OpenIDSix cool things you can build with OpenID
I’ve posted the slides from my Future of Web Apps talk on OpenID, minus the demo videos. I’m planning to put together a video that combines the slides, demos and audio once the official podcasts have been published.
Apart from explaining what OpenID is and how it works, the key point I was trying to get across in the talk was that OpenID is a simple piece of infrastructure on which smart applications can be built—applications that may not have been possible prior to the adoption of OpenID. This is due to two important characteristics of OpenID. The first is that OpenID significantly lowers the effort needed in creating an account, to the point that people might sign up for accounts with services that they otherwise would not have used. The second is that OpenID provides a globally unique identifier that can be used to correlate information across multiple services.
Light-weight accounts
Vanilla OpenID gives almost no useful information about a user and provides no defence against spammers; for many applications it makes sense to couple OpenID logins to a one-time account creation process, requesting additional details and using e-mail verification and CAPTCHAs to deter automated scripts.
There are plenty of services for which this is not an issue. One neat use-case for OpenID is as a simple tool for extending the lifetime of session cookies, or sharing those sessions between different machines. If your site offers simple customisation features that are only of interest to the user (and hence have no value to spammers) you can use OpenID to persist their preferences. All you need is a way for a user to prove that they’re still the same person they were yesterday.
Pre-approved accounts
OpenID lets you create accounts for people without e-mailing them a password, or even talking to them before you sign them up. There are lots of useful things you can do with this ability:
- Let your trusted friends delete spam comments from your blog, or fix your typos.
- Invite a selected group of people to contribute to your new collaborative weblog, without having to create new accounts for it or deal with yet another password.
- Invite friends to view a private document or photo gallery, pre-approving their public OpenIDs as able to authenticate with your site.
Restricted SSO
Once more of the popular open-source applications start supporting OpenID, I can see it really taking off as a simple SSO standard behind the corporate firewall. Create an OpenID for everyone in your organisation of the form username.internal.example.org, then configure your internal applications (MediaWiki, phpBB, WordPress etc) to only accept OpenIDs that match that format.
Site-specific hacks
Lots of sites are setting themselves up as OpenID providers, leading to many users having multiple OpenIDs; I have OpenIDs from Vox, LiveJournal and AOL, all of which were created as a side-effect of me using those services.
I don’t see this as being a problem. As a user, I can pick which is my “primary” OpenID (and use delegation so I can switch providers if I change my mind). Those other OpenIDs can still be useful though, because they let us build functionality that takes the providing site in to account. Here are a few examples:
- “Log in with your LiveJournal OpenID and we’ll import your LJ contacts using your FOAF file” (doxory.com does something along these lines).
- “Log in with your AOL OpenID and we’ll send you status updates over AIM.”
- “Log in with your Last.fm OpenID and we’ll add events from bands you like to your calendar.”
Sites that offer APIs should start thinking about how they can use OpenID as a simple vector for pushing data out to third party applications.
Social whitelists
I’ve talked about these previously; Tom Coates has further thoughts. By sharing whitelists we can use OpenID to build a simple trust network.
A similar concept is that of publishing groups. Jyte offers a simple API to export the members of a Jyte group. Not only does this make groups portable to other services, it also lets you build an authentication mechanism for a site that only allows members of a specific published group to log in to a service.
Decentralised social networks
The problem with social networks is that you end up with profiles scattered across multiple different sites, and friend relationships that are duplicated in multiple places. The globally unique identifier offered by OpenID offers the basis for a decentralised social network, with profiles tied together across multiple sites and relationships easily portable between services.
Hopefully the above ideas explain why I am personally excited about OpenID, and why I’m dedicating so much time to encouraging its adoption. The more people there are that understand and use OpenID, the more interesting applications we can build with it.
Decentralised social networks...similar to sliced bread?
one of those things, once we get it, we wont know how we coped without it!
nogg3r5 - 25th February 2007 17:13 - #
had to look up SSO... Single sign-on?
I had an idea a few days back about "SSO". OpenID Web applications could accept only a certain domain, in order to affirm payment.
For example the openid server could broker payments/accounts for a site. If the user is all paid up, they can access the restricted "premium" site.
