OpenID at Work

ongoing · OpenID at Work:
OpenID (see my previous write-up) is a cheap-and-cheerful easy-to-implement way to bind an identity to a URI. It allows a Web site talking to a browser to look at the URI and reliably ask its server to confirm (or not) that the person behind the browser has OpenID rights to the URI. It’s simple, straightforward, and it works.

As much as I’m a fan of OpenID, I just don’t see enterprise IT adopting it. I don’t even see non-enterprise services adopting it with any degree of increasing momentum. Software developers like the idea but believe it falls far short of their requirements, so they aren’t investing much in the way of supporting it, and I don’t see Sun making a big impact.

We talked about this at the IBM mashup summit… it’s worth discussing further but it’s not going to solve the identity problem we have today.

Technorati Tags:

Pew Research Study on Technology Users

The Pew Internet & American Life Project just released the findings of a new survey of 4,001 U.S. adults that segments Americans into a range of groups based on usage of and attitudes toward the Internet and mobile phones. The report is provocative (even surprising) but long, so I’m just going to summarize it at the very highest level.

The report is here, there are 10 types of users in 3 broad class groups. I like their user classifications.

Search Engine Land also had this to say:

While one could expect the distribution of users in each segment to be different in, say, five years and maybe completely different in 10 years, this report reveals that breezy attitudes about users and their behavior should be discarded in favor of more nuanced views about an evolving and increasingly complex media marketplace.

More on this topic (What's this?)
Ivy Portfolio September Update
Ivy Portfolio August Update
CloudFlare Moves Its DDoS In With EdgeConnex
Read more on The Internet Impact, Hang Lung GRP, Hong KONG&CHINA Gas at Wikinvest

IBM Mashup Summit

IBM hosted a mashup summit in their San Francisco office today, featuring a number of companies enabling enteprise mashups or interested in expanding into that area. In attendance was:

  • Socialtext
  • Mashery
  • Coghead
  • Snaplogic
  • JackBe
  • Kapow
  • Accuweather
  • Reuters
  • StrikeIron
  • ProgrammableWeb

The goal of the day was to bring together companies and people in the mashup space and identify some areas we could work together to define and refine what could be called a mashup stack. I had to leave a little early to get to a meeting at Microsoft but from the presentations in the morning and afternoon there were two very obvious areas for collaboration.

The one topic that came up in every presentation was security, or more specifically the lack of an integrated and federated identity management, authentication, and role management service offering that mashups could take advantage of to avoid having to manage user credentials and authentication.

This is a significant area given the fact that mashups depend on being able to authenticate 2 or more service components from multiple vendors. What this means is that the mashup platform holds the responsibility and risk for maintaining the integrity of user supplied credentials, and that’s if users are comfortable giving them to you in the first place. There’s no getting around this, we as an industry need to embrace a better security model to enable reliable and secure access to web services without requiring users to store their usersnames/passwords on someone’s site in order to do it.

The other topic that was less thoroughly talked about but is very important to this whole concept is data formats. People are quick to say "well it’s XML so the schema travels with the data stream" which is all true but misses the point that it’s still denormalized and someone has to do a data tranformation in order to get it from one service to another. In a way of thinking, mashups are an evolution of ETL as much as SOA.

Current data formats are not adopted across a broad range of services so they are neither accepted nor ad hoc standards. Web service vendors are more or less left to their own devices to develop data formats and that is currently an inhibitor to delivering more complex mashups. is a place to start but ultimately it will take web service vendors actually embracing these formats and putting them to work.

Tags: , , , , , , , , , ,