Outside on Election Day in San Francisco, there are campaign signs and small, last-minute rallies on street corners. But inside the rococo Palace Hotel at the just-renamed Web 2.0 Summit a slate of candidates are fighting the alternative contest for the hearts and minds of Internet users over the next few years.

The venue is almost embarassingly elegant: gilt-lined mouldings, ceiling-high mirrors, and crystal chandeliers above marble columns and floors. O'Reilly and Associates and CMP Interactive, who organized the event, turned away almost 5,000 applicants. Those who made the cut are mostly business leaders and those who love them.

Some of the Web 2.0 digerati slipped through – community marketing power couple Tara Hunt and Chris Messina are walking the halls. Social software evangelist Marc Canter held loud court in various corners, and Joi Ito in a Firefox T-shirt smiled his way through the crowd. But the event is geared to large companies making large announcements under the banner of Web 2.0. There were some gems to be found, though.

Login services

Good Web 2.0 sites follow the Unix design model: do one thing well, and play well with others. A good example was Marc Canter's morning workshop on “The New Internet Infrastructure,” which despite the lofty name, quickly converged onto a discussion of online identity and OpenID.

Identity here means nothing more or less than having a single user account for more than one Web site. It helps people know who you are in different contexts. There are many standards that have been proposed for identity, but many of them are complicated, require custom communications protocols, or are centralized into one big database. The one that's gaining serious momentum is OpenID, originally proposed by LiveJournal but now supported by sites such as TypePad, Technorati, and Zoomr, with Wikipedia coming online soon.

In the OpenID world, each user is identified by a single URL – like a blog URL, or user profile on some “home” service. The protocol works through browser redirects – if a user tries to log into one Web site, the "consumer", with an account from another – the "identity provider," the browser is redirected to the identity provider. That server checks the credentials and redirects back with an encrypted response. Using redirects lets the protocol depend on browser state, such as cookies, SSL certificates or HTTP authentication, without worrying about passing around passwords or tokens.

Whitepapers

• Selecting Effective Virtual Directories
• A Modern Approach to On-Demand Email and Data Security
• Best Practices for HP Servers and HP Enterprise Virtual Array in a Microsoft Exchange
• Compliance, Protection, Recovery: A Layered Approach to Laptop Security
• Endpoint Security: Data Protection for IT, Freedom for Laptop Users
• IT Departments on Data Security: A Research Concepts Survey

View more SECURITY whitepapers

Webcasts

• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies
• Technical Overview of Exchange Server 2007 with HP Servers and Storage
• Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management On-Demand

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• Learn how to Keep your Mobile Workforce Connected
• The self-managed network

View more SECURITY special reports