I hope that made sense.
Explode is a new decentralized social network system for connecting people across networks and between blogs:
http://explode.elgg.org/
... and its going to be using OpenID soon - probably next week.
Well, your slides finally convinced me to work out what OpenID is all about and get one. Then I discovered that AOL (which I had only ever used because I had friends on AIM) had already set one up. Two lines of HTML later, and I was set up. Still waiting for the thing that makes it can't-live-without though.
Nice pitch. The FreeYourID.com thing is almost right. Does anyone offer the domain-aliased version where I can set a CNAME for scott[dot]rafer[dot]net (I own rafer[dot]net) that points at an OpenID server that has my name but I don't have to do anything about?
Scott Rafer - 26th February 2007 00:40 - #
http://jyte.com Jyte is more than that! the agree/disagree voting on claims keeps me busy (distracted from work) all day long!
Decentralized social network is interesting. I have been trying to combine both OpenId and XFN.
Make your 'about' or 'profile page on your blog' as your open id. So that people will come to know who are you. From the same page have XFN links to your friends profile pages.
This can be done using the delegation http://www.techmag.biz/uses_openid_delegation
In my case my OpenId URL is my profile
Thejesh GN - 26th February 2007 05:09 - #
I really like your idea about using an AOL OpenID to send status updates. Wonder how long it'll take before someone builds that as a WordPress plugin...
Joel Pan - 26th February 2007 05:24 - #
While OpenID is exciting from a "white list" point of view ... this is a double edge sword. Two comments, "White Lists" can just as easy become "Black Lists" and an OpenID can become an international SSN. The net-net is a loss of privacy and the potential for further intrusion by government agency's (i.e., The Patriot Act) or corporations or unscrupulous individuals.
Mark - 26th February 2007 07:37 - #
Good talk! I couldn't really hear the audio on that video, but I tried to guess what you were saying based on the slides.
I don't like the sound of your "Site-specific Hacks", though. Your first example with LiveJournal would be better implemented as "Log in with an OpenID that has FOAF auto-discovery in it and we'll import all your contacts".
The solutions to the other two aren't quite as obvious since I'm not sure how to generalize "sending updates over AIM" (but ideally it'd involve Jabber support, whatever it is!), but this sort of thing should always be as generalised as possible in my opinion; I don't like the idea of having to use a particular OP just because they are popular enough to have site-specific hacks, as that acts as a barrier to entry for new OPs and people running their own personal OP.
I agree with Martin, why should I need an LJ login to be able to transfer FOAF.
The OpenID Attribute Exchange spec is designed to create a general solution for exchanging information like this. AIM name would just be one of those attributes. It's a bit fresh at the moment.
Re whitelist/blacklist: blacklists will not be very effective because anyone can create as many OpenIDs as they like.
The examples I gave might not be that convincing, but I actually think that site-specific hacks is the most interesting idea out of all of them. What I was really trying to get at with it is that OpenID lets you "project" your identity from one site on to another, and thus lets the two sites co-operate with each other in interesting ways.
I agree that on first glance it seems to go against the spirit of OpenID, but my favourite thing about OpenID is that it deliberately avoids telling you what you can do with it. OpenID can do SSO, but if you start thinking about its relationship to individual sites it can do a whole lot more on top of that.
The Last.fm example is a much better example of the kind of things I have in mind.
The Last.fm example is very compelling but I might want my music attention data to come from mystrands for example. I guess I just feel that the extra steps required for open, general solutions are not large. Then we can all play!
I can't help trying to find a generic approach to any "site-specific hack" someone suggests. In the Last.fm case, a generic approach could be to export a list of "stuff I like"; in Last.fm's case, that would be bands.
I'm not sure how you'd represent a list of "stuff I like". An RDFite would probably suggest using URIs, but I'm not sure what URIs you'd use for bands. Using their own websites/myspace accounts seems a bit too volatile for my liking, plus sites like Last.fm might not have that sort of data on file. Musicbrainz attaches a UUID to each band, but that's not very user-friendly.
I think the possibilities of OpenID are really only just emerging in their most obvious and rudimentary state — I'm sure we'll see even far more interesting uses over the next year.
