monkinetic weblog | redmonk.net

It’s been a while since I’ve posted about what’s going on in the DiSo community, and I had started to prepare a list of recent developments to share, but on the way I felt that there was a theme I wanted to address first.

The DiSo Project is first and foremost about enabling/creating a new category of social-networking-enabled websites, not restricted to the large silos but grown organically at the edges of the web - the small and independent sites that are the forerunners and foundations of the communities we now enjoy. How can we best provide a fertile environment, one that encourages, protects, and nurtures this growth?

grass image from pygment.com for whose proprietor I cannot find contact information.

Fertile Foundations

One theme that’s been cropping up on the conference circuit lately, thanks to Chris Messina, Dave Recordon, Jeremy Keith, and others, is this idea of “building the open web“. The internet (based on public, open technical standards), and the early www (based on public, open hypertext formats and protocol specifications), gave “the web” we know its heart and soul. How did that happen, and what will perpetuate the process?

Like sediment in a river, or potting soil in a greenhouse, each layer we put down supports and affects the ecosystem that grows out of it. We take IP, ethernet, and their like completely for granted - they’ve been standardized and implemented across a worldwide network. That layer is foundation and fertilizer for the next: HTTP, SSL, HTML, XML, and the feed variants that have become the everyday building blocks of our applications and services. These are now settling into the foundation for the services we’re building now: near-real-time publishing and social software stacks. These, in turn, will provide for what comes after, and the philosophical foundations we build into this layer will profoundly affect the health of the next.

Building the Open Web

So for the next ecosystem of social and community applications to thrive, we need to make sure that these aspects - public, freely-implementable formats and open standards - are a part of the web as we know it now. Thankfully, it’s happening - witness the growth of open, enabling technoliges like:

• Microformats, basic specs for marking up machine-readable data in human-readable web pages (XFN, hCard, hCalendar, hAtom, hEtc)
• OpenID, open identity solution for web services
• OAuth, an HTTP-based protocol for authentication between services
• XRDS-Simple, which provides discovery for various web services and makes inter-app cooperation that much easier.
• XMPP, a real-time, distributed messaging system that can be integrated into other services.

All these are publicly developed and freely implementable, and active communities have evolved around them to discuss, implement, and evangelize them. This is what building the open web is about: collaborating to build a web that is larger than any company or organization - a web that will encourage new growth.

New Growth

So, given all the effort we’re putting into creating a web that is fertile ground for what’s coming next… what’s coming next? Here’s a look at a few areas DiSo is focusing on as we work on the building blocks of the distributed social network:

Identity

OpenID has focused a lot of attention on putting the User’s online identity back under their control. Rather than maintaining an account on each and every site they use, the User can maintain one or more OpenID accounts, using them as credentials on any of the 10,000+ sites that accept an OpenID for registration and login. With the technology in place, we turn our attention to what identity means, how much of that identity we’re willing to share, and with whom.

Activity

Since the mid 90’s we’ve been working on the problem of how to track what our friends and contacts are doing online, and figure out where the stuff that’s really interesting and relevant to us is happening. Look at the social network silos, and you’ll see that a huge part of what they offer users is the ability (or at least impression) that the user can know what their friends are up to. Sites like Twitter and FriendFeed are making progress on bringing this activity tracking into the light, but to really distribute it all there’s still a lot of work to do.

Here at the edges, we’re making it easy to agregate your own activity, and working on ways to track/follow updates of your friends activity in near-real-time.

Messaging

With OpenID providing a common form of identity, we’ve begun looking at what services can be enabled using that endpoint. One of the services we’re exploring is distributed messaging - friend requests, subscription requests, and direct messages - directed to that endpoint, authenticated via OAuth, and filtered by a messaging service based on user preferences.

Cultivating the Open Web

As the builders - or growers - of this web, it’s our responsibility to look beyond the IPO, beyond the ad-sell, beyond the current crop of buzzwords. We must decide that we’re going to invest in, and give back to, the ecosystem that has supported us. Think of it as Web “Green” - protecting and nurturing and stewarding the web ecology.

