Category: OpenID

JanRain RPX: A login buffet of OpenID, Facebook Connect, Google Friend Connect, and MySpaceID

JanRainAll of the sudden everybody in Portland is going all Hollywood on us.

First SplashCast announces that they’re partnering with Hulu. And now JanRain has announced that their RPX solution—a product that makes managing the ever-growing variety of distributed login credentials easier for developers and users—is going to be helping Interscope Geffen A&M, a division Universal Music Group, give fans an easier way to connect with their favorite artists.

Using the RPX interface, fans who’d like to connect with say, Lady Gaga, have the option of using their Facebook identity, Google identity, MySpace identity, or any variety of OpenID flavors, like AOL, Yahoo!, or Portland’s MyOpenID or myVidoop.

RPX login box

Where did all of these options come from all of the sudden? Well…

It’s been quite the month for the world of distributed social networking. Both Facebook Connect and Google Friend Connect – two services designed to help user manage a single profile across multiple sites – launched on the same day. Then, MySpace followed in close succession with their MySpaceID offering, another distributed social option built on the Open Stack. In a matter of days, the distributed social space went from nascent to completely confusing.

JanRain is hoping to make it a little less confusing, for both developers and users. And if they have to work with big-time music types—like 50 Cent, Fergie, and Guns n’ Roses—to get that done, so be it.

For more information, see JanRain’s RPX specific site or read the release. If you haven’t had your fill of my writing for the day, you can also read my write-up on ReadWriteWeb.

Birds of an OpenID feather: Vidoop, MySpace, and Flock together

VidoopPortland-based Vidoop has been working on a project they’ve been calling “Identity in the Browser” (IDIB), a means of employing an intelligent browser control that recognizes OpenID enabled sites and allows users to access those sites without having to jump through the often-confusing hurdles of relying party redirects.

Relying party redirects? Who duh how du wha? If you’ve ever used OpenID, you know that there’s a little dance that takes place: you provide your OpenID, the site then redirects you to your OpenID provider to confirm that you are you, you confirm—maybe view some images along the way, and are transported back to the original site to do whatever it is you came to do.

Vidoop (and a number of others) thought it would be easier to skip all of that and let your browser handle some of the heavy lifting.

The concept was solid. And a prototype Firefox extension had been created. But what Vidoop really needed was one of the popular browsers to step up and promote OpenID to its users.

Today, that happened. And how. Vidoop has announced that OpenID for Flock is now available, a joint project among Vidoop, Flock, and a little social network you may have heard of called MySpace.

[HTML1]

It’s big news for OpenID and for Vidoop. And a number of people are taking notice:

