B. Mann Consulting

It doesn't seem that long ago, but the first Barcamp Amsterdam was way back in October 2005, where RalphM and I first schemed about Jabber World Domination. But in reality, a lot of time has passed -- Jabber is now called XMPP, there have been many more Barcamps outside of the US (yes, Amsterdam was first! picture from Ton's Flickr pictures), and we've got a ton of interesting identity and social software standards / formats / tools to start integrating.

Ralph did a workshop on Federated Social Networks at the beginning of December, which I unfortunately wasn't able to attend on short notice. Now Ralph has set the date for a follow up event to be held along with Barcamp Amsterdam III on March 1st and 2nd.

I will, unfortunately, once again be missing the event, since Drupalcon Boston 2008 will be happening at the same time. I'm hoping that some co-conspirators on a couple of projects will be able to attend (I'm looking at you and you).

I suspect the technology stack that will be discussed includes DiSo, OpenID, OpenID Attribute Exchange, and OAuth, so anyone interested in those items and how they relate to social networks should plan to attend. Note: although I have a reputation as a handwaver supreme, this will most likely be a down and dirty technology, specs, and implementation discussion at its core, so pack your developers and throw them into the capable hands of RalphM.

Whew! What an intense couple of days. Today was my speaking day for Web Directions North. I was very pleased to be selected as a speaker by Dave Shea and the rest of the WDN08 team, and I was a bit nervous up until the last minute. At the same time, I was really glad that I had the first day to attend and absorb and talk to other participants and tailor my presentation to what I was hearing.

I originally started with a "traditional" presentation. It ended up morphing into a pseudo Dick Hardt / Lessig style, with lots of slides with just a few words on each one. It may not make much sense without the audio, but Phil Djwa and the Agentic team recorded the audio for everything, so I'm hoping to combine the two.

| View | Upload your own

I wish I had had a little more time to practice the timing a little more, and I definitely need to invest in a non line of sight presentation clicker: right when I was on a roll I would have to more carefully aim the remote control at my machine.

So, we now have Google's answer to Facebook's closed development platform: OpenSocial (link goes live Thursday).

Google has a good selection of launch partners for this -- Ning, LinkedIn (an API?! finally!), and Plaxo being the most interesting ones. RockYou and Slide are Facebook development companies that are also signed on, so we'll definitely see some launch apps, not just bare APIs.

This is, of course, very encouraging and similar to the short discussion I lead at the Facebook Developer Garage: integrate with systems other than Facebook, use open standards, and put your stuff out on the open web. Marc Canter has a gleeful post about all of this, including linking back to standards and experiments that have already been underway. Be interesting to see how OpenID Attribute Exchange, which I have long been a fan of, fits into all this.

I couldn't believe my eyes when I saw that there was already a Drupal module ready to go -- here's the project page. Except, it's just a placeholder for now :P But, nonetheless, this is an obvious set of APIs for Drupal to support and participate in this open web.

Will it work? Well, we've got a whole other set of mashups and connections to be making. This code is brand new, and developers, designers, and business owners are going to have to spend time kicking the tires and just trying stuff. Just like Facebook and the Facebook platform has been a new thing which has seen an explosion of creativity and experimentation, I expect we'll see the same thing around these open APIs. It's going to be a fun ride...

I'm helping out the local Vancouver Facebook Developer Garage event this coming Tuesday by running a "Future of Facebook" Q&A. Johnny Bufu of SXIP will be on hand to lend expertise around portable social networks, especially regarding identity, OpenID, the OpenID Attribute Exchange extension, and related tech.

The timing and title of this talk is interesting: there is an "all hands" meeting at Facebook on Tuesday, so the rep from Facebook that was supposed to attend can't make it. There is much speculation here, everything from "Microsoft will buy them" to "Facebook is worth $15 Billion". It will be fun to talk some of this through live at the event, but I'll mainly try and jockey live audience discussion, not do my own pontification.

It has been most interesting, with the "rise of Facebook", to see its vast spread into "non techies". Indeed, that's where *I've* found it to add real utility: since so many people are on there, both organizing events and seeing what people are up to "in the real world" has become much simpler, and has led to more in person meetings, for me at least. Pointing the way what a ubiquitous, interoperable identity infrastructure on the web could enable?

Some other preparatory material for such a discussion is this video of an interview of Mark Zuckerberg interviewed by John Batelle at the Web 2.0 Summit.

The event is this Tuesday at VFS starting at 5:30pm, full event details on Facebook, of course :P

Scott Kveton does a bit of a round up of what some folks are working on a technical level with portable social networking, in and around OpenID and some loose markup.

He takes what, in my opinion, is a bit of a cut against Attribute Exchange:

Also, attribute exchange doesn’t solve the portable social networking component although I imagine it could be hacked up to do so.

Sorry, Scott, when you use phrases like "hacked up", I take issue. Frankly, I would never have gotten on board with OpenID if I didn't see AX on the horizon as the logical conclusion of the SREG stop gap.

