This year marks the Foundation's second election; last year, Snorri Giorgetti, Nat Sakimura, Chris Messina, David Recordon, Eric Sachs, Scott Kveton and Brian Kissel were elected. Of the current community board members, Messina and Sakimura were elected to two-year terms. Kveton has indicated he will not serve another term.

In a blog post today, executive director Don Thibeau wrote that he envisions changes for how the board and the Foundation will operate in the coming year.

"Organizations that have transitioned from specification development to market adoption (the space we entered this year) have evolved their governance and membership programs to meet operational and financial objectives. In order to improve the core technology product, drive RP adoption, and increase member services, we need to find ways to offer more membership value and create diversified sources of income.

"2010's board members will consider how best to balance competing priorities with still unfolding value in the trust framework and certification work to do with the U.S. government and others. We've been told by experts that demand for certification is a leading indicator of the growth and maturity of a technology standard. How we do certification will, in part, shape our future."

As distributed social networking continues to grow and shape the Web we use, issues such as creating secure, portable digital identities become more and more intrinsic to making the Internet work for users, sites and content creators. Thibeau concluded, "For myself, I believe an open, reliable, trusted identity standard can be the next key operational piece of Internet infrastructure. It can be to the identity layer what DNS is to the Web layer and IP is to the packet layer."

Indeed, the past year has brought lots of publicity and material advances to the Foundation's cause. At the beginning of 2009, we reported that Google and Plaxo had created a simplified workflow for OpenID logins that added OAuth and the Google Contacts API. During the OpenID UX Summit in February, we wrote that one Comcast property reported a 92% success rate with OpenID logins. Perhaps most exciting of all was this May's news that Facebook would be allowing users to log in using OpenID. But no nod of approval carried more weight than the recent decision of the US government to allow members of the public to use OpenID to log in to certain government websites.

We look forward to reporting more good things - including nomination and election results - from the Foundation in the months to come.

That's right - someday soon you'll be able to log in to the websites of the Department of Health and Human Services, the National Insititute of Health and other government agencies with your accounts from Google, Yahoo and similar services. Below we discuss the privacy protection steps being taken, the usability issues and the ultimate significance of this announcement.

Participating companies include Yahoo!, PayPal, Google, Equifax, AOL, VeriSign, Acxiom, Citi, Privo and Wave Systems. On the government side is the Center for Information Technology (CIT), National Institutes of Health (NIH), U.S. Department of Health and Human Services (HHS), and "related agencies."

Conversation about whether and how best to implement a system of Federated Identity across government websites has been underway for at least the last 6 months. We wrote about the first public rumblings this summer. Kaliya Hamlin explains the state of the conversation in detail on her blog.

The two biggest questions will be protection of privacy and user experience.

Privacy Protections

OpenID board member and Facebook employee David Recordon explained to us tonight that participating government sites are not allowed to pass personal information about users from one site to another, even though we'll be logging in with the same accounts. Instead, when we authenticate ourselves with Google, Yahoo, Verisign or whoever our Identity Provider of choice is, that website will pass a different, unique URL to the government site we're logging in to.

The identity providers will keep track of all the unique URLs used to identify us to different government sites and we'll just need to remember one log-in. That means you'll need to trust your identity provider to keep your private information separated between agencies - it won't be up to the government sites themselves to do so.

User Experience

User experience has been one of the biggest issues around systems of federated identity since they began to proliferate. No decisions have been made yet about exactly how users will log in to these government sites, but we will be given a limited number of choices between providers that have been government approved. (If you own a domain that's an OpenID provider, you won't be able to use that.)

Most likely users will be presented with an array of logos to click on, launching a new window to communicate just with the identity provider. Once a user proves who they are to the identity provider, that company will then vouch for the user to the government site.

Why Is This Important?

This is a significant move for three reasons. First, it could make securely accessing government websites much easier for users. That would increase use of government services online and could kick off a virtuous circle of increased web-savvy service in response to increased citizen interest.

