Last year, if you recall, I was a bit upset about some specification I participated in… I wrote a blog post, followed by another post, then went silent. I felt very strongly that everything I had to say was right there in the posts and that an ongoing online feud will only weaken the points I was trying to make. For a couple of months I received weekly requests to come speak at conferences about it. These were all security, platform, or API conferences where this topic would be a perfect match. I turned them all down.
What bothered me was the feeling that if I were to do a talk about it, it has to be to a completely different audience. I would have to break out of the echo chamber and turn a very technical and procedural set of arguments into something more culturally and emotionally meaningful. And it must be funny, which none of the people my posts were aimed at found amusing.
So when the invitation from the Realtime Conference team showed up in my inbox, my first reaction was to turn it down like all the others. But then when I read it, something clicked. For the first time, I wasn’t invited to explain why the protocol sucked. I was asked if I was interested in “sharing some of what [I] feel are [my] ‘lessons learned’ from that experience”. Here was an invitation to engage in a meaningful, emotional exercise that wasn’t trying to recreate my posts. It was about moving on. I immediately replied “sure!”. Continue reading
A few weeks ago I went to visit some friends at Facebook’s headquarter. We had an interesting chat about OAuth and other geek topics. As is common these days, the conversation drifted to my recent adventures in farming. I was describing my setup, the chickens, ducks, geese, and pigs I’ve got running around, and then mentioned my three emus all named Kevin.
Someone who was listening in from a nearby cube stood up and asked, “When did they add emus?”
Get it? At Facebook everyone’s a farmer.
A concerning trend is showing up in recent TV and print advertisements of companies using their Facebook profile pages as their web identity instead of their own domains. Most of these companies are big corporations with a well-established web presence. Using social networks to connect with consumers and promote brands is not new, but using these identities as the primary corporate web identity is new. Continue reading
It’s that time again, to move on. The past three years have been a roller-coaster. Coming from a small startup after a decade in financial services technology, I got to learn, contribute, lead, and provoke open web development. My standards participation landed me a great job, relocated my family to the West coast, and introduced me to a lot of amazing people. It has been awesome.
Over the past couple of months I have been steadily phasing out my open specifications and standards involvement. The OAuth 2.0 core specification is the only thing I am still working on (OAuth is a keeper). Everything else has either fizzled away or lost its interest to me. This should not come as a surprise to anyone who talked to me or read my posts over the past few months.
A few weeks ago, a handful of web companies lead by Meebo and Google (with moral support from Yahoo!) announced their support for a new protocol called XAuth. The idea is very simple and seemingly appealing – create a sort of shared-cookie service for sites to use to store and find which identity providers a user prefers, solving the OpenID NASCAR problem. It is a similar idea to existing commercial products such as JanRain’s RPX.
I’ve heard about this proposal a few months ago and have been rolling my eyes ever since. Why? Because this is – to borrow from one of my son’s favorite book – a terrible, horrible, no good, very bad idea. It is a dangerous and over simplified hack aimed at solving a complex problem – how to manage online identities and improve the usability of distributed identity providers.
The landscape of the community-engineered social web, the one based on open technologies, has changed dramatically over the past few months. If you took a year off and just came back, you would probably not recognize it at all.
The movement that started with protocols such as OpenID, OAuth, and Activity Streams, is now mostly gone. All the cool kids got grownup jobs and the market is back again driven by a small number of corporations. In fact, it is so small it can be counted on two fingers. A year ago, a meeting with Chris Messina, David Recordon, Joseph Smarr, Monica Keller, Will Norris, Luke Shepard, and John Panzer represented 7 different organizations or communities – a well-balanced mix of big and small, corporate and independent.
Today it’s just Facebook and Google and that has significant implications. But when examining how these two companies engage in the development of open technologies, the findings are quite surprising. On the product side, Google is famous for their openness while Facebook is notorious for their closed garden. But when it comes to their community engagement, these two giants behave in a rather reverse fashion.
Twitter recently added a very cool and somewhat unproductive way of what I call strolling the social graph (a technical term some folks really don’t like, but offer no good replacement). It is called Blocks and allows you to graphically see who the people you are following follow and what they’re up to. The tool itself is very well designed and fun to use. The idea is that if you are following someone, you might be interested in who they are following too. What is unproductive about it, is that it doesn’t go the extra mile of allowing you to follow people by proxy.