Feb 252008

So I was listening to an IT Conversations podcast today, and Valdis Krebs offered quite an interesting perspective. Lately I’ve been thinking about social identity and how people can manage their online identities more efficiently, since I’m not aware of any tools that enable users to bridge social networks with one identity.

Anyway, Krebs asserted that today’s “social networks” such as LinkedIn and Facebook are in fact not very representative of the real world. A person’s social network consists of various groups of people, such as family, friends, coworkers, former coworkers, etc. It does not typically include people that sent you an invite that you feel obliged to accept. Regardless of that, he asserts that the technology that most realistically mirrors a person’s true social network is E-Mail. He suggests that people who go to LinkedIn or Facebook are going to a location that is not part of their natural social network in order to connect with people online; he refers to this as the ‘top down’ approach.

In contrast, a ‘bottoms up’ approach might be to leverage the communications technologies that people already use to build their online social networks. For example, building social applications based on a person’s IM client, E-Mail account, and twitter account would
more closely represent a person’s true social network, while at the same time providing convenience for that person. So the ‘bottoms up’ approach builds the network from the person out, instead of from the network down.

I find this idea very intriguing. From a technology perspective, I don’t see why applications couldn’t be built on top of IM clients as a starting point. As a former colleague of mine (excitedly) points out in a recent blog post, XMPP is an extensible protocol that sits at the heart of some IM client implementations. Why couldn’t social profile information be built out on top of these IM clients?

In fact, some IM providers are halfway there already (XMPP or not). If you try to edit your profile in Yahoo IM or AOL IM, you end up at a web page. This seems like a great place to build out a Facebook clone, if you ask me. It wouldn’t necessarily solve the problem of having multiple social identities (unless that IM provider worked towards that goal via partnering agreements and open standards), but it would bridge the disconnect between the ‘social network’ web sites and the actual social networks that people already have in their IM clients.

So maybe OpenID isn’t the best answer to the problem. Maybe XMPP is. I’m certainly not making a proclamation here, but I’m convinced that XMPP deserves more careful thought.

Feb 252008

When I investigated OpenID for the first time, I thought it was a good idea, but not sufficient to solve the problem of online identity management from the standpoint of a single person with identities at many, many web sites.

But what if we narrowed the scope? Instead of asking whether OpenID could be an identity solution for all sites, maybe it could do the job for some segment of web sites. For example, could OpenID be a solution for social identity management? I don’t know about you, but I’m part of four social networks (Friendster, MySpace, LinkedIn, and Facebook), though am active on only two (LinkedIn and Facebook). Certainly there are more social networks out there, and certainly there are many people who are an active part of all of them. I’m sure those people would love it if maintaining their profiles was as simple as making a single update.

Of course this raises another issue: privacy. Some people maintain a professional profile in some networks, and a more social profile on others. To have one social identity would mean that users would need the ability to manage access control of profile information as well as application information. This could definitely be handled technically, but by whom? This is probably going to be the topic of another post.

Feb 222008

Last night I decided that I’m tired of not knowing what OpenID is all about, so I got one and learned how to use it, and thought about whether or not it is a good thing.

So the big idea as I understand it is that people should be able to have one login for all internet sites, instead of having to create an account at each of the 42 web sites that you use. This can be accomplished via the use of a single trusted source (that being your preferred OpenID provider), and having other web sites defer to it for authentication. Sounds good, right?

If you want to experience this for yourself, here’s how you can do that:

  1. Set up an account with a trusted OpenID provider. I set mine up with Verisign because I trust them.
  2. Go to a web site that supports OpenID and login with your newly created OpenID. Try Plaxo.
  3. Use the OpenID login you created (such as http://[username].pip.verisignlabs.com)
  4. Fill in whatever information is requested (this is made easier by the OpenID provider if you’ve fully set up your profile already)
  5. Determine whether you want to trust Plaxo forever, until a specified date, or just for this one moment
  6. Click “Allow”

So there are a couple of things going on here. First, you’re doing the work of setting up your OpenID up front, so that you may save yourself some time later by not having to re-enter that information when you login to a web site that supports OpenID. Second, you’re setting up your trust relationship with Plaxo up front, so that when you need to login there again, all you have to do is enter your OpenID (such as http://[username].pip.verisignlabs.com) and you are into the site (unless you are not currently logged into your OpenID provider’s site).

What does it all mean? Well for one, you don’t have to remember a password to login to Plaxo or any other web site that supports OpenID; you only need to remember the password for your OpenID and the string that represents your username (such as http://[username].pip.verisignlabs.com or http://[username].myopenid.com, depending on your provider). Additionally, you are you across all OpenID supported sites since your OpenID is unique.

It also means that you have to hope that the entire internet supports OpenID at some point in the future, if you only want to remember one password. If this really is your goal, I don’t think OpenID is your answer; you’ll fare better with some sort of locally installed software package that manages your internet credentials for you.

So all in all, I like OpenID, but it needs much more support. Specifically, I’d like to be me across GMail, Yahoo, LinkedIn, and Facebook for starters. In the meantime, if anyone out there knows of some good online identity management software that I could install locally, please comment here and let me know about it.

Feb 142008

I read an article today in WSJ on network neutrality, and it got me wondering – what’s the big deal?

Apparently Comcast has admitted to delaying or blocking peer to peer (P2P) traffic on its network, thus allowing more bandwidth for non P2P traffic. On the surface, I thought, so what? A good portion of the traffic on P2P networks is illegal copies of movies, music, and software. Shouldn’t that get less of a priority than “righteous” traffic?

P2P software providers are likely to say they’re being discriminated against, and cite the fact that P2P technology enables the transfer of information in an efficient manner, etc., and who is Comcast to judge what types of traffic deserve prioritization? Good point. Unfortunately for Comcast, the bandwidth available to subscribers depends on the usage levels of their neighbors since the technology is not switched. This is distinctly different than Verizon’s offerings, DSL and Fios, which are both switched technologies (meaning that the bandwidth you pay for is not available to anyone else but yourself). So I would venture to say that Verizon doesn’t have as much of a problem, though certainly they could prioritize traffic on their network backbone if they wanted to.

So what this this all mean? It seems that network providers are in the unique position to affect the financial prospects of many businesses that rely on network connectivity and performance. If I was running a media business whose delivery mechanism primarily used P2P technology that was delayed or even blocked merely because it uses the technology, that could have devastating consequences to my company’s performance. Taking it a step further, if the network provider discriminates based on the technology used, who is to stop them from prioritizing based on content? Maybe Comcast will reduce the priority of traffic to/from specific web sites, which could be anti-competitive.

On the other hand, if I were a Comcast executive, I need to be worried about quality of service. If 15 year olds are degrading service for each of their neighborhoods across the country because they’re downloading movies 24/7, that will lead to defections to Verizon or other competitors. If I’m Comcast, I need to do something to ensure that my customers are satisfied, or my business my lose many customers. Why shouldn’t I be able to preserve quality of service for the masses if I have the ability? It’s my network isn’t it? I own the lines don’t I?

It seems to me that there ought to be a balance between network providers’ ability to manage levels of service on their own networks and openness to policing. Technologies probably would have to be developed to enable accurate identification of content traversing the network, and there would have to be some clear definition of what content can be prioritized across known service levels. Of course, that is easier said than done since there are so many voices in the conversation. I guess my take is that network providers shouldn’t be forced to keep things completely open at the peril of their business.

What are your thoughts?