This comment was brought to you via an OpenID login. ;-)
Hooray, I'm signed into your site! Signed into your site -- with OpenID!
Yeah, this is a contentless comment. No, I'm sure it won't be the last one you receive.
Finally somebody who mentioned the decentralised social network! That was the first thing that got me interested in OpenID in the first place: your OpenID can be the center of your digital existence. It already knows where you've been and who you are, so why not share this in some ways? I hope providers like myopenid.net will alter itself in such a form after the protocol gets more coverage.
Great post!
Robert - 27th February 2007 21:33 - #
I just started learning about and implimenting OpenID in my own site and the examples listed here really will change the way we log in to the web. I'm actually going to make a point to tell people that instead of creating a new account on the site I'm working on, they can easily create a free OpenID or use one that they probably don't even realize they already have. Good article.
I've been keeping an eye on an open source distributed social networking project called "Appleseed" that might match some of your expectations.
They are planning to implement OpenID in the near future too: http://appleseed.sourceforge.net/
I've been keeping an eye on an open source distributed social networking project called "Appleseed" that might match some of your expectations.
They are planning to implement OpenID in the near future too: http://appleseed.sourceforge.net/
OpenID just rocks. I finally registered with MyOpenID and I'm very happy to see this technology spreading.
Thank you Simon for the info.
Hey Simon,
Just got my openID from freeyourid.com.
Loving it!
- Ryan
test
OpenID is the future!
Wow, slick indeed. I looked at OpenID at its first inception and didn't think it would work. Documentation was terrible, there was no "easy sign up" at providers, etc. I think this can easily catch on now, and it's nice to be able to control everything from one place. Certainly beats Microsoft's CardSpace!
Actually, Microsoft is lending it's anti-phishing technology to and helping with the integration of Cardspace into OpenId with JanRain and other OpenId evangelists. OpenId doesn't "beat" Cardspace, it works well with it. OpenId and Cardspace are two different but complementary idioms.
Peter Bromberg - 13th March 2007 01:16 - #
After your OpenID session at BarCamp, I finally got around to doing some further investigations and signing up for an OpenID!
I'll be looking out for sites which let me log in with it now.
really like your idea about using an AOL OpenID to send status updates. Wonder how long it'll take before someone builds that as a WordPress plugin...
torrent - 22nd March 2007 17:34 - #
I gotta try this out
Jyte's now one of my favorites.
OpenIDSpace anyone ? sounds interesting
Marcel - 13th April 2007 17:31 - #
Timo Svenson
Timo Svenson - 2nd June 2007 23:27 - #
Sounds really interesting
Adam - 7th June 2007 22:15 - #
Inspired by your talk at Google, I have started a blog at http://blog.theopennetwork.org/ where I will be documenting my (and hopefully, over time, other peoples) views and ideas on setting up an 'open social network'
Mat Scales - 20th July 2007 02:10 - #
It would have looked more like I meant it if I had successfully logged in with my OpenID!
I think the possibilities of OpenID are really only just emerging in their most obvious and rudimentary state — I'm sure we'll see even far more interesting uses over the next year.
derko - 1st September 2007 15:07 - #
I really like your idea about using an AOL OpenID to send status updates. Wonder how long it'll take before someone builds that as a WordPress plugin...
fifa - 3rd September 2007 23:34 - #
I'm not sure how you'd represent a list of "stuff I like". An RDFite would probably suggest using URIs, but I'm not sure what URIs you'd use for bands. Using their own websites/myspace accounts seems a bit too volatile for my liking, plus sites like Last.fm might not have that sort of data on file. Musicbrainz attaches a UUID to each band, but that's not very user-friendly.
wuef - 3rd September 2007 23:35 - #
I have not used openID until now but after this article I will give it a try :-)
John Passivhaus - 15th September 2007 20:29 - #
hi Wow, slick indeed. I looked at OpenID at its first inception and didn't think it would work. Documentation was terrible, there was no "easy sign up" at providers, etc. I think this can easily catch on now, and it's nice to be able to control everything from one place. Certainly beats Microsoft's CardSpace
es - 25th September 2007 22:35 - #