Manage your online identity.

Another issue that’s generating some questions among ClaimID users is how to control one’s nickname when posting an OpenID comment to blogger. The nickname is what shows up as your name in the comment. Here’s are two examples of OpenID comments; the nickname is “Fred” in one, and “This shows up” in the second comment.

To accomplish this, first I leave a comment with my OpenID URL:

Once I do this, I am sent over to the OpenID server for authentication.  As you’ll notice, it asks me for some information:

Blogger is asking for your nickname, which is what will show up as your name in the comments.  As a test, I’ve given “This shows up” as my nickname.

Success!  Now I can control what nickname shows up when I comment.   Note, if you choose “Log in and Trust” this will set your nickname permanently unless you revoke Blogger’s trust, which you can do by managing your profiles at http://openid.claimid.com.

We’ve recieved a number of questions about this, so I thought it might be useful to post it to the blog. If you’re attempting to post a comment using an OpenID to a Blogger blog, you must prepend the http:// before your OpenID. For example, the following won’t work

But with the prepended http://, it will work:

Hope this helps!

If you follow the identity space, it’s likely you’ve encountered the work of Chris Messina.  A longtime advocate of open standards and sane identity solutions, Mr. Messina’s influence was felt very early on in the ClaimID development process.  In fact, we owe him a lot of thanks for helping us think through the possibilities of many very new technologies.

For these reasons, we’re following Chris’ work on DiSo - Distributed Social Networking Applications.   He’s working with Will Norris and Steve Ivy to create a framework for applications that leverages open identity standards - OpenID, the emergent OAuth.  This framework will ensure distributed, trustworthy data and identity portability between applications, ensuring what some might call distributed social networking.

In the past few months, there’s been much talk about this idea of distributed social networking: Google’s super-standard OpenSocial, Facebook’s Platform - we’re seeing the possibilities (and the downsides) of opening up our stacks.  Of course, to the major players, this is a new land-grab; this is why Messina and co’s approach is so attractive.  Our data, the stuff that I choose to share, should be free and portable.

Needless to say, we’re paying close attention to the work on OAuth and DiSo - hopefully in a few weeks we’ll have some interesting announcements regarding our brainstorming for feature development using these new methods.  This is very powerful stuff, and we’re glad to see it coming to life.

This has been a great IIW (Internet Identity Workshop) out here in Mountain View - thanks again to Phil Windley and Kaliya Hamlin and Doc Searls, the organizers.

The feeling in the air has been more electric than in the past. There’s a definite energy in this space. We’ve had some great discussions about potential partnerships and features we think people will really love. The developer community is excited about the new specs announced and the next few months look very rich with opportunity for collaboration.

People representing the Open Social Web (claimID, Plaxo, Citizen Agency) and those big guys who run The Infrastructure (Google, MS, Yahoo, AOL, Verisign) were all sitting and talking about how we’re going to make it work for the user. It’s very refreshing and a testament to how far we’ve come in the last few years.

The two specs announced here at IIW2007b were the OpenID 2.0 spec and the OAuth Core 1.0 spec. These two specs are important because adoption of OpenID is climbing quickly (a tipping point very soon) and OAuth is a consolidation of 6-7 existing authorization protocols. Both are poised to generate lots of interest.

There was much discussion around how these two would play well with each other. It rather dominated the discussion for a couple days or so. Find a picture of the schedule wall.

The general consensus is that users will now have the tools to better take their own data and define their permissions as they move around the internet. With an underbelly of discussion around Facebook’s new offer of a global opt-out for Beacon, this conference represents the future of how this stuff is all going to work *for us* instead of *for advertisers*.

Good stuff all around. One of the best conferences I’ve ever been to and the reason I keep deciding to come back - real work happens with the people who understand what Open means.

Some very cool adoption news from the folks at Google: OpenID-based commenting will be rolled in to Blogger and Blogspot blogs.  The news comes from the Blogger in Draft blog, which has details and links.

If you’ve got a Blogspot blog and would like to enable OpenID commenting, you’ll need to log in to your account at http://draft.blogger.com (hat tip David Recordon).  Once there, you can enable OpenID commenting by browsing to Settings -> Comments, and enable “Registered Users.”  One very clear drawback here is that by placing your blog in “Registered” mode, you may no longer accept Anonymous comments.  That should be fixed by the Blogger team; OpenID commenting exists within an ecosystem that values the spectrum of identity, from anonymity to full-verification.

Internet Identity Workshop, the bi-yearly identity open space, will be held December 3-5 2007 at Mountain View’s Computer History Museum. Organized by Phil Windley, Kaliya Hamlin and Doc Searls, these are (in our opinion) some of the most important and positive meetings for the identity community.

ClaimID will be attending (represented by Terrell), and this marks the first year we’ll be sponsoring the IIW. We’ve seen the impact of these wonderful meetings, and we wanted to do what we can to help move them forward. As we are a wee company, there’s still a lot of sponsorship need - so please consider sponsoring the IIW.

We look forward to seeing you in Mountain View in December!

OAuth

A few days ago, the minds behind OAuth launched the site and declared their spec at 1.0-final. This is big news as many sites are duplicating engineering efforts in creating their own APIs. OAuth is a standardized, open way of managing an API handshake for your web application. OAuth can be implemented by the application provider or by the consumer/widget.

