open ID - ReadWriteWeb

The Web of Identities: Making Machine-Accessible People Data

Alexander Korth — Sat, 11 Jul 2009 14:04:57 -0800

In a previous article, we discussed the Web of data, which is about inter-linking open data sets and, thus, turning them into machine-accessible structured data. In this post, we'll draw a picture of how the emerging social Web could serve as a Web of identities, which is essentially a people-data version of the Web of data.

]]>Sponsor

]]> W3C's Linking Open Data (LOD) project has gotten quite a bit of attention for the good job it does with the Web of data. Currently, all participating data sets are accessible free of charge and can be used without constraints. The project focuses on growth for now. In an email, Chris Bizer hinted that a payment model to charge for particular content may come in future.

The LOD approach is very good for static and encyclopedic knowledge, but what about accessing our personal data? Technically, modeling our identity, profile data, social graph, groups, activity stream, assets, and other kinds of personal data is straightforward. But empowering machines to access this data could present challenges to the LOD approach, because it comes with all sorts of constraints and peculiarities, such as privacy and data volatility. People want control over who has access to their data or parts of their data and want to be able to block access for any reason. And issues such as rapidly changing and outdated data remain unaddressed.

This is where the social Web can help.

The Emerging Social Web

There was a time when we had to create a new digital identity for each social application we wanted to use. A social application provides features based on social attributes. Every application provider implemented its own proprietary ID management to authorize users to log on and implemented its own proprietary user profile system to manage information about its users. Application providers were judged by the size of their user and content base and so erected endless walled gardens to protect their properties.

The most significant issues people had were:

Low conversion rate for user registration,
Users had to register for many accounts,
Users had to re-enter and synchronize profile data,
Privacy, data ownership, and inability to export.

Not much has changed, unfortunately. Most remarkable, perhaps, is the growing number of single sign-on (SSO) solutions that address the first issue for application providers and the second issue for users. New application providers can now outsource this functionality to a third-party SSO provider. Some of the biggest application providers became ID providers themselves to allow their users to log on to third-party applications with the same ID, and this has gained traction beyond these few providers. This has led us to an era of identity wars between the big providers.

Many ID providers, such as Google, Yahoo!, MySpace, and Facebook, have added the OpenID SSO to their own proprietary mechanisms over time. Because of the open nature of OpenID, many third-party providers have found it easy to integrate with the bigger providers, giving them more traction because users are able to access their services so easily using their OpenID credentials. Now, these ID providers can offer read-only access to fragments of profile data that users can look up or copy to third-party applications. Like SSO and OpenID, this began with proprietary solutions, but now exchange formats and protocols are emerging whose open language allows applications to easily exchange and synchronize data. These include:

API access authorization protocol OAuth,
Social graph exchange format FOAF ("friend of a friend"),
Updates exchange format activity streams,
Address book exchange format Portable Contacts.

In the future, ID providers will loosen their connection to social applications and start taking over management of users' social attributes. Users will be able to log in to applications using credentials hosted by their ID providers of choice and grant permissions to these applications to read or even sync selected fragments of their profile data. The borders of these walled gardens will thus blur, and the social Web will become more of a weave than a patchwork quilt.

The Web of Identities

The Web of data is a distributed web of interconnected sets of semantically annotated data. A connection is achieved as a result of data pointing to data contained in another set through a URI, just as websites point to each other with URIs. This way, machines can crawl the sets to read the data. ID providers will most likely refer to their users via URIs in the future as well. A social connection will consist of one user's URI pointing to another user's URI or ID provider. If permitted by users, a machine may very well accomplish its tasks by jumping through the Web of identities from user to user, the way it does through the Web of data.

Why is this needed? The Web of identities is actually a super-social graph that spans multiple ID providers. If we come across walled gardens, this infrastructure would be needed for all of the social-related search functions we perform. The following examples are thus far provided only (if at all) within individual applications:

"What is the best book read by friends in my circle?"
This query might retrieve book purchases and book-related status updates that your friends have made accessible through their privacy settings and then rank the books in a set.
"Notify me if a close friend visits Berlin."
This permanent task repeatedly looks up your friends' geo-locations. You may also have granted your close friends access to this data, too. This task could even be combined with the Web of data to look up the meaning and location of Berlin.
"Sync my address book."
This permanent task continually synchronizes my friends' addresses and numbers with my personal address book.

Now it's your turn. In what ways do you think the social Web and Web of identities are evolving?

