Web 2.0 Conference: OpenID helps users beat account management hassles

Developers at the Web 2.0 conference are offering web users an escape from the hassle of remembering usernames and passwords across multiple web sites. The fast, lightweight OpenID standard is easy for sites to implement, thanks to open source libraries and modules.

Outside on Election Day in San Francisco, there are campaign signs and small, last-minute rallies on street corners. But inside the rococo Palace Hotel at the just-renamed Web 2.0 Summit a slate of candidates are fighting the alternative contest for the hearts and minds of Internet users over the next few years.

The venue is almost embarassingly elegant: gilt-lined mouldings, ceiling-high mirrors, and crystal chandeliers above marble columns and floors. O'Reilly and Associates and CMP Interactive, who organized the event, turned away almost 5,000 applicants. Those who made the cut are mostly business leaders and those who love them.

Some of the Web 2.0 digerati slipped through – community marketing power couple Tara Hunt and Chris Messina are walking the halls. Social software evangelist Marc Canter held loud court in various corners, and Joi Ito in a Firefox T-shirt smiled his way through the crowd. But the event is geared to large companies making large announcements under the banner of Web 2.0. There were some gems to be found, though.

Login services

Good Web 2.0 sites follow the Unix design model: do one thing well, and play well with others. A good example was Marc Canter's morning workshop on “The New Internet Infrastructure,” which despite the lofty name, quickly converged onto a discussion of online identity and OpenID.

Identity here means nothing more or less than having a single user account for more than one Web site. It helps people know who you are in different contexts. There are many standards that have been proposed for identity, but many of them are complicated, require custom communications protocols, or are centralized into one big database. The one that's gaining serious momentum is OpenID, originally proposed by LiveJournal but now supported by sites such as TypePad, Technorati, and Zoomr, with Wikipedia coming online soon.

In the OpenID world, each user is identified by a single URL – like a blog URL, or user profile on some “home” service. The protocol works through browser redirects – if a user tries to log into one Web site, the "consumer", with an account from another – the "identity provider," the browser is redirected to the identity provider. That server checks the credentials and redirects back with an encrypted response. Using redirects lets the protocol depend on browser state, such as cookies, SSL certificates or HTTP authentication, without worrying about passing around passwords or tokens.

The best part of OpenID is that it's dead simple. I've implemented OpenID for my own Web site, the user-created travel guide Wikitravel. It took a short time, especially because I used the great OpenIDEnabled libraries from JanRain. They're open source in Python, Perl, Ruby, PHP, and .Net, and they're pretty easy to integrate; they also have plugins for a few open source application such as Plone and Drupal.

Media services

Another interesting development was the announcement by CTO Ben Trott of blog provider SixApart of its new aggregating blog service, Vox. Vox fits right into the Web 2.0 technical framework – it depends on services provided by other sites such as Flickr and YouTube, to integrate rich media that you've found elsewhere into a blog post on Vox. More interesting was the company's announcement of the new Open Media Profile, a smarter way to copy data from site to site.

A number of media distribution standards from different vendors have come out recently, like Yahoo!'s Media RSS for data feeds, and Gdata, Google's two-way data exchange system based on Atom. The interesting thing about Open Media Profile is that it's based not on a passive data feed format but a search result format.

Open Media Profile extends the (also very cool) OpenSearch protocol. OpenSearch was created in 2005 by Amazon's A9.com, and it was widely implemented by several Web sites (I've got an implementation on Wikitravel) and built into the new Firefox 2.0. SixApart's new profile extends OpenSearch to give more specific information for data elements such as text, images, sound and video on a site.

If Open Media Profile catches on, I think there are some very interesting applications that can happen with it. A Web-based data exchange mechanism that can copy and paste data objects between different services could be extremely valuable for all kinds of Web development. However, the success of the protocol depends on its adoption, and being brand new, it may be worthwhile to wait and see.