Second, federated identity provides not just easy "single sign-on" but also offers the opportunity for users to carry personal information with them from one website to another. This "payload" of information can help new websites we use quickly personalize our experience and deliver more intelligent service. That's likely to be complicated when it comes to privacy-centric areas like health, but there's a lot of potential there. If Google knows you've made plans to travel to another country soon, and if you're willing to expose that information to a government website, then the site could offer health-specific information about the country you plan on visiting for example. That's a long ways off, but it's part of the big vision of data portability.

Finally, when any large institution puts its weight behind an open standard then that creates more incentive for other institutions to get on board with the standard as well. Federated Identity systems like OpenID and Info Cards have seen growing amounts of support from different companies, but as that support grows then the information available to innovate on top of grows, the number of opportunities for users to access innovative services built on top of standards grows and the incentive for still more companies to get on board with open data, innovative technology and data portability grows as well.

To draw the standard railroad analogy, if one large railroad network adopts the new standard of rail sizes then trains that run on standard rails can travel further, the passengers can go new places and other networks have more interest in adopting the standard as well. On the information super-highway, the network of government websites are a very big railroad (if you will).

The pilot program will remain a discussion for some time. The OpenID and Information Card Foundations are good places to visit if you'd like to participate in the conversations that will inform later implementation.

He confirmed to us that he'll be starting on Monday with the title Senior Open Programs Manager. The move was first reported by Spencer E. Ante this afternoon in BusinessWeek.

David Recordon traveled all over the world advocating open standards apparently in the belief that an open web would ultimately benefit SixApart. By the same logic that more web use and thus more search is good for Google, so too is more blogging and more online activity good for an activity stream-savvy SixApart. But the company's activity stream products don't appear to have flowered as much as its blogging software, and Recordon's international advocacy must have been expensive.

Facebook, on the other hand, may have a clearer interest in fostering increased activity and syndication of that activity data. While some critics, including this site, have noted Facebook's tendency to both horde user data and push definitions of privacy in directions most users are unlikely to approve of, the company has also been an active participant in standards discussions concerning both data syndication and privacy. (We worry that users are being pushed to open up data that developers will only be able to access in aggregate for a high price.)

Recordon has been a key leader in the movement to advance standards-based technology concerning identity and activity. We hope that he will help usher in future developments at Facebook that will both make user data available to as many developers as possible to build on and help users stay in control of their privacy in ways they are comfortable with. That's not going to be an easy job.

Just like when open source advocates take jobs at Microsoft, it's hard to know to what degree they are changing the nature of the company and to what degree they are being co-opted.

Meanwhile back at SixApart, long-time team member Anil Dash has greatly increased his public profile in recent weeks with big posts about what he calls the Push-button Web.

Key questions then seem to be these: can Dash and others at SixApart keep pushing the Open Web agenda by bringing new technologies to market effectively? Can Recordon help the part of Facebook that favors open innovation and not just put a happy face on what departed Forrester marketing analyst Jeremiah Owyang recently predicted would be a future of big social networks "colonizing the rest of the web."

Facebook recently announced that it will be expanding its staff by as much as 50% this year, and blogger Robert Scoble notes that he was told by Google employees today while visiting that they are being recruited hard by Facebook as well.

Photo by Joi Ito.

The Open Government Identity Management Solutions Privacy Workshop is being held in Washington DC to draft a process for certifying existing identity providers for low-security government authentication transactions (so-called NIST level 1). If the plans move forward, we may someday be able to log in to government sites using our favorite OpenID-supporting website credentials. Google, AOL, Yahoo or other commercial accounts could become new keys to a consistent experience around the .gov web.

That draft includes requirements that OpenID or related Info Card identities not be used to authenticate people who are physically present (it's just for remote online access), that they not be used to transmit activity data or anything else beyond what is specifically requested by a government agency and that there be measures taken to continue protecting personal information if the identity provider goes out of business.

Identity providers will be evaluated on factors like an organization's technical implementation of authentication, its reputation and its business stability.

Providers who meet the requirements of the Trust Framework may be chosen to provide low-security authentication for users of government websites.

O'Reilly's Andy Oram posted an in-depth look at some of the issues raised by government support for OpenID last week.