  • ReadWriteWeb: Vidoop and MySpace Bring OpenID to Flock
    “While OpenID is one of the more interesting online identity concepts, usability issues have clearly hampered its mainstream adoption. Flock, MySpace, and OpenID provider Vidoop have now come together to develop a browser extension for Flock that makes using OpenID a lot easier for Flock users. Besides managing your OpenID credentials, the extension also detects when a site supports OpenID and lets you sign in with the click of a button.”
  • The Social: MySpace helps develop OpenID extension for Flock
    “The OpenID Flock extension allows for easier credential management within the browser and makes it more apparent when a site will accept an OpenID login. A handful of OpenID extensions already exist for the open-source Flock, but this one’s got the seal of approval from some big names.”
  • O’Reilly Radar: Getting OpenID Into the Browser
    “Imagine if your web browser really knew who you were on the web. Just as you login to your computer, what if when you fired up your browser, it said “Hello Dave” and asked you to “unlock it” as well (Chris Messina was quite influential in my thinking about it this way). In doing so you become securely logged into your OpenID provider (or maybe more than one of them) and as you move around the web your browser takes care of automatically logging you into the sites that you want to be, asking you about others, and helping you register with new ones using your OpenID. Argue as much as you want about the details in making this happen, but I think it’s hard to disagree that making it easier for people to manage and use their identity (or identities) online is a bad thing.”
  • ComputerWorld: MySpace, Flock, Vidoop unveil prototype for storing OpenID credentials
    “OpenID for Flock is now available to all users of Flock 2.0 as an alpha extension to the browser. The tool automatically notifies users when they surf to a Web site that supports the OpenID framework. The framework, supported by Microsoft Corp. and Yahoo Inc., allows people to use a single username and password to enter sites that support it.”
  • CenterNetworks: Flock Partners With MySpace and Vidoop on OpenID Browser
    “Just a month after the public launch of the Flock 2.0 browser, Flock has announced the addition of OpenID to the Flock 2.0 browser today. I’ve been saying for a long time that if OpenID wants to succeed, they have to get it into the browser so when you hit a site that offers OpenID login, it could be as close to seamless as possible.”
  • Mashable: OpenID Management Comes to Flock
    “MySpace, Flock and Vidoop have developed OpenID for Flock. I’ll skip the talk about standards which you don’t care about, cut to the chase and tell you what it does.”
  • Download Squad: MySpace, Flock and Vidoop release OpenID for Flock plugin
    “OpenID is a really great concept. The ability to use a single digital identity across the web and avoid having to sign up for yet another user account is a real productivity boon. More and more high profile sites and services are adopting OpenID, but the project still hasn’t gained the traction that many of us think it deserves. This is partially because it still isn’t easy to use OpenID — or even find out if a site supports OpenID — on all services. MySpace, Flock and Vidoop think they’ve come across a solution: let the browser handle it.”
  • Social Times: MySpace Teams with Flock, Vidoop to Push OpenID
    “MySpace announced its support of OpenID earlier this year, with certain hopes for its potential alongside its own Data Availability initiative. Such an integration makes sense, especially in light of Facebook’s ongoing efforts to become the central platform for online social interaction. So how can MySpace hope to stay ahead? Deeper OpenID integration.”
  • Ars Technica: Flock OpenID support a small step for slow-moving standard
    “The potential of a ubiquitous online login is slowly being realized with emerging identity systems like OpenID. With one username to rule them all and broad industry support from companies like Yahoo, Microsoft, Google, and VeriSign, users may finally be able to simplify their online presence and save a few post-it notes—if OpenID can be made simple and easy to manage for the general consumer. Amid a confusing array of options for creating and using OpenIDs, MySpace and Vidoop have partnered with Flock, the social web browser, to create an open source implementation of OpenID in a browser.”

For more on the the browser extension, see the post on the Flock blog.

JanRain helps the other side of the OpenID (and OAuth) equation

JanRain RPXIt’s no secret that I fancy Portland the hub of OpenID development. And it’s days like today that I actually sound like I know about that which I am blabbering.

You see, today Portland-based JanRain, one of the old guard in terms of OpenID, unveiled a new service that has the potential to increase OpenID adoption.

How? By focusing not on those people holding an OpenID, but on those who want to allow people to use that OpenID—but simply can’t figure out how.

With this new software-as-a-service solution (that’s a lot of “s”s, isn’t it?), RPX, JanRain has the makings of a service that allows anyone to drop OpenID support—and OAuth support for that matter—into place on their site. Simply and easily.

With RPX you don’t need to become a security expert, a protocol expert, or play through a number of security and data flow problems, RPX handles all of this for you and delivers a simple payload in either JSON or XML.

In my mind, JanRain’s solution has a great deal in common with Will Norris’ brilliant OpenID plugin for WordPress, wp-openid. But for a much larger audience.

With RPX, JanRain has the opportunity to take that same kind of plug-and-play OpenID login concept to the larger Web—beyond blogs—to the companies who could greatly benefit from the technology.

And that’s very cool.

It’s also cool that they could be making some money off of subscription fees to deliver that service.

As an aside, I’m also happy to report that JanRain gains the distinction of being the first Portland company that I got to cover for ReadWriteWeb. And I can’t tell you how great it is to share the amazing tech scene here in Portland on that larger stage.

Well and speaking of that larger stage, JanRain also garnered coverage on a little tech blog of which you may have heard, TechCrunch.

