Open Web Foundation Speeds Protocols' Legal Contracts

On Tuesday, the Open Web Foundation released an agreement aimed to speed new specifications' ability to be adopted by downstream users, with the intent of spreading open tools throughout the Web. Though occupying the always-complicated intersection of both the legal world and the tech world, the agreement is very interesting. The non-profit organization, featuring leading geeks from many of Silicon Valley's best known and most-respected companies, is hoping to promote data portability and open Web standards, no matter their source. Tuesday's agreement makes it easier for others to implement specifications without requiring lengthy bureaucratic legalities, and already features 10 major protocols and services as having signed up.

Among the services that have committed to using the new agreement include Yahoo!'s Media RSS standard, OAuth, Microsoft's WebSlice, and my often mentioned personal favorites, the PubSubHubbub and Salmon Protocols, being promoted by employees from Google.

As explained on the Yahoo! blog, on Facebook's Developers' blog and at Standards Law, services such as OpenID and OpenSocial were both forced to spend a great deal of effort working on legalities, taking their sharp engineering resources away from doing what they do best - code. The hope is that by setting a standard for approvals and access, much of these headaches can be eliminated.

The agreement itself is lightweight, compared to many legal tomes, and essentially mirrors standards set by Apache and Creative Commons, both of which have much history in the Web community. It covers how to handle attribution, that users can be trusted to leverage the work without fear of patent lawsuits, and that downstream users will not lay claims to others' efforts.

It could be yet another important step in making sure the Web is open, and that users can expect similar behavior and access capabilities from site to site and service to service. See also:
The Blurry Picture of Open APIs, Standards, Data Ownership from October 29th.

Attacking the Web's Beverly Hills and Schenectady Problem

Not too long ago, every new site you joined on the Web forced you to provide a daunting array of details about you in order to join. Full pages of pull-down menus asking about your date of birth, your marital status, your home address and other information was standard. But over the last few years, with advents such as OpenID, OpenSocial, Facebook Connect, and more recently, Twitter OAuth, personal identities are becoming portable - letting you sign in with a dedicated login to a new site, and reducing your need to store yet another password.

Kevin Marks, vice president of Web services at BT, formerly of Google and Technorati, relayed at the Defrag Conference this afternoon that under the old way, companies, after accumulating a high number of users, would often find they had an extremely high number of users responding they lived in either Beverly Hills or Schenectady, New York. Why? Because they were saying their zip codes were either 90210 or 12345. They were lying - sick of answering page after page of personal data for yet another Web site.

In the years since, thanks to efforts like OpenSocial, we have seen the rise of Web standards that interoperate, letting you pass along your personal information and credentials to new sites without having to create yet another user name and password.

"Over the last two years, we worked out the sanitization of protocols, so it could fetch things from one site to another," Marks said. "In that time, OpenSocial is up to 1 billion users. There are sites all over the world who are using this."

Marks broke down the solution to the real identity problem into four pieces:

• Me
  
• My Friends
  
• What We Do
  
• The Flow

Tools like OpenID and WebFinger solve for "Me", Portable contacts, through the unification of the Vcard specification, solve for "My Friends", activity streams solve for "What We Do", and new protocols like AtomPub, PubSubHubbub and Salmon are solving the "Flow". As you know, I have been a big proponent of tools like PubSubHubbub, Salmon and tools like Facebook Connect and Twitter OAuth, as they not only pass along data between sites, but also make data pass between sites more quickly. And while they are causing what could be considered a revolution, it is happening through the simple evolution of activity that is already happening.

"All these standards are empirical standards," Marks said. "We first did this with microformats. We asked what people are doing already, and agreed we would do the same thing."

Now, if you do tell companies you live in Beverly HIlls or Schenectady, New York, there's a greater chance that you really do, and maybe we'll believe you.

Five Ways OpenID Can Be Embraced

By Mona Nomura of Pixel Bits (FriendFeed/Twitter)

Attempting to learn OpenID for the upteenth time, I ended right where I started: Confused. So I reached out to the community for help and received tremendous feedback that helped me better understand what OpenID is about. People left thoughtful, thorough comments on how to actually use OpenID and someone even left step by step directions. That made me realize: OpenID is still irrelevant for the average user.

However, the discussions held on FriendFeed and my personal blog opened an avenue to great (rational) exchanges of ideas, which got me thinking about how OpenID can be relevant to us.

• Verifying needs to be simpler
  Technicalities aside, verifying, signing up, claiming, or whatever the "correct" term is, one thing is clear: The steps need to be simpler. Right now, the process is a nightmare requiring many steps. Users should be able to go to OpenID provider sites, and with one step - two at the most, be able to verify.

• Email providers need to get involved
  With password storage managers the norm, URL log-ons should not be a burden - in theory. And that is the problem: in theory. Realistically, non-technical users are intimidated by using something other than their usernames, e-mails, or handles (nicknames) to log on. Since usernames and handles, without the URL, would be difficult to use as an OpenID log-on, Gmail, Hotmail, Yahoo et al joining the movement makes perfect sense.

• Partner with consumer sites
  One word: incentive. Imagine if OpenID were to be accepted by Amazon, eBay, PayPal and financial institutions. Why wouldn't everyone use OpenID?

• Update the site and Wiki with clearer instructions. I did not know that being logged into a provider site omits the verification process and log-on using OpenID without verification is possible - did you? That information is not readily available on the OpenID site, why? Or why isn't that on their Wiki? Almost every person with Internet access can go in an edit a Wiki. Will someone go in an update OpenID's Wiki page, please?

• Create a Need
  Either I am missing something or it is still unclear why OpenID is so important - and most of it is due to all the technical jargon that is on the site. OpenID / OAuth, privacy, owning information, decentralizing, centralizing, user-centric, SSL, profiling, identity, and other stuff (for a lack of a better term) - it would be helpful if it were re-written in English anyone can understand.

If OpenID were to implement at least three of the above five, even my mother would be able to understand and use OpenID. Are you a part of the movement? If not, what would make you use OpenID? Or do you even care about OpenID?

Read more by Mona Nomura at Pixel Bits