DiSo is built on the idea of implementing social networking concepts on existing standards where possible. One of those standards is XRDS Simple, a service description and discovery format that is a part of several recent and upcoming standards including OpenID and OAuth. This weekend I decided to build a generalized service for Movable Type that implements XRDS.

XRDS Simple for Movable Type (version 0.1)

XRDS Simple for Movable Type implements XRDS Simple service discovery. New web services like OpenID and OAuth are encouraging the use of XRDS (eXtensible Resource Descriptor Sequence) (and specifically the new, simplified version) for service discovery.

XRDS Simple for Movable Type is a faceless application that gives plugins a way to register services to be advertised in the discovery document, similar to how plugins can register new streams with Mark’s Action Streams plugin.

Registering A Plugin’s Services

Sample configuration YAML:

xrds_services:
    openid2:
        type: http://specs.openid.net/auth/2.0/server
        # media_type:
        uri: http://endpoint.example.net
        namespace_id: openid
        namespace_uri: http://openid.net/xmlns/1.0
        priority: 10
        # local_id: http://redmonk.net
        local_id_handler: sub { "http://example.com" }

A plugin registers its services with XRDS Simple by including an xrds_services section in config.yaml. In that section are any number of service definitions, each listed under a unique identifier.

Within the service definition are a number of items which generally follow the XRDS Simple spec[1]. Of note are the namespace_id, namespace_uri, and local_id_handler.

Each service can register a namespace to be included in the xml declaration of the discovery document. The namespace_id and namespace_uri parameters are used to construct an xsmlns: attribute, like:

xmlns:openid="http://openid.net/xmlns/1.0"

XRDS also supports the concept of a local id - an identifier for this site or user on the service the discovery document points to. The local_id parameter will be added to the generated document in the service definition. Sometimes the local_id will need to be set programatically. In that case, pass in a coderef as local_id_handler.

local_id_handler: sub { "http://example.com" }

What’s it good for?

XRDS is developing as the discovery mechanism for a new generation of social applications. Eventually, Movable Type’s OpenID server and delegation could be changed to use this simpler yaml-based configuration, and let the plugin generate the appropriate XRDS document, instead of generating the document itself. As Movable Type begins to offer OAuth-based services, those too can be listed - per the OAuth Discovery spec.

Check it out

As this is a faceless application, and there are currently no services in MT using this code, this is really developer-preview code. Download and peruse the plugin - it’s very simple. I’d be interested in feedback on the code and the YAML format as well. Upcoming features include support for multiple Type and MediaType elements (per the spec), as well as support for passing a coderef for parameters instead of static values.

Download

Download XRDS Simple for Movable Type or check it out from the DiSo repository.

These are the slides from a presentation I gave to about 80 developers at work at a recent day-long training event.

| View | Upload your own

Apparently some readers have been having problems logging in with OpenID on the site (apparently related to this bug). I think I’ve fixed the problem - if you’ve been trying to login, please give it another shot and let me know if it works.

I ran across a link to http://id7r.com this morning, and while it’s a technically interesting application, I can’t help but see it, at best, as a complete dilution of what OpenID is supposed to mean, and at worst, an intentional abuse of OpenID and a perfect tool for spammers.

A Quick Refresher

OpenID is a way for a user to assert to a site that the user controls/owns a URI (a good look at the benefits here), and the authentication process tries to make sure that there’s a person on the other end of that URI.

A key feature of OpenID is that it provides a globally unique identifier for every user, no matter what site or service they are using on the Web. Simon Willison

Meanwhile…

The id7r.com home page says:

Id7r turns every email address into an OpenID identifier.

• type in your email address (prepended with id7r.com/) and click “verify”
• check your mailbox for a new message with subject like “Auth Request #### from id7r.com”
• follow instructions therein to complete the process.

Now, isn’t email the thing that spammers have come very close to completely ruining due to creating millions (billions?) of randomly-generated email accounts? The “instructions therein” consist of:

Do not reply to this message! It’s sent from an unattended mailbox.

Hi, <me>,

Someone (possibly you) has requested authorization at id7r.com for an OpenID login.

If you accept, please click this URL http://id7r.com/?action=confirm&token=<atoken>&auth=yes to complete the process.

Otherwise, click this URL http://id7r.com/?action=confirm&token=<atoken>&auth=no to reject it.

