[HTML2]If you haven’t started to implement OpenID yet, you may be falling a bit behind the curve. You see, thanks to the efforts of Portland-based JanRain, even the good old—and I do mean old—brick and mortar companies like KMart and Sears are jumping on the OpenID bandwagon. Or, as Mike Rogoway at The Oregonian’s Silicon Forest blog put it, “Old economy stalwart Sears announced this morning that it’s adopting OpenID.”
I’m quite fond of saying that Portland is the de facto hub of OpenID development. And it’s days like today that make me sound like I actually know what I’m talking about.
Google (maybe you’ve heard of them?) has just announced two new enhancements to the Google OpenID API. And it just so happens that Portland-based JanRain and their RPX solution have come to play a critical role in the announcement: they’re one of the first examples of the new features in use. Read More
[Editor: Let me preface this by saying that I know, full well, that Kveton hates it when I do this. But I think it’s newsworthy. And I thought I should let you know. For that, I’m willing to incur his wrath.]
Many of you know Portland’s Scott Kveton as one of the new board members for Software Association of Oregon (SAO), founder of the OSU Open Source Lab, the former chair of the OpenID Foundation, a Portvangelist, someone who spends more than his fair share of time at PDX, and the guy who helped bring Vidoop to Portland.
And now, what began as side project—albeit a passionate one—has drawn Kveton into the world of consulting as a full-time gig.
But it’s more than just his passion for that wonderful magical meat animal. It’s truly a desire to help organizations understand how to better use technology and community to achieve business worthy ends—regardless of their particular focus.
It’s really hard to explain but selling bacon is honestly one of the most interesting/fun things I’ve ever done. Its not just technology-for-the-sake-of-technology. Jason, Michael and I created something out of nothing using off-the-shelf tools to make a solution that delivers real things to real people. And we did it all in less than a month.
Long story short, Kveton is taking the opportunity to do something he loves—and to make it a viable business. And given that that is something with which many of us struggle, I personally couldn’t be happier seeing him take this chance.
I know Portland will gain from this move. And I’m already seeing some local startups beginning to take advantage of his talent and guidance.
Ever tried to do something on a site that uses CAPTCHA? You know, the Completely Automated Public Turing Test To Tell Computers and Humans Apart?
Oh. Well, how about the technology designed to prevent bots from submitting forms that requires us to enter a “human readable” element before submitting?
Um. Okay. The squiggly letters? You know the squiggly letters? The ones you can never read? The ones that force you through three or four attempts at submitting a form? The ones that make you wonder if you are, in fact, a bot?
There you go. That’s CAPTCHA.
The concept and CAPTCHA started simply enough, according to Wikipedia:
Moni Naor was the first person to theorize a list of ways to verify that a request comes from a human and not a bot. Primitive CAPTCHAs seem to have been developed in 1997 by Andrei Broder, Martin Abadi, Krishna Bharat, and Mark Lillibridge to prevent bots from adding URLs to their search engine. In order to make the images resistant to OCR (Optical Character Recognition), the team simulated situations that scanner manuals claimed resulted in bad OCR. In 2000, Luis von Ahn and Manuel Blum coined the term ‘CAPTCHA’, improved and publicized the notion, which included any program that can distinguish humans from computers. They invented multiple examples of CAPTCHAs, including the first CAPTCHAs to be widely used, which were those adopted by Yahoo!.
But as optical character recognition has improved and bots have become smarter, it’s been going downhill—faster and faster—ever since.
They latest iteration of CAPTCHAs and reCAPTCHAs have taken a variety of forms: more and more obscured text, increasingly wiggly text with multiple “words,” unintelligible audio, increasingly complicated math problems… but none of them seems to get to the crux of the issue: allowing an average human to do what they came to do.
I mean, this is the CAPTCHA from arguably the most powerful company in the world, that little search company down in Mountain View.
Right. I can’t read it either.
There has to be a better way.
Enter Portland-based Vidoop and their image grid technology.
To date, Vidoop’s recognizable image grid technology has been used to obfuscate passwords for an OpenID login, enabling users to use OpenID without having to remember other credentials.