Dare I say “YAY Portland!”? Indeed I do.

Still hungry for more OpenID news? Fear not, gentle reader. A little bird tells me that they’ll be some more cool OpenID stuff being released here in Portland within the next week or so.

Just you wait.

JanRain OpenID could be the key to your health (vault)

myOpenIDIn June, that little software company to the north of us, Microsoft, made news by allowing OpenID logins to its Microsoft Health Vault product.

Problem was—as TechCrunch noted—only two OpenID relying parties were allowed to play:

Over 16 months after first declaring its support for the OpenID authentication platform, Microsoft has finally implemented it for the first time, allowing for OpenID logins on its Health Vault medical site. Unfortunately, Health Vault will only support authentication from two OpenID providers: Trustbearer and Verisign. Whatever happened to the Open in OpenID?

But now, Microsoft has decided to increase the number of relying parties by 50%. To three.

So who was the lucky relying party who made it through the door? Portland-based JanRain‘s myOpenID.

A number of folks—me among them—are surprised it’s taken Microsoft this long to add another relying party. And it seems like the list is still missing a few other obvious and highly secure choices.

But myOpenID is a great place to start:

JanRain’s myOpenID service, the first and most popular independent OpenID service on the Internet, provides consumers with a free, fully featured, reliable, and secure solution for managing their personal online identity. Every myOpenID user receives several choices for secure authentication beyond password. These enhanced security options include: Microsoft InfoCard, Client Certificate, or Phone-based two factor authentication.

For more information on the personal health record service, visit Microsoft Health Vault. For more on JanRain and its OpenID solutions, visit JanRain or myOpenID.

Like WordPress and OpenID? wp-openid 3.0 to launch at Demolicious

I’m always saying that—with companies like Vidoop and JanRain here in town—Portland is the de facto hub for the world of OpenID.

And clearly after last weekend, we’ve got a lot of love for the WordPress platform, as well.

So where better to launch the latest version of the leading OpenID plugin for WordPress—wp-openid—than Portland?

wp-openid launch

Will Norris, the lead developer of the wp-openid plugin, happens to be in town this week. And, as such, he has just announced that he will be launching wp-openid 3.0 this Wednesday at Portland Web InnovatorsDemolicious!“, the new hip spot to unveil cool new tools here in town.

What does wp-openid do?

This plugin allows verified OpenIDs to be linked to existing user accounts for use as an alternative means of authentication. Additionally, commenters may use their OpenID to assure their identity as the author of the comment and provide a framework for future OpenID-based services (reputation and trust, for example).

So, if you’re a WordPress type who’s been using OpenID or who is interested in deploying OpenID on your blog, make sure to attend Demolicious! on Wednesday night at NEMO Design. Even if you’re just OpenID curious, I’d highly encourage you to attend.

Plus, as always, there will be some other cool stuff being demoed there, as well.

For more information on the event or to RSVP, visit Portland Web Innovators Demolicious! on Upcoming. For more information on the current version of the plugin, see wp-openid in the WordPress plugins directory.

REMINDER: Silicon Forest Forum tomorrow

Silicon Forest ForumJust a reminder that a bunch of local venture capital types, entrepreneurs, and other tech enthusiasts will be gathering at the Intel Jones Farm campus on Friday for the Silicon Forest Forum.

As I mentioned in a previous post and the Silicon Florist podcast, the co-founder of Tesla Motors will be the keynote. I’ll do my best to see if he’s willing to give a Tesla Roadster to each of the Friends of the Florist.

But I’m not guaranteeing anything.

I’ll be in attendance as part of my effort to continue the wacky week of Silicon Florist appearances at events. I had a great time at LivePitch Portland on Tuesday and was honored to moderate a phenomenal panel—Josh Bancroft, Dawn Foster, and Marshall Kirkpatrick—at the OEN PubTalk last night.

So what I am doing at the Silicon Forest Forum? More smiling and nodding, of course.

I’ll be moderating another all star panel entitled “Bloggers, Digital Media… and the Business of Creating Content.”