"In considering government adoption," OpenID Foundation board member Chris Messina said of the Framework, "primary among our priorities is the protection of individual privacy while also considering ease of use and convenience. These factors cut to the core of the purpose of Trust Framework and feedback, therefore, is strongly encouraged on the document we've produced so far."

Keep your eyes peeled for an opportunity to comment publicly.

Government validation of federated identity could be a major boost for the ecosystem of the open, distributed web, and thus for innovation online. We hope the people making these plans can get it right and that the relevant government agencies can garner sufficient public support.

OpenID is a decentralized digital identity that allows for easy access to a number of networks. Members benefit from one singular identity and networks benefit from a lowered barrier to membership. In this way, more information is shared across a variety os social landscapes and therefore, as with Creative Commons, there are more opportunities for engagement and education.

Says open source advocate Chris Messina in a recent blog post on CC OpenID:

"Creative Commons is redistributing the brand equity and social capital their members have accrued over the last several years by letting people show and verify their affiliation to the organization.

With this simple example, we can start to see the symbiosis of making an intentional choice about identity: Creative Commons finds a new revenue opportunity and members of the community have a way to express their affiliation and promote the brand."

"For these organizations," Google Security Product Manager, Eric Sachs, wrote on the public OpenID Board mailing list this morning, "Google Apps can now become an identity and data hub for multiple SaaS providers." Sachs appeared to believe his email was not being posted to a public board; he asked that it not be circulated so that some unusual technical work could be completed and political support shored up in the face of likely community and press cynicism. There's good reason for that - it may not be the good news it seems to be.

OpenID is important not just because it makes logging in to sites around the web easy, with one username and a secure password, but because it's a way for people or organizations to maintain control over their own identities and data. There are no policy changes you don't approve of when you're in control.

Google's Sachs explained in his email that in order to pull this all off, OpenID relying parties will need to be redirected from the domain provided at user login over to Google's OpenID service. In order for this redirect to happen, all relying parties will need to start looking for a new OpenID extension that Google has developed and implemented in conjunction with one relying party technology, JanRain's RPX.

"There is the potential for some community members (or press) to assume (or at least imply in articles) some evil intent by Google to co-opt OpenID with these extensions," Sachs wrote today. "It would be nice to have a blog post on the formal OpenID blog that was supportive of our approach, so I wanted to see if the board members are comfortable with that."

Watching to see if the nonprofit OpenID Foundation will speak out in support of Google's forcing the rest of the industry's hand with new code extensions that are required to recognize the users of one million Google Apps customer accounts will now be a spectator sport.

Getting the Job Done

On the other hand, if one were to put a group of well-intentioned people in a room and ask them to solve the sticky problem of asking millions of organizations to adopt OpenID provider infrastructure - that might not ever happen. Enter Google's largess and the "proposal" that federated identity for all these companies and schools can be outsourced to a centralized player, Google, and OpenID might get a big boost in adoption. Companies and schools using Google Apps will now only need to flip a switch in their Google Apps admin controls to turn on OpenID support, and Google will do all the heavy lifting.

Caveat Emptor

Presuming that all the sites that let you log in with OpenID decide to play nice and look for Google's redirect (to Google) then the idea of logging in to sites around the web with your favorite, secure account credentials (My Job, Powered By Google) could become far more common.

It might defeat the purpose of putting people in control over their own identities through distributed identity providers, because so many "OpenID" users would be coming back to Google, but the OpenID brand would no doubt benefit in the short term at least. And Google can do no evil, right?

In other words, this move by Google could kill the spirit of OpenID by drowning the letter of OpenID with support. We think we're logging in to websites with our work or school ID, and OpenID lovers think we're logging in with OpenID, but we're actually logging in with a Google-controlled ID. All the heavy lifting would be done, Google would take care of the data storage and probably offer some neat value-added features. All the companies involved would have to do is hand online identity provisioning over to the company that they have already purchased email, calendaring and document sharing from. ("They who can give up essential liberty to obtain a little temporary safety," Ben Franklin once wrote, "deserve neither liberty nor safety.")

At least it's not Facebook!

So goes the wrestling of titans, on the very playing field created by champions of the free and independent little guy.