But what dawned on the folks at Vidoop is that the image grid also made a pretty darn simple CAPTCHA device. What’s more, it was actually intelligible to a human.
Introducing VidoopCAPTCHA, a CAPTCHA that stops the craptastic slide of increasingly horrible CAPTCHAs by taking the concept in an entirely new direction.
The image grid password concept allowed users to select a few favorite things that they were to remember instead of a password—like rainbows, unicorns, and teddy bears. Then when they logged into a site using their myVidoop name, they simply selected the letters from those images as their password.
VidoopCAPTCHA takes the same tact, telling users to look for specific images and then asking them to type in the letters from those images. Simple, easy to use, and just as effective protection as the image grid for passwords.
And like the previous implementations of image grid technology, VidoopCAPTCHA has the potential to allow users of the service to insert their own images into the grid. Which, in most cases, results in an advertisement.
According to ReadWriteWeb’s coverage of VidoopCAPTCHA:
There’s a business model here, too. Vidoop says that if this system catches on, site owners will be able to sell spots in their image boxes to advertisers. The concentration required in order to identify these images would be a huge gift to advertisers placed there. There’s something a little troubling about that prospect, but the company says that in a survey so large they believe it’s nationally representative and most other people don’t mind.
Verdict: VidoopCAPTCHA is humane CAPTCHA
As a user, I found the image grid approach much easier to use than the prevailing text-based concepts. Were I a current CAPTCHA user, I’d implement VidoopCAPTCHA, today.
But is VidoopCAPTCHA enough to motivate folks to implement a CAPTCHA solution? I don’t know about that. But I do know that if you’re interested in deploying CAPTCHA, the imagery is far more legible and usable than the current squiggly text—at least to my eye. (And I’d say that even if Vidoop weren’t a Portland company.)
And I also know that if you’re a current CAPTCHA user, it would be well worth your time to take a look at VidoopCAPTCHA. Your users will thank you for it. Or at the very least, be able to communicate with you without screaming expletives at the screen.
For more information or to test drive the product, visit VidoopCAPTCHA.
Many of you know that in addition to serving as an OpenID proponent, a critical part of the Vidoop team, and a devout bacon—and bacn—geek, Scott Kveton has also served as the chair of the OpenID Foundation.
Today, the Foundation announced its new officers. And while Kveton has moved into the role of vice-chair, I’m happy to report that Brian Kissell of Portland-based JanRain has been elected chair of the organization.
It’s great to see Portland—the de facto hub of OpenID development—continuing to have a noted presence in the Foundation and its efforts.
In other news, a little company called PayPal—which is owned by another little company called eBay—became a sustaining member of the OpenID Foundation. But neither of them are from the Silicon Forest, so that’s secondary news.
Portland-based Vidoop—the OpenID provider that allows users to login more securely without using a password—has just announced that their authentication will be used by Microsoft HealthVault, the online health information storage and Personal Health Record product from our neighbors to the north.
“Our objective is to give our customers choice and make their Web experience easier, while helping them safeguard their privacy,” said George Scriban, senior product manager, Health Solutions Group, Microsoft. “We’re happy to be working with Vidoop to give HealthVault users the option of using their log-in and authentication solutions with their HealthVault account.”
Not only is this good news for Vidoop, it’s good news for OpenID. What’s more (and near and dear to our hearts), it’s good for Portland, as Vidoop joins Portland’s other OpenID juggernaut, JanRain, as an option for HealthVault logins.
Microsoft HealthVault allows individuals to store health information from many sources in one location, so that it’s always organized and available. HealthVault is working with doctors, hospitals, employers, pharmacies, insurance providers and manufacturers of health devices—blood pressure monitors, heart rate monitors and more—to make it easy for consumers to add information electronically to HealthVault records.
Vidoop’s ImageShield—which allows users to login based on information contained in a series of images—will ensure that individuals have secure access to these records without the issues generally associated with password-based security.
“The weakest point in Internet security is the front line – where users log-in – but with strong authentication the front line can become the strongest point,” said Scott Kveton, Vidoop’s vice president of Engineering.
