Hueniverse

Talking about XRDS-Simple the past few days, I realized that much of the confusion comes from a complete lack of real-world examples. Since the goal of the specification is to define a framework, not to instruct how individual use cases should be implemented, it is somewhat limited in its allowed scope. The biggest challenge in explaining XRDS-Simple is the wide range of use cases people expect it to solve. Just like other languages, the same idea can be expressed by XRDS-Simple in many ways, which is at the core of this extremely open and expendable format.

Focusing on the current themes of openness, the conversation around discovery really boils down to three use cases: identity discovery, resource discovery, and service discovery. Identity discovery focuses on finding out more about an individual from their URL identifier, a pattern established by OpenID and Microformats. Resource discovery allows attaching metadata to HTTP resources to offer more information about the resource that may not be represented by the resource itself. Service discovery describes a set of resources with a common context, providing a machine-readable inventory or big-picture overview.

It is unusual for me to use this blog for comments on current affairs, digital or otherwise. This blog is usually used for technical posts about open standards and social applications. But after reading the New York Times letter to Jerry Yang I had to point out just how completely ridiculous the arguments against the company and the so called ‘poison pill’ are. I was disappointed that a newspaper like the New York Times echoed some of these idiotic views and printed such an unbalanced and childish letter, even if it’s only on its editorial page.

Nobody needs me to explain how the stock market works and the risks involved. The fact that in the past 6 months alone we’ve seen such huge losses for shareholders of MSFT and GOOG proves my point. Making short term shareholder value such a critical issue makes the Times’ entire letter completely lose its credibility (oh the poor firemen!). Also, the argument about losing executives while factually true, is much less significant when viewed with the other more prominent departures across the industry.

But that’s not what I think everyone is getting so wrong.

Everyone is talking about Open these days, and it is a very exciting kind of Open. It is the Open that allows developers to utilize the best resources available online and combine them into new and innovative products and experiences. The internet has always maintained a healthy balance allowing users to pick and choose the individual services that suit their needs. What this new Open adds, is the ability to allow new providers to build on top of the existing layer and improve it, rather than have to start from scratch. It also enables users to get more out of their existing online presence, making their digital assets do more for them.

OAuth, a community-driven open standard was designed to address sharing of resources between services while maintaining full user ownership and privacy. We are all too accustomed by now to being asked for our username and password when joining a new service in order to import our existing data. The obvious problem is that the credentials we are asked to share control more than just our address book, photos, or bookmarks – they often control our electronic wallet, confidential correspondence, financial and medical records, and other sensitive data. To make things worse, sharing our email username and password means granting full access to almost everything we do online on other sites since email is the most common way to change and recover passwords.

Every day people I know share photos, videos, blog posts, and other content with me. This works particularly well if they use open services where no registration is required, or when the content is public for all to see. Most content sharing sites default to making user-content public. These services allow users to limit access by making their stuff private and only accessible to a small group of friends. The problem starts when I’m invited to view content that is either private or hosted by a members-only hosting solution.