At least for the MyKmart site, though, we can also see why the company would want to make the sign-up process easy. In the last hour, only one review was posted on MyKmart and just about a dozen people signed up for access to the site. In contrast, MySears seems to attract more users and the site already has a far more active user community than MyKmart.

Good UI

Overall, we really like Sears' implementation of this technology. While OpenID faced some serious usability issues in its early days, Sears and its technology partners have made the process extremely easy and straightforward.

We are glad to see that a large mainstream company like Sears is putting its weight behind OpenID and we hope that more companies will follow suit in the near future. After all, this only makes things easier for both the company and its users, and as users get more familiar with this idea, they will probably begin to resist signing up for sites that don't let them use their already established credentials to sign in to a new service.

It's ironic that it's Facebook that did it. Facebook is probably the most closed of all the major social networks (other than LinkedIn) and is so far ahead of everyone else in market share that traditional logic would argue that they have no interest in this kind of interoperability. This is the kind of step that was expected from networks more open and, frankly, far behind Facebook. Nevertheless, it has happened and it's big news.

That means fewer passwords to remember. Just log in with your favorite OpenID supporting account and don't worry about one just for Facebook. Single sign on is just the simplest benefit though.

Presumably, the friends you bring with you in your OpenID account will be searched for automatically on Facebook. "In tests we've run," the company said today, "we've noticed that first-time users who register on the site with OpenID are more likely to become active Facebook users. They get up and running after registering even faster than before, find their friends easily, and quickly engage on the site."

Contact lists are the second simplest benefit of this kind of data portability, but other payloads are possible and that's when it gets even more exciting. We'll see what Facebook does to move the ball even further up the court.

Nothing is live yet and we haven't been able to test out usability (we just got a press release about the forthcoming announcement at 1:30 PM PST, which is latehere.), but Facebook is very good about things like that and has been working with the OpenID community on usability (its biggest challenge) for months.

Expect MySpace, Digg, Twitter and maybe some Yahoo sites to start accepting OpenID from other companies by the end of this summer at the latest. It's only a matter of time now that Facebook has.

Note: Jason Kincaid at TechCrunch argues otherwise:

"Facebook has really been a relying party since its inception - there's never been a "Facebook ID" because you've always used your university Email (or more recently, your personal Email) to log in. So the site isn't really sacrificing anything by enabling OpenID support. The likes of Google and Microsoft have built many services tied to their own proprietary accounts, and they're going to be far more hesitant to give those up."

We can see some strong logic here, but we also suspect there will be additional factors that emerge, like an increasing number of websites deciding to become OpenID providers so their user data can be used in Facebook, that will keep the current flowing in this direction.

The new login method lets users log in to an OpenID supporting site or a traditional username/password site with one or zero clicks. It's a password manager, essentially, but it looks like an especially smooth one from one of the most trusted vendors online. And it syncs with the cloud so you could log in to your browser and then your favorite sites from any computer. It looks real nice.

This is just one more chapter in a much larger story - but look how easy this makes OpenID to use! If you're a user of password management software, we'd love to hear how this interface appears compared to your existing tools. I use Sxipper, which does a good job of managing multiple accounts and will fill out whole forms but has an interface that can be pretty obnoxious sometimes. I would miss the form-filler, though, if I left it for this new Weave functionality.

User credentials are just one little form of data that Weave could help us carry from site to site to site. The browser as an instrument of data portability? Bring it on!

Dan Mills, from Mozilla, offers in depth discussion about the approach in his official blog post and the comments there are good. The answer to the big question - "when can I get this?" Soon, Mills says.

Twitter released an important new feature to selected developers yesterday that could make it a compelling alternative to the fast growing Facebook Connect system for logging into sites around the web.

Facebook Connect is being adopted rapidly by sites all over the web seeking to let people sign in with a verified identity, some social data and access to publish activity back onto the Facebook Newsfeed. Now Twitter looks to be offering a similar feature and it could be a better implementation of the same idea.