But just how much Portland-associated influence will there be on the show? Well, we’re lucky to have some of the heavy hitters from the world of OpenID—and Portland—in attendance. Brian Kissel of Portland-based JanRain, Scott Kveton of Portland-based Vidoop, Chris “@factoryjoe” Messina of Vidoop (who doesn’t live in Portland, but thankfully, travels up here on a regular basis), and David Recordon of Six Apart (who is originally from Portland). And, of course, Marshall Kirkpatrick, who heads up ReadWriteWeb content development, is a Portland resident, as well.
That’s a lot of Portland. And a lot of OpenID knowledge.
Today, the group will be discussing ideas for increasing adoption of OpenID, plans for the OpenID Foundation, and opinions on Google Friend Connect and Facebook Connect. If there’s a topic you’d like to propose, visit the RWW Live post to offer it as potential discussion point or throw it out in the chat room during the call.
Speaking of chat rooms… it would probably be wise to tell you how to participate:
The show will be broadcast LIVE at 3.30pm PST Monday (6.30pm EST). We invite you to tune in and interact with us via the chat, by clicking here. You can also use the Calliflower Facebook app to listen and participate.
Can’t make the show? No worries. RWW Live is a podcast, after all. You can always listen to the discussion by heading over to ReadWriteTalk, the archive of all ReadWriteWeb podcasts.
So whether you’re saying “Open wha…?”, a staunch OpenID proponent, or an OpenID opponent, it would be well worth your time to swing by the podcast and hear these knowledgeable folks talk about the future of managing your identity on the Web.
Cami and Dr. Normal altered the usual format giving us the opportunity to talk for a good 90 minutes—and that led to some pretty interesting discussions including the top events on 2008, Vidoop, Shizzow, Bacon Geek, Beer and Blog, KGW’s The Square with Stephanie Stricklen and Aaron Weiss, Twitter, Rael Dornfest, pdxtst, Our PDX, Neighborhood Notes, OpenID, calling Facebook Connect the Hotmail of this generation… even indulging in some conspiracy theory and what’s to be in 2009.
Here’s us chatting about the 2008 recap:
And here’s our discussion of the potential future for 2009:
Or, if you just want to listen to the whole shooting match, have at it:
Thanks, yet again, to Cami and the good Doctor for allowing me to appear on the show. I’ve said it once, and I’ll say it again: Strange Love Live is the best podcast in the Portland. And one prediction for 2009 that’s sure to come true? You ain’t seen nothing yet as far as Strange Love Live goes.
And hopefully, we’ll see the same thing for any number of people in our area. I’m really interested to see what Portland and the Silicon Forest will do in 2009.
And of course, I’m truly looking forward to watching—and covering—that of which you’re capable of in 2009.
First SplashCast announces that they’re partnering with Hulu. And now JanRain has announced that their RPX solution—a product that makes managing the ever-growing variety of distributed login credentials easier for developers and users—is going to be helping Interscope Geffen A&M, a division Universal Music Group, give fans an easier way to connect with their favorite artists.
Using the RPX interface, fans who’d like to connect with say, Lady Gaga, have the option of using their Facebook identity, Google identity, MySpace identity, or any variety of OpenID flavors, like AOL, Yahoo!, or Portland’s MyOpenID or myVidoop.
Where did all of these options come from all of the sudden? Well…
It’s been quite the month for the world of distributed social networking. Both Facebook Connect and Google Friend Connect – two services designed to help user manage a single profile across multiple sites – launched on the same day. Then, MySpace followed in close succession with their MySpaceID offering, another distributed social option built on the Open Stack. In a matter of days, the distributed social space went from nascent to completely confusing.
JanRain is hoping to make it a little less confusing, for both developers and users. And if they have to work with big-time music types—like 50 Cent, Fergie, and Guns n’ Roses—to get that done, so be it.
Portland-based Vidoop has been working on a project they’ve been calling “Identity in the Browser” (IDIB), a means of employing an intelligent browser control that recognizes OpenID enabled sites and allows users to access those sites without having to jump through the often-confusing hurdles of relying party redirects.
Relying party redirects? Who duh how du wha? If you’ve ever used OpenID, you know that there’s a little dance that takes place: you provide your OpenID, the site then redirects you to your OpenID provider to confirm that you are you, you confirm—maybe view some images along the way, and are transported back to the original site to do whatever it is you came to do.