From the front page:

An open protocol to allow secure API authentication in a simple and standard method from desktop and web applications.

It’s a valet key for web applications:

Many luxury cars today come with a valet key. It is a special key you give the parking attendant and unlike your regular key, will not allow the car to drive more than a mile or two. Some valet keys will not open the trunk, while others will block access to your onboard cell phone address book. Regardless of what restrictions the valet key imposes, the idea is very clever. You give someone limited access to your car with a special key, while using your regular key to unlock everything.

At claimID, we’re very excited to see this development, as we’ve been planning for an authenticated API for sometime. We hope to work through our own implementation soon. Congratulations to everyone associated with the OAuth progress. This is another step to making the web more open and interoperable.

As always, our friend Chris Messina is all over it:

Cheers and congrats to all the folks who helped to make this happen. It might be a relatively minor step in terms the development of new technology today, but looking out long enough into the horizon, I think we’re adding a significantly important piece of puzzle that’s been missing for some time.

Definitely an important piece, and until this past week, a missing piece.

OpenID.net

Additionally, OpenID.net got a facelift earlier this week. The new site is much cleaner and does a much better job of explaining what OpenID is, as well as what you can do with one. Congratulations to David Recordon and Scott Kveton for their hard work pulling things together. The OpenID Foundation now has a nicer place to call home as well.

Of course, we’re also tickled to be alphabetically blessed - we’re listed first on the “How do I get an OpenID” page:

Here at claimID, we’re constantly trying to find ways to add small bits of technology and standards to our existing code. We’ve had XFN built into our links from the beginning, but that functionality has been hidden behind our “advanced” tab whenever you’re creating or editing a link for your claimID page.

Now - we’ve invoked some of the latent power in this XFN and have auto-added rel=”me” to any link that is verified in our system (via MicroID). As new verified claims are added to your accounts, they will also be marked with rel=”me” and be compatible with the recent discussions around the Open Social Web and microformats.

XFN and rel=”me”

Identity consolidation is something we’re only beginning to tap into. As the web becomes more programmable and mashable, XFN, along with other microformats and small building blocks like MicroID, begin to show their potential.

Here is a short section from the XFN pages at GMPG:

Identity
Me is used to indicate that the link points to a site for which you are responsible. This is useful when pointing to various profiles on social-networking sites, for example, or when pointing between two different blogs run by the same person. Note that use of this value is exclusive of all other XFN values; thus, you cannot declare rel="me co-resident" even though it is to be hoped that you are in fact co-resident with yourself.

This addition is only a small thing, in the grand scheme, but another solid piece of our commitment to education and advocacy with regard to online identity.

An example of how this is powerful

Plaxo’s open source Open Social Graph (e.g. Online Identity Consolidator). It spiders out from a source URL based on the XFN it finds. Then it builds the graph and reports back. Click on a few of the links below to see it in action - with the source URLs being our newly automated rel=”me” pages at claimID:

• habib - text, json, xml
• terrell - text, json, xml
• jsmarr - text, json, xml

More Discussion

Further reading around the idea of an open portable social network:

• http://blog.claimid.com/2007/09/claimid-supports-the-open-social-web/
• http://www.plaxo.com/info/opensocialgraph
• http://bradfitz.com/social-graph-problem/
• http://www.sixapart.com/about/news/2007/09/were_opening_th.html
• http://opensocialweb.org/

Today, Joseph Smarr, Marc Canter, Robert Scoble, and Michael Arrington released A Bill of Rights for Users of the Social Web, calling for services to support a more open approach to identity information. The document is simple and effective:

We publicly assert that all users of the social web are entitled to certain fundamental rights, specifically:

• Ownership of their own personal information, including:
  • their own profile data
  • the list of people they are connected to
  • the activity stream of content they create;
• Control of whether and how such personal information is shared with others; and
• Freedom to grant persistent access to their personal information to trusted external sites.

Sites supporting these rights shall:

• Allow their users to syndicate their own profile data, their friends list, and the data that’s shared with them via the service, using a persistent URL or API token and open data formats;
• Allow their users to syndicate their own stream of activity outside the site;
• Allow their users to link from their profile pages to external identifiers in a public way; and
• Allow their users to discover who else they know is also on their site, using the same external identifiers made available for lookup within the service.

Not only are we proud to support this bill of rights, but I’m happy to report that we’re also in compliance with it.  At ClaimID, we’ve long innovated in the open-identity space; our work with MicroID and our deployment of OpenID-based social networks stand in evidence.  At the same time, we’ve always respected your identity rights, giving our users control to do what they’d like with their data.  We’ve always known that being open and forthwith is the right approach, and we’re certainly pleased to see these values gaining so much traction.

Our users have asked for this for a while - and we’re glad to finally see it out of development.

We’re happy to announce that we’ve got SSL enabled now at claimID.com. You should be able to login to your existing account at https://claimID.com. Those of you reading who don’t already have an account can register with the knowledge that there’s nobody in the middle watching your password. Additionally, the change_password page is encrypted as well.

We’ve chosen to only enable a few points of the site - where your password is used. The rest of the site (and your OpenID URLs, most importantly) have not changed. This is important because your OpenID is your login to other sites - and a change from http to https would effectively change who you are at those other sites. But fear not - you’re still you.

Thanks to everyone who asked for this. It’s been a long time coming.