Yahoo's Eran Hammer-Lahav wrote an in depth article about the new "Sign in With Twitter" functionality yesterday. He celebrates the move as particularly adherent to agreed upon standards - no proprietary "special sauce" clouds interoperability as happens with Facebook Connect. He also draws a distinction between Facebook's offering a social layer to websites vs. Twitter's new feature and its work with 3rd party sites and services that are already tightly integrated with Twitter. We're not so sure that second distinction is so important, though. We can imagine this new Twitter feature being implemented far and wide.

The idea is that sites using the new Sign in With Twitter tool will go through a relatively simple process to gain permission to access your data from Twitter. They will see if your browser is already logged in to Twitter, then they will either give you a pop-up window to log in there or they will skip directly to asking Twitter to ask you if you'd like to give access to this new site. You never have to give the new site your Twitter password, but you can give it permission to access private data like Direct Messages and the ability to post in your name.

It seems quite similar to Facebook Connect and Google Friend Connect in a number of ways. It may be more exciting though, because Twitter is a fundamentally different beast.

All social networking services these days want to be "a platform" - but it's really true for Twitter. From desktop apps to social connection analysis programs to services that will Twitter through your account when a baby monitoring garment feels a kick in utero - there's countless technologies being built on top of Twitter.

It's always been that way, Twitter's API is open at its core. Twitter would be nowhere near where it is today without its developer community.

Facebook, on the other hand, not only uses a non-interoperable system of authentication in Facebook Connect - it's also not based fundamentally on openness. It's based on giving access to your information to a limited set of the people you know. No one can see your profile at all without your explicit permission. The company has long held that protecting users' privacy is of the utmost importance. Of course Facebook is still about sharing, it's not completely closed, and it could be toying with and changing our understanding of privacy more than we know.

Is this just an accident? Hammer-Lahav doesn't think so and put it quite well on the OpenID mailing list last fall. "They never made the effort to truly engage the community and understand either specifications [OpenID/OAuth]," he wrote. "Second, for the most part, they reused existing Facebook pieces to create Facebook Connect. Those pieces could have been converted or added support for OpenID and OAuth a long time ago. And third, this is exactly what they wanted to do - these are some of the brightest minds in the industry and they know what they are doing."

The point is, though, that when I give you my Facebook "calling card" using Facebook Connect, that system has a long list of do's and don'ts for what developers can do with the data. It's letting sites borrow the data - not setting data free.

Twitter's version of the calling card should be more developer friendly and it's already more standards adherent, which is another way to say developer friendly. Prove you are who you say you are to Twitter and it will give sites you approve a big open field of your data to work with. In other words, web developers should be able to do a whole lot more for me when I give them my Twitter calling card than if I give them one from Facebook.

At least that's the way I suspect it will unfold in the near term. This battle is far, far from over though and it's an important one to the future of the connected web.

Gartner's survey of 4000 U.S. adults in September 2008, once again demonstrated people's tendencies to opt for convenience over security. It's a trend that has stayed fairly consistent over the years despite the fact that an increasing amount of activity occurs online these days thanks to the growth of cloud computing.

According to Gregg Kreizman, research director at Gartner, "most consumers want to continue managing their passwords the way they do now." But the way they do now is nothing to brag about. It generally consists of one or two passwords which the consumer uses on every website they encounter.

What should be done about this? According to Kreizman, online product and service vendors should redouble their marketing efforts to illustrate the advantages and practicality of routine and stronger authentication for consumers. Another analyst, Avivah Litan, also notes that "enterprises with consumer-facing websites that require stronger controls than weak password authentication alone should continue to augment passwords with complementary mechanisms, such as device identification, geolocation and transaction verification."

Elephant in the Room: Facebook Connect

While these findings are relatively unsurprising, the study highlights one of the top issues when it comes to security: the human factor. For most people, convenience is key, even if it means putting their security at risk. Consumers would rather rely on service providers to protect their safety than change their own age-old habits.

Yet the one thing the study didn't address is what impact Facebook Connect will have on the user authentication ecosystem. Unlike OpenID (new sign-in boxes notwithstanding), Facebook Connect makes sense to the user. People immediately understand what it means to sign in using their Facebook account. What's more, the process is easier and faster than creating a new username/password combination for the website in question. That should prove well for its adoption and acceptance among consumers.