Vidoop (and a number of others) thought it would be easier to skip all of that and let your browser handle some of the heavy lifting.
The concept was solid. And a prototype Firefox extension had been created. But what Vidoop really needed was one of the popular browsers to step up and promote OpenID to its users.
It’s big news for OpenID and for Vidoop. And a number of people are taking notice:
- ReadWriteWeb: Vidoop and MySpace Bring OpenID to Flock
“While OpenID is one of the more interesting online identity concepts, usability issues have clearly hampered its mainstream adoption. Flock, MySpace, and OpenID provider Vidoop have now come together to develop a browser extension for Flock that makes using OpenID a lot easier for Flock users. Besides managing your OpenID credentials, the extension also detects when a site supports OpenID and lets you sign in with the click of a button.”
- The Social: MySpace helps develop OpenID extension for Flock
“The OpenID Flock extension allows for easier credential management within the browser and makes it more apparent when a site will accept an OpenID login. A handful of OpenID extensions already exist for the open-source Flock, but this one’s got the seal of approval from some big names.”
- O’Reilly Radar: Getting OpenID Into the Browser
“Imagine if your web browser really knew who you were on the web. Just as you login to your computer, what if when you fired up your browser, it said “Hello Dave” and asked you to “unlock it” as well (Chris Messina was quite influential in my thinking about it this way). In doing so you become securely logged into your OpenID provider (or maybe more than one of them) and as you move around the web your browser takes care of automatically logging you into the sites that you want to be, asking you about others, and helping you register with new ones using your OpenID. Argue as much as you want about the details in making this happen, but I think it’s hard to disagree that making it easier for people to manage and use their identity (or identities) online is a bad thing.”
- ComputerWorld: MySpace, Flock, Vidoop unveil prototype for storing OpenID credentials
“OpenID for Flock is now available to all users of Flock 2.0 as an alpha extension to the browser. The tool automatically notifies users when they surf to a Web site that supports the OpenID framework. The framework, supported by Microsoft Corp. and Yahoo Inc., allows people to use a single username and password to enter sites that support it.”
- CenterNetworks: Flock Partners With MySpace and Vidoop on OpenID Browser
“Just a month after the public launch of the Flock 2.0 browser, Flock has announced the addition of OpenID to the Flock 2.0 browser today. I’ve been saying for a long time that if OpenID wants to succeed, they have to get it into the browser so when you hit a site that offers OpenID login, it could be as close to seamless as possible.”
- Mashable: OpenID Management Comes to Flock
“MySpace, Flock and Vidoop have developed OpenID for Flock. I’ll skip the talk about standards which you don’t care about, cut to the chase and tell you what it does.”
- Download Squad: MySpace, Flock and Vidoop release OpenID for Flock plugin
“OpenID is a really great concept. The ability to use a single digital identity across the web and avoid having to sign up for yet another user account is a real productivity boon. More and more high profile sites and services are adopting OpenID, but the project still hasn’t gained the traction that many of us think it deserves. This is partially because it still isn’t easy to use OpenID — or even find out if a site supports OpenID — on all services. MySpace, Flock and Vidoop think they’ve come across a solution: let the browser handle it.”
- Social Times: MySpace Teams with Flock, Vidoop to Push OpenID
“MySpace announced its support of OpenID earlier this year, with certain hopes for its potential alongside its own Data Availability initiative. Such an integration makes sense, especially in light of Facebook’s ongoing efforts to become the central platform for online social interaction. So how can MySpace hope to stay ahead? Deeper OpenID integration.”
- Ars Technica: Flock OpenID support a small step for slow-moving standard
“The potential of a ubiquitous online login is slowly being realized with emerging identity systems like OpenID. With one username to rule them all and broad industry support from companies like Yahoo, Microsoft, Google, and VeriSign, users may finally be able to simplify their online presence and save a few post-it notes—if OpenID can be made simple and easy to manage for the general consumer. Amid a confusing array of options for creating and using OpenIDs, MySpace and Vidoop have partnered with Flock, the social web browser, to create an open source implementation of OpenID in a browser.”
For more on the the browser extension, see the post on the Flock blog.