If your email client does not make above URLs clickable or a different browser pops up, please cut and paste either URL to the same browser you used earlier.

Sincerely,

The Id7r Team http://id7r.com

It seems to me that grabbing a link from the email and then submitting a form is not particularly hard for the scum out there.

Am I Crazy?

So, I know that OpenID does not claim to be an end to SPAM in and of itself (thanks to singpolyma for the reminder), but this just seems completely wrong to me. There was a recent spat over the anonymous OpenID server, and the community consensus seems to be that we’re going to have to resort to server blacklists eventually (though the author of the annoymous server makes a decent case that blacklists are not going to do it either).

So am I crazy for seeing this as a huge problem? Unlike the anonymous server, id7r.com looks like something that normal users would find useful, thereby making it harder on them if we simply blacklist it.

Got thoughts? Hit the comments and let me know.

Welcome to redmonk.net — all DiSo, all the time.

I do have a life outside of my latest obsession - - still, there’s good news afoot, so here goes.

Will Norris, author of the Wordpress OpenID plugin, announced yesterday that wp-openid is coming under the DiSo Project. Woo! As happy as I am to have Will’s awesome contribution, it makes a lot of sense too -

…they are using wp-openid as a foundation to develop additional plugins that build on OpenID to bring other social functionality to WordPress powered blogs. I am therefore pleased to announce that wp-openid is moving under the umbrella of DiSo in an effort to allow better integration with the other social plugins that are being developed…

Will is looking into the process of importing the wp-openid source into the DiSo repo, and then setting up a sync to wp-plugins to provide packaging and to hook into the plugin update system that was introduced in Wordpress 2.3.

Meanwhile, we’ve got a wiki set up; Chris has been busy creating ma.gnolia and flickr groups, and the Google group/mailing list is growing as well.

To complete the social absurdity, you can now follow diso on Twitter.

A nerd needs a project because a nerd builds stuff. All the time. Those lulls in the conversation over dinner? That’s the nerd working on his project in his head.

– Rands in Repose, The Nerd Handbook

Microformats, OpenID, Portable Social Networks

So, for the last month or so, these things have been my Project. Actually, I haven’t spent as much time on them as I’d like, since I’m a Dad (geek dad FTW) and an employee first, but I am a nerd and these have been my Project. The evidence:

• If You Love Your Users, Set Them Free — Portable Social Networks
• Making a list: Whitelisting with OpenId and XFN
• Blogrolls, XFN, and OpenID URIs
• More XFN+OpenID
• XFN Blogroll

You can see that it’s been occupying the back (and front!) of my mind for some time now. My unfortunate sounding board for a lot of this has been the unflappable Chris Messina, who himself is an enthusiastic evangelist for microformats and has put up with a lot of questions, as well as putting up with me nearly hijacking and adopting his plugin project.

I’ve rewritten large chunks of the XFN blogroll plugin, with Chris’ help and encouragement, and added substantial functionality (mostly in enabling the plugin to find users who have registered via openid and modify the blogroll links based on that information). Now, we’ve decided to move this project and several others we have in mind to their own project on Google Code.

DiSo: Distributed Social Networking apps

DiSo (dee • zoh) is a new umbrella project for various open source social networking components that we’re working on. In the beginning, we’re largely targetting Wordpress, building on the work Will Norris‘ has done with his excellent WP-OpenID plugin.

From the project description page for DiSo:

This model can be described as having three sides… Information, Identity, and Interaction.

The first plugin is the Microformatted Blogroll (wp-xfn), which is about ready for a 0.5 release, and has been getting a workout on my blogroll for a while now.

I’ve also started preliminary work on an OpenID server (wp-openid-server) that will authenticate against the Wordpress user database. The server will, hopefully, be a port/wrap of phpMyID, a very easy to use single-file server writtten by CJ Niemera.

What’s Next

For me, continuing to develop wp-xfn, and start designing wp-openid-server. For you? Try reading http://code.google.com/p/diso/wiki/WordpressBrainstorming and http://factoryjoe.pbwiki.com/DistributedSocialNetwork and see if there’s something you’d like to work on. Download the source an browse around. Then contact me or Chris and let’s talk!