In addition, Facebook Connect solves problems that go beyond the security issue alone. Sites implementing the technology can gain access to your friend lists, too - a boon for social networking-type sites and those wishing to become more social. There's also the great, untapped potential of how Facebook Connect could make the Internet a kinder, more transparent place. When people have to be identified - and are not anonymous - the chance they'll engage in "troll-like" behavior (leaving rude, disruptive comments) is reduced. It could also impact sites that rely heavily on user reviews. No longer could marketers, business owners, and content producers game the system by leaving glowing - yet fake - reviews which are then hoisted upon unsuspecting visitors.

For those reasons and more, Facebook Connect could very well become the next big authentication methodology on the web. Personal opinion aside, it's hard to ignore the potential of this social networking giant.

But while Facebook Connect may eventually solve the security issue of a commonly used username and password among consumers, it's important to realize that it will introduce security concerns of its own. If this technology becomes ubiquitous, we'll have to face the consequences of putting all the power of authentication into the hands of one private company, which many fear do not have our best interests at heart - especially when it comes to privacy.

And that makes us think that perhaps a common, often-repeated password may not be such a bad thing after all. 

"My short-term priorities are to build a foundation for growth. It's not sexy but 'plumbing' is important. So my immediate focus will be on making sure the Foundations' finances and governance issues are solid. The third priority is to begin planning for a major OIDF event later in the year."

Thibeau comes to the Foundation most recently as an independent consultant. He has a history of executive roles at companies like QSent (which was acquired by TransUnion in 2006) and LexisNexis. In the early '80s, Thibeau was a Presidential appointee to the US Department of Labor and served as White House liaison for the US Synthetic Fuels Corporation.

Thibeau succeeds Bill Washburn, the inaugural executive director for the organization.

You can subscribe to the Weekly Wrapup by RSS or by email (form below, for those of you reading this via our website).

RWW Weekly Wrap-up Email Subscription form:

Web Trends

MySpace's Former Owner: Facebook Will Win - for Now

Brett Brewer, who co-founded InterMix Media - the company that developed MySpace - and turned a tidy profit when that company and MySpace were sold to NewsCorp for $580 million, says MySpace's ongoing battle for social network supremacy with Facebook won't last much longer. In his opinion, Facebook has already won - but it won't remain a winner for long.

See also: MySpace: User Engagement Up, Unique Users Flat

25 Random Things Meme Is a Boon for Facebook

According to the latest data from Compete, the '25 Random Things About Me' meme has not only given us access to a plethora of random facts about people we barely know, but this digital fad has also been good for Facebook. According to the latest data from Compete, four times more people than usual visited the 'Notes' section on Facebook in January. Compete estimates that close to 20 million users used 'Notes' in January, while only about 4 million used it in October 2008.

Comcast Property Sees 92% Success Rate With New OpenID Method

The most-watched geek event of the week may have been the OpenID UX (User Experience) Summit, hosted at the Facebook headquaters. The most discussed moment of the day will surely be the presentation by Comcast's Plaxo team.

Plaxo and Google have collaborated on an OpenID method that may represent the solution to OpenID's biggest problems: it's too unknown, it's too complicated and it's too arduous. Today at the User Experience Summit, Plaxo announced that early tests of its new OpenID login system had a 92% success rate - unheard of in the industry. OpenID's usability problems appear closer than ever to being solved for good.

A-Team Update: Series A Funding Growth Is Strong

We first reported on VC Series A deals in the web-tech sector in October 2008, following the financial meltdown, and we updated our coverage in November, reporting some improvement. Now it is time for the good news from December and January. The amount invested by VCs in Series A deals for web-tech ventures went up from $19.1 million in November to $28.8 million in December, and up another notch to $30.3 million in January. Looking very good.

Craig Newmark's Keynote Unlocks the Secrets to Building a Community

In an era where user generated content is changing our entire culture, rare is the company that can successfully harness the collective creativeness of its community, cultivate loyalty, make money consistently, and continue to flourish. Enter Craigslist. Listed as the tenth top site in America on Alexa and with close to 50 million unique visitors a month according to Compete, Craigslist is one of the few companies that appears to have worked it out. This week at the User Generated Conference in San Jose, CA, founder Craig Newmark gave us an insight into what has and what hasn't worked for the privately held company.