The panel will feature:

See? Smiling and nodding indeed. But at least it keeps a consistent theme to the week. That theme being “Great panel, but what is Rick doing up there?”

Sound interesting? I hear that there still a couple of seats left. So if you’d like to attend, swing by the Silicon Forest Forum site to register. And if you’re going to be there, please make sure to grab me and introduce yourself.

The Beauty of EAUT (Email Address to URL Translation)

OpenID, as a concept, holds great promise. And Portland—with OpenID proponents like Vidoop and JanRain—is home to some of the most promising thought in the application of that concept.

But the URL thing still trips folks up.

And that’s a known issue. Not everyone wants to use a URL to identify themselves. An email address makes more sense to some folks.

But there’s a problem. An email address isn’t exactly an “endpoint.” And there’s no way to hang other stuff off of an email address, like identity information or helpful code like XFN.

Still, from a usability standpoint, “using my email address to login” is about as common a practice as any on the Web.

So there needs to be a translation. Something that lets people use the credential they want, but allows folks to have the endpoint credential they need.

Roughly a month ago, Portland-based Vidoop released something designed to solve this problem: Emailtoid, a service that allowed folks to use an email address as their OpenID.

I thought Emailtoid showed a great deal of promise. But apparently, it wasn’t good enough.

Now, Vidoop’s Will Norris and Michael Richardson have helped take the concept of Emailtoid a step further by working on the development of a new spec. It’s a spec that may simplify the issue even further.

Introducing EAUT—pronounced “yute“—a distributed email address to URL translation that allows anyone to take the conversion from email address to OpenID URL and hide it behind the scenes of the transaction. With just a little bit of code.

Or, to let Vidoop explain EAUT more clearly:

In basic terms EAUT makes it easy to take an email address and transform it into an URL, making your email work with services like OpenID. The goal with Emailtoid is to demonstrate the technology and provide a fallback solution for a larger, decentralized network based on the EAUT specification.

What’s more, it’s decentralized. Meaning any email address—any email address—now holds the potential to become an OpenID:

EAUT is designed to work in a distributed fashion, so that no one authority controls it. Every email provider can control how email addresses at their domain are resolved into URLs.

So, now that bright and shiny new Emailtoid—instead of leading the charge—becomes the fallback service should this validation fail. According to plan.

Hopefully, the release of the EAUT spec continues to chip away at the barriers that are preventing major providers—providers that serve as relying parties but don’t allow users to login via OpenID—to move into the realm of becoming full-fledged OpenID supporters.

And in so doing, here’s hoping that EAUT helps accelerate the adoption of OpenID, a concept that today may only save headaches for a handful of geeks with innumerable logins, but which may one day serve as an open foundation for credentials and security on the open Web of the future.

Combining the power of OpenID with the ease of email addresses. And making it open and distributed.

This could be a thing of beauty.

To test drive it, try out the EAUT examples. For more information on the spec, see the Vidoop post or the EAUT site.

OSCON 2008: Sourceforge offers free Open Source tattoos

Open Source tattoosInterested in placing a penguin on your posterior? Or maybe the Debian swirl? Or the Ubuntu circle thingee? Or maybe—just maybe—putting your OpenID somewhere you’re sure to never, ever forget it?

Well, next week at OSCON here in Portland, you may be able to make that dream come true. Because it seems that the nice—or is that sadistic?—folks at Sourceforge are offering to ink you up with your favorite open source icon—for free.

That’s right. Ten lucky winners will get the opportunity to go under the needle to make their ass officially open source. Well, or their arm or leg or what have you:

We are looking for people that are willing to sign up for a tattoo and show it off at the CCA party later on in the week. Only requirements – participants have to be able to meet with Ross Turk, Sourceforge’s Community Manager, at the beginning of the week to get the gift certificate, they have to sign a couple waivers (one for the tattoo parlor and one for Sourceforge), the tattoo has to be open source themed or techy in nature, and they have to show up at the CCA party Thursday night.