(Diagrams by alexkorth)

]]>Discuss

Google OpenID Updates UI, Extends More Data to Relying Party Sites

Jolie O'Dell — Thu, 14 May 2009 13:10:28 -0800

This morning, Google announced two enhancements to their OpenID API. For end users, they have rolled out a popup-style interface for simpler logins with fewer redirects and less confusion. They also extended their Attribute Exchange to include more user data, such as first and last names, preferred language, country, and other, more personal information available via the Google Data API.

At the OpenID blog, David Recordon wrote this morning, "This means that Google users signing into sites... now have a much better user experience, one on par with Facebook Connect." The screenshots below show the new login in action.

]]>Sponsor

]]>

According to this morning's entry from Yariv Adan on the Google Code Blog, the new UI "is designed to streamline the federated login experience for users. Specifically, it's designed to ensure that the context of the Relying Party website is always available and visible, even in the extreme case where a confused user closes the Google approval window."

The post continues with a specific use case. OpenID products company JanRain is using the new API in their RPX offering. The first step on the login page "is identical to that of the 'full page' version, and does not require any changes in the Relying Party UI," read the blog."

In addition to signing into sites using their Google accounts, users are also sharing specific data with the Relying Party website. The data shared can range from the user's email, first and last name, preferred language, and country, to other information available through the Google Data API, including the user's Contacts List, Web Albums, or Calendar.

Adan writes, "Google strongly believes that the data our users trust us with belongs to them and should always be available for them to use. By providing users with more secure means to share their data, they can benefit from a much more streamlined, personalized and socially relevant experience when they log in to trusted websites."

The new process also allows a streamlined conversion process for Relying Party websites.

]]>Discuss

Cliqset Could Be The Web's First Read-Write Identity Provider

Marshall Kirkpatrick — Tue, 10 Mar 2009 13:23:22 -0800

You can log in to comment here on ReadWriteWeb with an OpenID, via Facebook Connect or through various other methods. Imagine if you could make "friend" connections with other commenters on our site. That relationship wouldn't be reflected back into the OpenID or Facebook account that you then take to other sites.

If it did, that could be a real game changer. We'd love to introduce our smart and sassy readers to each other here and then see them be friends on social networks, mobile sites and all around the web. Just a pipe dream? That's what a brand new identity provider called Cliqset aims to make possible. We believe it's the first identity provider of its type that allows 3rd parties to change user profile information, not just read it.

]]>Sponsor

]]> Cliqset isn't a social network that you'd go and join like you would others, it's more like the glue that ties together your identities across all supporting social networks. Unlike other similar services, though, this portable system of identity, contacts and activities works two ways. It allows your identity to be changed by what you do around the web, it doesn't just serve up a centralized identity to dependent lesser networks you log in to. This identity provider could treat supporting sites much more as equals than Facebook does, for example.

Cliqset uses the OAuth data standard to do all this, so it doesn't even have to ask for your password to the networks you want to connect.

Who's using Cliqset so far? Unfortunately, the geeks behind Cliqset don't do a very good job explaining what they do and they don't have any examples other than their own site today at launch.

That could change soon, though. The company has released a variety of code libraries for developers to drop Cliqset support into their applications. At launch there are Java, iPhone and .net for Windows Mobile libraries. A PHP library is forthcoming. All the libraries will be open sourced and posted to Google Code.

Facebook Connect lets 3rd parties publish updates to a user's activity stream, but that's about it. We asked a number of hardcore identity geeks whether they had seen anything quite like Cliqset before and no one had. There are OpenID and related specifications aiming to accomplish just this, but nothing in the wild yet, according to the OpenID Foundation and Six Apart's David Recordon.

Recordon is a little concerned about seeing another company release an API to accomplish what Cliqset aims to do. "At first glance, it seems like Cliqset is leaning in the correct direction with their support of OAuth for APIs and OpenID for sign in, but are still creating their own APIs - ala Facebook Connect - when dealing with profiles and activities," he told us. "This is both yet another validation of the work by the wider DiSo community and opportunity to finalize the Portable Contacts and Activity Streams specifications for broad adoption on the social web."

We asked Cliqset specifically about Facebook Connect, whether it wasn't in the company's interest to implement a Read/Write capability in its identity system as well. They said they believed it was but that they expected the giant social network to take much longer to implement this key feature. By offering iPhone and Windows Mobile libraries right out of the gate, we think Cliqset could move quickly in the mobile world as well.

Unfortunately, the company isn't doing a terribly good job of explaining its fundamental value proposition so far. We're not the first site to cover Cliqset today (see PC World's coverage for example) and everyone else is writing up the company as just one more cross-site identity provider. There's more than that going on here, but we'll see if this startup with what it calls "the most robust APIs you'll find anywhere" is able to make the market headway that its innovative vision seems to warrant.

]]>Discuss