SEE MORE WEB TRENDS COVERAGE IN OUR TRENDS CATEGORY

A Word from Our Sponsors

We'd like to thank ReadWriteWeb's sponsors, without whom we couldn't bring you all these stories every week!

• Mashery is the leading provider of API management services.
• Socialtext brings you 5 Best Practices for Enterprise Collaboration Success
• Crowd Science gives you detailed visitor demographics.
• Discover the Semantic Web, at a Dow Jones Webinar.
• Rackspace provides dedicated server hosting.
• TaxACT lets you file your taxes online.
• Adobe Flash Media Interactive Server 3.5 allows you to create interactive social media experiences.
• WildApricot is Membership Management Software.
• DEMO09 is the launchpad for emerging technology.
• MediaTemple provides hosting for RWW.
• VisualCV lets you stand out from the crowd when job-hunting.
• Eurekster is a custom social search portal.
• SixApart provides our publishing software MT4.

Jobwire

Obama Names Former Bush Aide to Review US Cybersecurity Efforts

Former Bush administration official Melissa Hathaway has been named by President Obama to lead a 60-day review of the government's cybersecurity efforts. Hathaway was named acting Senior Director for Cyberspace for the National Security Council as well as the Homeland Security Council. While with the Bush administration she was "credited with helping to develop a multibillion-dollar classified initiative aimed at better securing federal systems and critical-infrastructure networks against online threats".

SUBSCRIBE TO READWRITEWEB'S JOBWIRE FOR THE LATEST NEWS ON JOB HIRES IN TECH

Web Products

richrelevance: Is its Adaptive Recommender System the Next Generation?

Last week we looked at Baynote, a recommendations company that focuses on real-time community behavior instead of personalization. This week we looked at a company that takes a broader approach: richrelevance uses personalization extensively, plus the wisdom of the crowds when relevant. richrelevance claims that its approach is "adaptive AI" and that customers such as Sears and KMart are using its technology. We spoke to richrelevance founder and CEO David Selinger (ex-Amazon), to find out more about the product and what makes it different to Baynote and others.

See other posts in ReadWriteWeb's special series on Recommendation Engines

Amazon's Kindle Gets an Update, But Doesn't Wow

This week Amazon announced a new version of its highly successful Kindle eBook reader. The new Kindle now features 2GB of memory, and a new 5-way controller for easier navigation. Amazon has also upgraded the screen, which can now show sixteen shades of gray instead of just four, and the battery, which now lasts about 25% longer. The old retro look of the Kindle 1 has given away to a far sleeker, more high-tech looking device, but nothing about the new Kindle is really more than an minor evolutionary step forward. Even the price ($359) has stayed the same.

Beyond Latitude: 4 Innovative Location-Based Apps

Google's new geo-aware mobile application Latitude which lets you share your location with friends may have received all the hype, but that doesn't necessarily mean it's the best or the most innovative app out there. We've recently come across some smaller, lesser-known services that could give Google a run for their money - that is, if anyone knew they existed.

New Tweetdeck Out, Here's What It Includes

Popular Twitter desktop app Tweetdeck released a new version this week and we're pretty excited about what's been added. If you've never used Tweetdeck, it's the most powerful application available for sending and receiving Twitter messages. In the new version there is language translation, StockTwits integration, forwarding by email, switching to one column view and extensive support for conversation topics by hashtag. It's quite an impressive upgrade for an already very feature-rich application.

The iPhone Becomes a Web Server

When those Apple advertisements tout "there's an app for just about anything," they aren't kidding. The latest example? A new iPhone application which just debuted in Japan's App Store transforms the handheld into a full-blown web server. Called "ServersMan@iPhone", the application allows your iPhone to appear just like any other web server on the internet.

SEE MORE WEB PRODUCTS COVERAGE IN OUR PRODUCTS CATEGORY

Enterprise

Kashflow vs Sage: SaaS Battles in the Tornado

If you sell SaaS, security is the big concern you have to deal with. Get past that one and you'll draw serious attention from potential customers. Stumble on the issue and you're in deep doo-doo. That is ever truer when money is involved. Who wants a leak in their accounting data? When a big vendor slips up with security, David is given a clear shot at Goliath. And when a market is in the "tornado" growth phase, vendors do what it takes to highlight their competitors' weaknesses. This is the story behind the emerging battle between two UK accounting vendors, Kashflow and Sage.