I’m not sure exactly which tattoo studio is going to be doing the work, but given that it’s going to be one near the Jupiter Hotel, I’m going to assume that it’s Colorbomb Tattoo with the drawing honors.

Is your interest piqued? You willing to take the pain all for love of open source? Maybe you should contact Ross at Sourceforge and let him know: rturk at corp.sourceforge.com.

And please, oh please, if you’re crazy enough to do this—and (and!) you happen to get picked—do let me know.

What’s that? Tats not your pot of ink? That’s okay, kiddo. There are still plenty of cool things to do in Portland while you’re at OSCON.

Photo credit vonguard used under Creative Commons

Vidoop ImageShield + AOL OpenID = 100 million+ potential Vidoop users

Portland-based Vidoop‘s ImageShield technology has been purported to be one of the most unhackable credential schemes on the market. It’s been tested, time and time again.

But today, the real testing begins.

Why? Because today a little online-service provider named AOL just released Vidoop ImageShield technology to each and every one of its users—each of whom have an AOL-based OpenID.

AOL OpenID featuring Vidoop Image Shield

Now, it’s no secret that this has been in the works. AOL has been forthright about the fact that it has been testing the technology. But it’s been a private BETA:

At AOL we had a chance to try out their ‘ImageShield’ technology since last few months. What we did is basically provide our AOL OpenID users (AOL users using their openid.aol.com/) with a way to secure their accounts by binding an ‘ImageShield’ password, so from next time when they try to login with their AOL OpenID at a 3rd party Relying Party site, instead of the traditional ‘password’, they can login securely using the ‘ImageShield’. In that way they can make sure they are always signing in from the secure AOL login page and also make sure they are not giving away their ‘real’ password to any possible attackers. This has been deployed on our closed beta environment as a trial run to see how our beta OpenID users would feel about the overall user experience and of course the security of their accounts.

Not anymore. Now, as the screenshot above illustrates, Vidoop’s technology is accessible to the public.

I hear you. “So what?” Well, the “so what” is this…

For OpenID logins, Vidoop’s ImageShield technology has generally been available to users of myVidoop. And that’s been about it.

And as much as I respect the Vidoop team and their accomplishments, I feel pretty safe saying that the myVidoop user base is slightly less than the AOL user base. Just a smidge.

But now? Now there is no difference.

Now, the Vidoop ImageShield user base is the AOL user base. Because Vidoop ImageShield is accessible to more than 100 million AOL users.

And, if I had to guess, I would say that that potential—the potential to have more than 100 million people using Vidoop technology to log in to OpenID-enabled sites—would make Vidoop ImageShield about the widest deployment of OpenID-based authentication technology on the market.

And that, my friend, is a big win for Vidoop. And for OpenID.

For more information on Vidoop ImageShield, visit Vidoop. For more on AOL and OpenID, visit OpenID Central on the AOL Developer Network.

(And, as always, please feel free to use your myVidoop, AOL, MyOpenID, or other relying party OpenID to comment.)

[Update July 11, 2008] TechCrunch has picked up the Vidoop ImageShield and AOL OpenID story, meaning it might get slightly more pick up now. Great to see Vidoop getting this recognition on a much, much larger stage.

Email to ID: My OpenID is an email address

Email to ID from VidoopOh boy. He’s on that OpenID soapbox again.

Look. You’re in Portland. Arguably the de facto hub of OpenID. So it happens. The OpenID soapbox is literally right here. I can jump on it at practically any time.

So yes, I’m talking about OpenID, again.

But this time, I think even the staunchest critics will find the discussion interesting. Because it solves a very common complaint.

You see, once you get past initial objections surrounding OpenID and the “we should push the value, not the technology” discussion—once you get into actually trying to convince people to use OpenID as a form of credential for online services—one criticism tends to pop up time and time again…

Why is OpenID a url? Why can’t OpenID be an email address?

Why does this complaint come up so much? Because email passes the “mom ‘n’ pop” test. As in mom ‘n’ pop are growing increasingly comfortable with the idea of having an email address. They “get it.” And they’re far more comfortable managing that type of address than they are managing a url.

