Hueniverse

Nouncer is a web service, and that all it is. Nouncer is not a web site, as in a destination people go to interact and get information. It has no human accessible pages and is only useful for developers building their own solutions. Of course, it is not the only or first of such facility, but it is unique in that it is trying to use OpenID and OAuth without actually offering any user interface.

The problem is, that both protocols require some level of user interaction, if it is to capture their credentials or request their approval. The challenge is to offer an API that is truly customizable while still using open identity technologies. I have found my way to OAuth when I realized that my plan to use OpenID for Nouncer wasn’t trivial. There was no API way of handing over your OpenID the way you do with HTTP Basic authentication. OAuth solves that.

But still, both protocols are not yet ready for a scenario in which the service provider does not wish to interact with the end user at all. Not even a little bit. Ideally, all this will be done by someone else such as the consumer (the site using Nouncer to build their own site) or the OpenID provider.

We are getting to a point where the noise level of the open web community is getting so loud, people can no longer think. When Brad Fitzpatrick wrote about the social graph, I was one of those who thought it was a great thought provoking essay that will help move us closer to a better social web experience. I would like to take that back, and it has nothing to do with Brad his post.

I would go as far as claim that his post triggered the biggest time wasting flurry among open web thinkers. Just look at how many useless projects were launched, how many silly profile aggregators, XFN parsers, social network mapping tools, data export tools, open standards, and on and on. How about we end 2007 with a celebration of shutting down half the groups, projects, and efforts so we can better focus our limited resources on things that matter and will get us move forward. If you think I am talking about you, you are probably right, but this is aimed at many smart, dedicated, and cool individuals I have talked to and met over the past 6 months.

Chris made his list of companies who should have deployed OpenID by now. I am not going to list everyone who promised to come out with OAuth just yet, but I will. It is enough to look at the OAuth Core 1.0 authors and the companies they represent to see that we have a long way to go. Of course Hueniverse’ own Nouncer supports OAuth, and even OAuth Discovery. But some might say this is not really fair, as Nouncer is still in development. So take a look at Ma.gnolia, they had the first working OAuth Core service in production, and had Discovery deployed within hours of draft 1. So go, do!

Google caused some confusion when they announced OpenSocial will only use some parts of OAuth, and with a few minor adjustments. While the language of the announcement could have been a little clearer, it described a unique OpenSocial need: authenticate Consumers when no user interaction is needed. In the OpenSocial world, when a user installs a widget, they automatically grant Consumer access to their resources. So the OAuth dance of getting the user to agree is not needed (at least in the context of accessing containers).

I’m happy to announce the publication of the OAuth Discovery 1.0 specification first draft. OAuth Discovery enables partial and full automation of the OAuth protocol by using a machine-readable OAuth configuration documents. What is even more exciting is that we already have two Service Provider implementations available for Nouncer and Ma.gnolia, upcoming support from Twitter, and are expecting a Consumer library and test server soon. As with any first draft, the specification is expected to change and feedback is highly appreciated.

I’m excited to announce that the OAuth Core 1.0 specification has been released today as final. It has been a great (and surprisingly short) adventure working with great minds to create a specification that will make the web a better place for users and developers. I will post the third part of my on-going Beginners Guide to OAuth in the coming days. But the OAuth work is far from finished. We now have to get some critical extensions out, like signing of HTTP bodies, discovery (which I have started implementing for Nouncer at http://api.nouncer.com/.xrds), additional signature methods, and better integration of OAuth with OpenID.

Congrats to everyone involved and thanks for letting me be part of this.