Hueniverse

OAuth 1.0 and OpenID 2.0 went final one day apart. Each has a very well defined purpose and were designed to work well with each other. OAuth’s primary focus was a way to delegate authorization, mostly in the realm of APIs; and OpenID creates a distributed identity service. When put together, OAuth allows users to use their OpenID with widgets and other services, and that was one of the initial driving forces behind developing OAuth. For the most part, each protocol does its thing well, and plays well with its counterpart. But from a technology standpoint, we made a bit of a mess.

It is always exciting when one project leads to another equally as interesting. OAuth Discovery uses XRDS as its document format. XRDS is a rich format for describing services, and was adopted by OpenID for its preferred discovery method. Simply put, XRDS provides a method to list services and their properties in a flexible way. On the ‘simple’ side, XRDS allows listing services in groups with their URL and type. So if an application is looking for a service of a particular type, it can find a match and use the associated URL. On the ‘complex’ side, XRDS offers a wide range of tools to chain multiple documents and build advance selection criteria. It gets pretty sophisticated. Sometimes too sophisticated.

Nouncer is getting ready for its alpha release this month. I have written before about what Nouncer was supposed to be, and how I started working on it. But like most early stage products, Nouncer has evolved and changed in order to offer a unique service and remain competitive. In the spirit of anti-stealth, this post aims to explain, as much as currently known, what Nouncer is and what it is about.

Nouncer bridges the gap between real-time delivery and information overload. While most services focus on building a messaging system, Nouncer offers a content delivery platform. Content: Real-time, quality, and as requested.

Ironically, the same day I write about how OpenID needs to support emails in order to make itself more accessible to people, Kevin Marks, Scott Kveton, and Chris Messina write about moving to a URL-centric identity. We are usually on the same page but on this I could not disagree more.

Imagine I taped this note to my mailbox (no, not my SMTP mailbox – my real USPS mailbox – you know, that thing outside my house I get sticky NetFlix envelopes in that cost the postal service $61.5M):

Dear Mailman,

You are hereby requested to honor this mailbox TOS, and validate that envelopes come from a known Facebook or LinkedIn friend before putting them in. Failing to do so will put you in violation of my TOS.

Oh wait, there is not black/white listing or TOS for snail mail. Other than don’t send bombs and pay for stamps. You get what people send you. And you know what, except for some dead trees, it seems to be doing its job.

Recovery – a way to gain back lost access
Replacement – use an existing account with a new identity
User-friendliness – technology normal people can use (i.e. non-geeks)
Retention – provide an experience that doesn’t require sending users elsewhere

OpenID is like a new kind of credit card trying to get buyers, but doesn’t have enough stores to accept it yet. Users will come when OpenID opens more (exclusive) doors and gives them extra benefits, but for now, the marketing campaign needs to focus on getting more sites to accept it. Most users today already have single-sign-on – they use the same username and password everywhere.

There are many great benefits for users to want to use OpenID, such as having the ability to change their password or personal information once and have it apply everywhere. There are also barrier to user acceptance such as getting used to using a URL or XRI instead of a username and password. But at the end, just like a credit card, it’s all about where it is accepted.