Hardware services

In the afternoon, a workshop on Amazon Web services was standing-room-only. Amazon.com – yes, the bookstore – has branched out to provide Web services. And what a service: they're making Web-based storage and processing power, controlled through a Web API, available to the public for hourly rental.

They've been providing a pay-as-you-go Web disk called S3, the Simple Storage Service, since March. With S3, you pay to store files on Web servers in Amazon's data center. The files can be served to the general Internet, and there's a simple Web API for adding and deleting files as well as setting access control. You pay by the month to store the data, as well as by the byte served through their network.

More recently announced is the Elastic Computer Cloud (EC2), a flexible computing-power service that can also be controlled with a Web API. EC2 provisions within minutes Xen virtual servers, with a static IP address, running Fedora Core 4, and customers pay $0.20/hour for the servers as long as they're needed. You get root on the server and free use of whatever software you want. The servers can be started or stopped in minutes, and you don't pay for the server if it's not in use.

Storage and computing power that can be provisioned and released on-demand are hugely valuable for small- to midsize Web sites. Dealing with surges in use – like a Digg.com or Slashdot mention – can be a real headache, and handling it well can make the difference between success and obscurity. Being able to buy file download bandwidth, or dynamic computing power, on a short-term basis can keep you from having to buy or lease servers you don't need later on.

Other uses? A dynamic software test environment. A short-term rendering farm. An inexpensive extensible disk. There's going to be a real cool future in this kind of quick no-hassle hardware provisioning, and the next time I need a quick Web server, I'm going to try out these servers.

The buzz in the crowd

The big news on the first day was the announcement of Intel and SpikeSource's SuiteTwo, an enterprise Web 2.0 system. A collection of collaboration tools – SocialText's wiki, SixApart's blogging server, NewGator and SimpleFeed for RSS syndication and monitoring – assembled by SpikeSource into fairly well-integrated suite with shared user database, skins, tags and search. The suite is aimed at enterprise customers who want the functionality and interoperability without building their own glue.

Each product also provides a developer API, although there's not an API for the unified interface yet. SocialText CEO Ross Mayfield said, “Our feelings about open source are well known, and we think that SpikeSource's involvement means that this suite will evolve to be even more friendly for open source shops.”

Also on the radar was AOL's continuing makeover, trumpeted most loudly by AOL itself in a sponsored session called “AOL is Open”. Although the company is making strides by providing access to third parties for APIs in, for example, AIM, and launching its AOL Developer Network, it's not clear if the company that jettisoned Mozilla really has the maneuverability to turn itself around.

There was more heat than light around a rumored announcement of Adobe's plan to donate parts of their Flash engine to the Mozilla project. Although an Open Source Flash is something that free software advocates have been waiting a while for, the project is most definitely not to release that jewel codebase. Instead, it's just the interpreter for Flash's JavaScript derivative scripting language, ActionScript.

The crowd was clearly most interested in the CEO keynote addresses at the end of the day. Some of the speakers embraced the new wave of Web sites, such as Eric Schmidt of Google, who thinks that “Video has become a basic data type on the Internet.”

But others were remarkably curmudgeonly; Barry Diller of IAC pooh-poohed the idea of user-generated content, a pillar of Web 2.0 thought: “The talent pool is too small.”

Maybe Jack Ma, CEO of Ali Baba and Yahoo China, captured the sentiment best when he said, “I didn't understand what Web 2.0 was at the beginning of the year. I still don't.”

Learn more about this topic

 

Tara Hunt

Chris Messina

Marc Canter

Joi Ito

Yahoo Developer Network

OpenID

Free Software libraries for OpenID

Amazon EC2

Amazon S3

Open Media Profile

Media RSS

GData

OpenSearch

SuiteTwo

SocialText

AOL Developer Network

Wikitravel - Web site implementing OpenID and OpenSearch

This story, "Web 2.0 Conference: OpenID helps users beat account management hassles" was originally published by LinuxWorld-(US).

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2006 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)