Web 2.0 Conference: OpenID helps users beat account management hassles

Outside on Election Day in San Francisco, there are campaign signs and small, last-minute rallies on street corners. But inside the rococo Palace Hotel at the just-renamed Web 2.0 Summit a slate of candidates are fighting the alternative contest for the hearts and minds of Internet users over the next few years.

The venue is almost embarassingly elegant: gilt-lined mouldings, ceiling-high mirrors, and crystal chandeliers above marble columns and floors. O'Reilly and Associates and CMP Interactive, who organized the event, turned away almost 5,000 applicants. Those who made the cut are mostly business leaders and those who love them.

Some of the Web 2.0 digerati slipped through – community marketing power couple Tara Hunt and Chris Messina are walking the halls. Social software evangelist Marc Canter held loud court in various corners, and Joi Ito in a Firefox T-shirt smiled his way through the crowd. But the event is geared to large companies making large announcements under the banner of Web 2.0. There were some gems to be found, though.

Login services

Good Web 2.0 sites follow the Unix design model: do one thing well, and play well with others. A good example was Marc Canter's morning workshop on “The New Internet Infrastructure,” which despite the lofty name, quickly converged onto a discussion of online identity and OpenID.

Identity here means nothing more or less than having a single user account for more than one Web site. It helps people know who you are in different contexts. There are many standards that have been proposed for identity, but many of them are complicated, require custom communications protocols, or are centralized into one big database. The one that's gaining serious momentum is OpenID, originally proposed by LiveJournal but now supported by sites such as TypePad, Technorati, and Zoomr, with Wikipedia coming online soon.

In the OpenID world, each user is identified by a single URL – like a blog URL, or user profile on some “home” service. The protocol works through browser redirects – if a user tries to log into one Web site, the "consumer", with an account from another – the "identity provider," the browser is redirected to the identity provider. That server checks the credentials and redirects back with an encrypted response. Using redirects lets the protocol depend on browser state, such as cookies, SSL certificates or HTTP authentication, without worrying about passing around passwords or tokens.

The best part of OpenID is that it's dead simple. I've implemented OpenID for my own Web site, the user-created travel guide Wikitravel. It took a short time, especially because I used the great OpenIDEnabled libraries from JanRain. They're open source in Python, Perl, Ruby, PHP, and .Net, and they're pretty easy to integrate; they also have plugins for a few open source application such as Plone and Drupal.

Media services

Another interesting development was the announcement by CTO Ben Trott of blog provider SixApart of its new aggregating blog service, Vox. Vox fits right into the Web 2.0 technical framework – it depends on services provided by other sites such as Flickr and YouTube, to integrate rich media that you've found elsewhere into a blog post on Vox. More interesting was the company's announcement of the new Open Media Profile, a smarter way to copy data from site to site.