Abstractioneer

This is an EX-blog!

Sat, 19 Jan 2008 00:32:45 GMT

If you want to read further, you might want to check out http://abstractioneer.org which is a good bit and has OpenID in it.

Tags: openid, abstractioneer.org

Moving on to abstractioneer.org

Sat, 12 Jan 2008 01:51:38 GMT

I've decided to take the plunge and move on to publishing at http://abstractioneer.org, powered by Blogger. Since I'm the tech manager for Blogger it seems only fitting, and we've recently been adding a whole host of cool features that make it more and more attractive (OpenID commenting being just the latest).

I also have a semi-new Feedburner blog feed; some people were already subscribed through this feed, so you may notice no disruption in service as I re-point it at abstractioneer.org... just a moment... there! (http://feeds.feedburner.com/aol/SzHO). Feel free to re-subscribe there, if you are in the mood.

Tags: moving on, new blog, abstractioneer

[Abstractioneer] Warumungu Norms, Privacy, Facebook, and Useful Friction

Sat, 12 Jan 2008 01:41:40 GMT

We could learn something from the Warumungu. Wendy Seltzer's Mukurtu Digital Archiving: digital "restrictions" done right is about DRM, freedom, and controls; I think it's also about privacy. What's private, and what's public, and what's semi-private are culturally determined no less than the Warumungu rules around who is allowed to see what artifacts:

...the Warumungu have a set of protocols around objects and representations of people that restrict access to physical objects and photographs. Only elders may see or authorize viewing of sacred objects; other objects may be restricted by family or gender. Images of the deceased shouldnât be viewed, and photographs are often physically effaced. When the Warumungu archive objects or images, they want to implement the same sort of restrictions.

With an interesting twist:

People can also print images or burn CDs and thus allow the images to circulate more widely to others who live on outstations or in other areas. In fact, one of the top priorities in Mukurtuâs development was that it needed to allow people to take things with them, printing and burning were necessary to ensure circulation of the materials.

What, then, prevents people from violating these norms?

Because the Murkurtu protocol-restrictions support community norms, rather than oppose them, the system can trust its users to take objects with them. If a member of the community chooses to show a picture to someone the machine would not have, his or her interpretation prevails â the machine doesnât presume to capture or trump the nuance of the social protocol.

People, relationships, and norms are fuzzy and messy, so maybe it's reasonable that a system to deal with them is fuzzy and messy too. What Murkurtu does is put enough useful friction in the way of disclosure to give community norms a chance to operate. You can't email an image out to a mailing list, but you can print it and show it to a reasonably small number of people at a time. The point is not to control distribution perfectly, but to give human-scale trust mechanisms a chance to operate correctly.

Who owns the data?

L'Affaire Scoble raised the question, who owns relationship data? Dare Obasanjo argues that his contact data is his, not Robert's. And he wants Facebook to enforce this.

I'd argue that we should un-ask the ownership question. As long as we're talking about ownership, we're heading down the road towards DRM that has worked out so well for the music business. I'd like to talk about community norms, and what kind of useful friction we should be thinking about in the pure digital realm to give community norms a chance to operate. Reputation and portable identity is part of this, as are things like limited access (E.g., OAuth), rate limits, soft constraints, and user centric norm enforcement. (What would happen if the people on Robert's friends list were simply informed, in real time, that he was copying their data for an unknown purpose?)

(Nick Carr has a great post on this subject as well.)

--
Posted By John Panzer to Abstractioneer at 1/11/2008 02:23:00 PM

Shindig!

Wed, 12 Dec 2007 16:40:47 GMT

We've just made our first commit to the Apache Shindig project! This first version provides the basic substrate for running gadgets, which is useful by itself and is a prerequisite for running OpenSocial gadgets.

Tags: shindig, opensocial, apache

Singularity to Launch from Adult Chat Room

Sun, 09 Dec 2007 22:12:40 GMT

You heard it here first. Based on this story about a chatbot passing the Turing Test, clearly the Vingean Singularity is just around the corner. CyberLover will acquire self-awareness soon after the Russian identity thieves deploy it on existing Russian botnets. Transcendence, and a technological singularity, is just a short hop and a jump from that point. Have fun chatting!

Tags: singularity, chatbot, social engineering, vinge

OpenID 2.0 Released!

Thu, 06 Dec 2007 06:57:03 GMT

Announced at IIW2007b today (and blog post by David Recordon). Congratulations to all! It's actually two specifications, OpenID Authentication 2.0 and OpenID Attribute Exchange 1.0. Attribute exchange in particular allows for some very interesting integration possibilities.

Tags: openid, iiw2007b, attribute exchange, openid20

IIW2007b Updates

Tue, 04 Dec 2007 19:11:55 GMT

First session set up by Terrell of ClaimID: Open Life Bits, some interesting discussion about how to control one's one data and deal with data about one's self. The distinction is interesting and useful; every transaction that involves a second party potentially generates data about you controlled by that party, but you do want to be able to deal with that data, correct inaccuracies, etc. Notes here.

Next session, Joseph Smarr of Plaxo, OpenID user experience. Good walkthrough of UI issues. Note that with directed identity in OpenID 2.0, can simply ask to log in a user given their service. Notes here. Using an email address is a possibility as well; clicking on a recognizable icon (AIM) to kick of an authentication process is probably the most usable path right now.

Session: OAuth Extensions; notes here.

Session: OAuth + OpenID. Use case: I have an AOL OpenID. I go to Plaxo and am offered to (1) create an account using my AOL OpenID and (2) pull in my AOL addressbook, all in one step.

Proposal: I log in via OpenID and pass in an attribute request asking for an OAuth token giving appropriate access, which lets AOL optimize the permissions page (to one page, or organize all data together). Then get token, and use token to retrieve data.

Tags: iiw2007b, openid, authorization, openlifebits, oauth

OAuth 1.0 Core Released!

Tue, 04 Dec 2007 23:39:19 GMT

December 4, 2007 – The OAuth Working Group is pleased to announce publication of the OAuth Core 1.0 Specification. OAuth (pronounced "Oh-Auth"), summarized as "your valet key for the web," enables developers of web-enabled software to integrate with web services on behalf of a user without requiring the user to share private credentials, such as passwords, between sites. The specification can be found at http://oauth.net/core/1.0 and supporting resources can be found at http://oauth.net.

Tags: iiw2007b, oauth

Internet Identity Workshop 2007b

Sat, 01 Dec 2007 01:17:00 GMT

I'll be at IIW next week, talking about Blogger, OpenID, OAuth, OpenSocial, and anything else that seems interesting. I'm anticipating a great event.

Tags: openid, blogger, oauth, opensocial, iiw, iiw2007b

OpenID Commenting for Blogger!

Fri, 30 Nov 2007 19:03:25 GMT

We've just enabled OpenID signed comments for Blogger in Draft. There are a few rough edges still (which is why you have to enable it for your blog by going to draft.blogger.com), so we're looking for feedback. We're also working on enabling Blogger as an OpenID Provider, meaning that you can use your blog URL to identify yourself on other services.

What's particularly fun about this is that it's been a very collaborative project, bringing together Blogger engineers, 20% time from a couple of non-Blogger engineers, and last but not least some of the fine open source libraries provided by the OpenID community. Thanks all!

Tags: openid