Email us if you're interested in writing for ReadWriteWeb's Enterprise Channel.

SEE MORE ENTERPRISE COVERAGE IN OUR ENTERPRISE CHANNEL

That's a wrap for another week! Enjoy your weekend everyone.

Much like last month's summit on Activity Stream standards, we believe that yesterday's meeting was of historic proportion.

A big thanks to Plaxo's John McCrea for taking the photos below, giving them with a permissive Creative Commons license and for live blogging the meeting so extensively. All the photos below are his, with the exception of the photo of McCrea himself, which was taken by Will Norris. McCrea has covered the meeting in far more detail than we have - we just thought the event was striking enough that we wanted to post some pictures and make brief introductions to a handful of the players present. These are some of the folks most instrumental in building the web of the future, right now.

Brian Ellin, of JanRain, went through the history of OpenID user interfaces. He shared some of the things people currently type into the OpenID field of existing interfaces, like "elderly," "I HATE YOU LADY GAGA," "Hotmail," and their email addresses.

Vidoop's Chris Messina discussed the differences between identification, as in for blog comments, and authentication, as a method of gaining verified access to user data. That's something that people are increasingly looking to OAuth to accomplish, or an OAuth/OpenID hybrid.

Google's Breno de Medeiros said there needs to be a neutral 3rd party method of figuring out who users' identity providers are without asking them explicitly, something like how the DNS system works.

MySpace's Max Engel, the 8bitkid, says that MySpace users were generally comfortable with sharing data between AOL and MySpace but showed some confusion about which direction the data was flowing. He also said that "OAuth is the condom of the Open Web," and noted that "Facebook has free beef jerky!"

Facebook front end designer Julie Zhuo said she believes that 3rd party authentication implementations should keep the first screen really simple and delay things like extended permissions to later flows, in context.

Plaxo's John McCrea spells out what it's all about - free love between social networks. HeHis co-worker Joseph Smarr also presented the most impressive data of the day, a 92% success rate in user completion of Plaxo's new OpenID login process. That process packed more into a short space than Zhuo seemed to argue was ideal, but in this case it worked. Does Plaxo's new solution put too much emphasis on established big players like Google? It might, but it might very well be able to use some kind of neutral 3rd party cookie sniffing method like the Google team brought up yesterday to solve that problem.

There are lots of questions unanswered but things are progressing quickly. We expect the web to be a very different, and hopefully more exciting, place in the next few years. The people above are some of those we'll have to thank if these dreams for the future come true.

One of the central features of Chi.mp is that it lets you to assume different personas (public, work, friends). With the current update, Chi.mp, for example, gives you the option publish new blog posts and albums that are either public, or only visible to your work contacts or friends. The new blog editor is basic, but it does the trick. Chi.mp, however, can't yet replace other minimalist blogging services like Tumblr or Posterous.

You can now also set a different theme for each of your personas. Chi.mp gives you 15 default themes and you can also upload your own backgrounds to the service.

The new photo album feature is a bit of a disappointment, however, as it can only handle relatively small images. We couldn't find any exact information about the limits that Chi.mp is enforcing here, but we weren't able to upload any images bigger than two megabytes.

Send Updates to Twitter and Facebook

Maybe the most important update is that Chi.mp can now push status updates to Twitter and Facebook. We assume Chi.mp is using Facebook's new API for publishing these updates.

It's Getting There

With these updates, Chi.mp is inching closer to fulfilling its promise of delivering a centralized hub for your online personas and life-stream.

Until now, we mostly used Chi.mp as an OpenID provider, but thanks to these updates, we will probably start to use it for the rest of its functions as well.

Sadly, Chi.mp is is still invite-only and we haven't heard anything about when it will come out of beta. We have had a grand total of three invites left at this point. Just send an email to chimp AT frederic.otherinbox.com if you want one.