AX is an extensible system that will be able to pass many different kinds of information back and forth between systems. It has the same decoupled nature that OpenID has. Different sites can loosely couple by doing nothing more than using the same keys to define different sets of attributes. Why, exactly, would one NOT use this? In theory, one could do something as simple as host an agreed upon list of attributes -- based on FOAF, XFN, or for that matter any one of them in their own namespaces or with mapping between them.

I mean, we implemented syncing of user profiles using Drupal's simple distributed authentication + FOAF *3 years ago*. Working with SXIP in their various protocol incarnations, DIX, and finally the merging into OpenID and AX has all been part of the process of consensus around standards.

Attribute Exchange is a flexible, extensible base on which to implement many use cases around data exchange for user profiles and related information. Any solution around portable social networking should use this at its base, and the OpenID community should move to finalize the extension and move forward to building cool sh*t on top of it.

At some point I got a ping from someone that was working on a SAML implementation for Drupal. Unfortunately, that was a year ago or more, and trawling my email doesn't seem to surface anything.

So, anyone out there in blog land working on a SAML *SP* (aka client) implementation for Drupal? I have some folks that would like to test interop. Please contact me if you've got something.

Related to this is the Google Apps Authentication module, which lets you use your Drupal database as an authentication source for Google Apps -- the for pay, Enterprise or Education edition. This is a SAML v2.0 IdP implementation as far as I know...

And yes, I'm still a huge OpenID fan. But combining the two standards is even better, since theoretically you could create new Drupal accounts via OpenID, and the Drupal accounts in turn would serve as auth for Google Apps. AKA how to use OpenID with Google :P

So, everyone is writing about the Google Apps Premier Edition. Lots of partners have announced services that integrate with Google Apps today -- see the Google Enterprise Solutions gallery for what's available today.

I've complained before about Google's messed up identity system (it's not fixed yet). And it looks like SXIP is now doing the same thing that it provides for Salesforce: identity management.

I've pinged the folks at SXIP to find out more. Their press release points to SXIP Access, which is their, dare I say it, "previous" solution vs. the OpenID bandwagon? Or maybe not?

Update: I got the scoop from Lori Pike at SXIP: "At this point in time there's no relation between [SXIP Access] and OpenID or SXIP 2.0/DIX." -- and likely there will be a blog post that explains a bit more.

Marc Canter continues to blog up a storm. If you really, carefully, read about all the stuff he's been posting: he really is looking to the future.

Yes, I do find it a bit scary to be agreeing with Marc. I mean...I love the guy, I love his family, but he drives me crazy 50% of the time

So, what has Marc got right lately?

• It's about the network of networks
• social networking is a feature...and it makes sense to pick and choose building blocks to start from rather than blowing your brains out developing code (and UI, and standards, and, and...) from scratch every time; Marc feels burned by open source, so he's doing PeopleAggregator, me, I'm pushing away at my old friend Drupal
• identity is great for sign on is great; now let's get working on attribute exchange, without which 2.x is somewhat pointless -- we had this working 2 years ago with SXIP

That last point is from Marc's latest on Microsoft's CardSpace plus Open ID, and he closes with "without import/export we have no context". That is code for "don't make me create an account on another god-dang site that really should be a feature, and especially don't make me re-enter all my stuff into another system".

I did a much longer recap/announcement over on my Bryght blog, but wanted to point to some people specifically. I had a great time and it was good to see so many people out.

Scott Hadfield wins the prize for actually OpenID-enabling his blog in real time (and for his bizarro domain name :P).

My site here does have delegation headers for my home.bryght.com account (Simon Willison has good instructions for the OpenID 1.1 format here), but it won't work most places until we get our code updated with the OpenID 1.1 backwards compatability. 

I think Rob of jayandsilentrob.com wins the prize for most errors/frustration encountered in trying to get his site delegating. I realized as we were all clustered around trying to test delegation with various systems....that there are still very few "large" sites that you can just do login with...besides random blog comments. Definitely more work needed here. Oh, and Rob has an event coming up here in Vancouver for tech types (Rob, looked for it in upcoming and couldn't find it...post/email and I'll update this).

Coming up January 17th, 2007 (next Wednesday, if you're reading this in current day blogtime), SXIP is hosting the Vancouver incarnation of an OpenID MashPit event. Here's the scoop:

Want to learn more about OpenID 2.0 and spend an evening hacking on the new code? Join Sxip at the OpenID 2.0 Mash Pit evening in the New Year in Vancouver. There will be simultaneous events that night in Portland and other locations, with a live webcast amongst us. OpenID is an emerging Identity 2.0 standard for exchanging identity data on the internet. This is for people to come and hack on OpenID 2.0 and figure out how to make it work for their sites or applications.

We'll do a brief introduction on OpenID 2.0 and the new stuff you can do with it such as attribute exchange with the email verification service, followed by 5 minute lightening talks on whatever you want to demo or talk about and then break out into small groups to help people actually dig into the "doing" of OpenID enabling their site. The goal? More hacking, less talking.