Wow and Flutter

Day three of the Internet Identity Workshop didn't disappoint. Again I attended all OpenID-related sessions, two of the three related to user experience issues. We came to some good consensus around what the issues are, along with some recommendations. We also agreed that there should be a document listing UI guidelines for sites that support OpenID Authentication, but that the guidelines should not specify things down to the level of positioning, layout, typography, etc.

The final session of the day for me was a great one with Joseph Smarr of Plaxo and Weston Triemstra of Sxip, where we discussed some of the finer points of integrating OpenID support into a site that already has a user database. This included both simple UI issues like "what does an OpenID-enabled login screen look like", as well as more complicated issues like "how do my existing users attach their OpenID identifier(s) to their existing user account". Joseph and Weston are two very smart guys and hopefully they will stay engaged in the OpenID community to help produce the guidelines I mentioned above.

Overall, I really enjoyed IIW2006b- I've (hopefully) injected myself into the OpenID process a bit (at least, the user experience part of it), and I hope to make Lingr one of the early case studies for adding OpenID support to an existing site.

Stay tuned…

I had a great time today at Day Two of the Internet Identity Workshop. I attended most of the OpenID-related sessions, covering OpenID Authentication 2.0, OpenID Attribute Exchange, and OpenID Assertion Quality Extension.

Apart from listening to the really smart and personable people presenting, what I really enjoyed most was the Unconference structure. This is my first Unconference and I am really loving the amount of interactivity and idea exchange that comes along with it.

What I took away from today's sessions, at a very high level, was an increased conviction that OpenID really has it right. While extensions like Attribute Exchange and Assertion Quality are important and will make OpenID even more attractive to end-users, OpenID is first and foremost about authentication. And the great news is, OpenID authentication works today- this isn't a spec with a real-soon-now implementation- the implementations are out there now.

I've explained the user benefits of OpenID authentication to several of my non-technical friends and they all got it immediately. That's a great sign that, given a critical mass of sites that can use OpenID for authentication, the end users are ready and willing to move to these new user-centric digital identities.

I had a great discussion with Scott Kveton of JanRain today, talking about how sites with existing user databases can adopt OpenID and allow federation between existing accounts and OpenID identifiers. Based on that discussion, I hope to add OpenID support to Lingr very soon.

Tomorrow, I'm looking forward to Dick Hardt's talk on OpenID roadmap, as well as a talk by Joseph Smarr on integration of OpenID into sites with existing user databases.

Protocol Battle Royale (hold the cheese)

Today I attended Day One of the Internet Identity Workshop, 2006b. Today's half-day agenda consisted of introductory presentations by some of the key players in the space- Microsoft, Eclipse Foundation, Sun/Liberty Alliance, OpenID, etc.

Before I give my opinionated review, let's be clear as to the perspective I'm coming from- I'm a website operator who would like to support open identity standards, so that my users have to trust me less (that lowers their barrier to using the site), and so that I have to code less (that lowers my barrier to providing the site).

I couldn't care less about the technical details of the protocol. In the past, I would have cared a lot about the technical details, but that was before I quaffed the getting real juice. Now, I just want what's easiest for me, and what's most attractive to my users. I have adopted laziness as a key working strategy, and it's working out splendidly so far :-)

So here I am, the skeptical pragmatist, listening to presentations, trying to distill it all into a practical approach to what seem like, at points, competing solutions. On one side I see the SAML/Liberty Alliance gang with their proposals, and on the other side there is the OpenID/Sxip gang with theirs.

And then it really struck me- something looks awfully familiar here. Substitute J2EE for SAML, and Rails for OpenID, and the comparison looks pretty much the same. Whereas Liberty and SAML seem to be trying for a comprehensive approach which can serve almost any situation, OpenID and Sxip are instead opting for the simplest solution that does what users and developers actually want now. And you needn't look too closely to see where my sympathies lie in that type of battle.

OpenID has some outstanding issues, for sure, but things seem like they are really moving forward. For example, from what little I heard about it today, the new Assertion Quality Extension seems like a big step in the right direction.

The momentum seems to be clearly with OpenID now- I'm eager to learn more over the next two days!