Long story short, email seems easier to grasp.

And we’ve been so conditioned to plug an email address into the “username” box, that it’s almost becoming second nature.

So the conversation always, always, always comes around to “What if logging in with OpenID were as easy as logging in using your email address?

If only! If only someone, somewhere could put some of the leading minds together with some brilliant developers and get this thing figured out. I mean, maybe like Chris Messina and Will Norris. Maybe get Scott Kveton and Scott Blomquist in there. And that Michael Richardson is a pretty sharp developer.

I mean, if someone could manage to put a team like that together… I’m sorry. What? Really? Really? Vidoop? They all work for Vidoop? Oh. Well. That would probably explain this then….

Enter Email to ID, a new service from the folks at Portland-based Vidoop. (And yes, this is the thing they’ll be demoing at Beer and Blog this evening.)

How does Email to ID work?

The concept is simple. And congruent with current OpenID logins.

One box. One credential to enter. The basic difference being that you’re using an email address instead of url.

So how do you validate that you are who you say you are? Well, there are a couple of ways.

If you don’t have know that you already have an OpenID, you can just use your email address and Email to ID will create an OpenID association for you.

The first time you sign into a new site, Email to ID will send a validation code to that email account. (Much in the same way CAN-SPAM encourages people to confirm their membership on email lists.) Using the code, you can validate that the email address is, in fact, yours and that you are who you say you are.

If you’re already a typical OpenID user, you can associate your existing OpenID(s) and relying parties with an email address. This allows you to use the inherent security features of your relying party instead of having to check your inbox every time you want log into a new site.

Technically, what’s Email to ID doing?

Okay. I can see you geekily salivating over there. But I’m not going to try to explain it. Instead, I’ll let the people doing the work explain that:

Emailtoid is a simply a mapping service – we take a GET request to our mapper ( eg, http://emailtoid.net/mapper?email=jane@example.com ) and return an HTTP redirect (a 302) to an OpenID. If the email address is not in our system, we create an OpenID account for the user on the fly. The user logs into the OpenID account by verifying his or her email address through a one time URL or confirmation code sent to that email address. The RP (relying party, the site that originally sent the request) then has the user returned to it.

Get it? Good. Explain it to me sometime.

All I care about is that it works. And it does. Quite gracefully. And that is technology as it should be.

So is OpenID “mainstream” now?

I don’t know that making OpenID mainstream should even be a goal. But I do know that making services and technologies more useful to the general populous should.

“Basically, OpenID is great, it’s a wonderful technology, but it can be a bit confusing to the end users,” said Richardson, lead developer for Email to ID. “Users are already trained to use email as an identifier, so this bridges the gap between email and OpenID.

“Ideally, this service will go away as all top level domains will implement their own mapping. But until that time, we provide a way for sites to have people to use OpenID through their email address. The barrier of entry into OpenID is significantly lower.”

Conceptually, this service marks a huge step forward for “bending the OpenID technology to the needs of the common user.” And as such, it could definitely be one avenue for introducing a new way of logging-in to a wider group of people.

But, whether the term or concept “OpenID” needs to travel along with that form of credentialing is still a matter of debate.

To paraphrase something that Kveton, who in addition to efforts at Vidoop happens to chair of the OpenID Foundation, often says, “My mom doesn’t says she’s going to go establish an SMTP connection. She says she’s going to go check her email.” Or to put it another way, “Sell the sizzle, not the steak—or Gardenburger, as the case may be.”

Make no mistake, this is progress for OpenID and its potential. And progress very much in the right direction for a very fledgling technology with a number of benefits.

I, for one, feel that—with Email to ID—one of the major gripes against OpenID is now a thing of the past.

And that means, it’s time to attack the next one. What’s next?

For more information or to set up your own email-based OpenID, visit Email to ID. Interested in implementing this service? See the Email to ID developers area and follow Email to ID on Get Satisfaction. Of course, if you’re lucky enough to be in Portland, today, swing on by Beer and Blog to talk to Email to ID developer Michael Richardson about this new service.

%d bloggers like this: