google account, and many others. There are tons of sites that act as OpenID providers. Which one should you choose? How do you decide which to use as your provider?

I guess it wouldn’t matter if you could combine them somehow. I don’t know enough about OpenID to know if that’s possible. Anyone reading this have any idea?

Read: OpenID

Five Geeky Things I Want To Learn More About

Like lots of other netizens, far too much information passes across my virtual desk in a day. With blogs, TechMeme, Twitter, and dozens of other sites and services, there’s far too many things to process all at once. At the same time, I don’t like missing anything. Usually what I do is bookmark things with del.icio.us, and then review them later. Sometimes those links are unrelated, other times they are part of a larger topic or subject. Here are five such topics:

  1. Silverlight
    Microsoft’s platform for Rich Internet Applications. I’ve checked out demos, examples, overviews, and other general information, but I need to get my hands dirty. I need to create something using Silverlight.
  2. F#
    Another Microsoft item on this list shouldn’t surprise anyone. F# is a functional and object-oriented programming language. I’ve heard many developers say that you should learn one new programming language a year, and F# seems to be worth looking into. Especially since Visual Studio will have full support for it!
  3. SOCAN
    Society of Composers, Artists and Music Publishers of Canada. The link is an Engadget article talking about the SOCAN push for a tax on music downloads here in Canada. I’ve been reading tons about the music industry lately, especially since the Radiohead experiment, but I want to know more about how Canada specifically is affected.
  4. OpenID
    A decentralized, single sign-on system that seems be all the rage these days. I’ve actually played with some code on this one, but I need to devote more energy to it. I want to know how it works with other systems, and where the system is going in the future.
  5. APML
    Attention Profiling Markup Language. Possibly the geekiest thing on this list. Essentially it’s an XML format for sharing your “attention” or “interests”. It enables you to rank your likes and dislikes, and to share that information with other services and applications. I think it could enable some really interesting scenarios if it was used widely enough.

There are dozens of other things I could have mentioned, of course, but these five are particularly interesting to me.