The Future Has No Log In Button - Stay N Alive

The Future Has No Log In Button

uber-sign-in-button-by-factoryjoe-6151139

Since last week’s Kynetx Impact Conference I have gained an entirely new vision for the open web.  I now foresee a web which the user completely controls, lives in the browser, syncs with the cloud, and has no boundaries.  This new web completely makes the entire Social and Real-time paradigms miniscule in terms of significance.  What I see is an internet that, regardless of what website you visit, you will never have to enter your login credentials again.  I see the end of the log in button.

It all centers around identity.  The idea comes with a technology called Information Cards, and a term called the “Selector”.  With these technologies, websites will rely on the client to automatically provide the experience you want without need for you to log in ever again.  It relies on OpenID, doesn’t really need oAuth (since all the authorization ought to happen on the client), but the best part is you, the user, don’t ever have to know what those technologies are.  It “just works”.

OpenID

openid-logo-7997204Let’s start with what you might already be familiar with.  You’ve probably heard about OpenID before.  If not, you might notice a little vertical orange line with a little gray arrow going from the line in a circle on some sites you visit.  Google just announced today that their profiles are now OpenIDs.  That basic concept is that you can specify on any website on the web a “provider”.  When you log in via Open ID, all you have to enter is your preferred website that specifies this “provider”.  The website you’re logging in to then redirects you to that provider, you provide your password, and it takes you back to the authenticating site.  It’s a simple authentication mechanism that enables sites to know who you are, just via a simple URL.  StayNAlive.com is a identifying URL for me, and points to my provider, myopenid.com.

In addition, utilizing technologies such as “FOAF” (Friend of a Friend), and the Google Social Graph APIs and other technologies, you can do cool things with identity.  Since I know your provider ID is being linked by your website, I know both your website and that provider are the same person.  You can link sites together, and now you know which profiles around the web are truly you – it becomes much harder to spoof identity in this manner, especially as more and more sites begin to adopt this methodology.  The problem with OpenID is its still a little confusing (even for me), and not everyone is familiar with entering in a URL into a log in space to identify themselves.

Information Cards

openidselector-7988791

Enter Information Cards.  This is a new space for me, but a fascinating one.  An information card is a local identity, stored in your browser or on your operating system, which you can “plug in” to any website, and it tells that website about you.  Theoretically, they could even sync off of a local server somewhere, but Information Cards (so I understand) are controlled on the client.

The cool thing about Information Cards is that you can store lots of different types of information on them (again, if I understand correctly).  At a very minimum, information cards allow you to store an identity about an individual.  In an ideal environment, you would be able to download an information card program like Azigo, visit a site like Yahoo.com, select your Yahoo information card, and just by clicking the information card it would immediately log you

into Yahoo.  The cool thing is that ideally, this completely avoids the phishing problem because Yahoo is the only one that can read your information card for Yahoo.com.

Here’s the kicker though – you can store more than just the log in for an individual in an information card.  Imagine storing privacy preferences.  What if I don’t want Yahoo to have access to my birth date, for instance?  Or what if I wanted to go even further and completely customize my experience?  What if I wanted Microsoft to provide updates for me right on top of Yahoo.com?  What if I wanted to get a completely customized experience based on the websites I really like around the web?  This is where the next part comes in.

The End of the Cookie and Birth of “the Selector”

Imagine a web where you, the viewer or user or consumer, are able to browse and get a completely customized experience that you control.  What if you are a Ford user and want to see comparable Ford cars on Chevy’s website? (I talked about this earlier)  Or here’s one I’ve even seen in production: I’m a big Twitter user.  What if I want to learn what others are saying about the websites I visit on Twitter without ever having to leave those websites?  Or say I’m a AAA member and want to know what hotels I’m searching for are AAA-supported?  What if I don’t like the way a website I visit is rendering content and I want to customize it the way I want to?   All this stuff is possible with the Selector.

azigo-action-cards-in-action-1716732

In the past you usually were at the mercy of these websites unless they provided some way for you to create your own context.  This is because these sites are all reliant on “cookies”, pieces of information stored on the browser that are reliant on IP that are only readable by the websites that generated them.  With a cookie there is no identity.  There is only IP.  With a cookie the website controls the experience – each website is in its own silo.  The user is at the mercy of each silo.

Kim Cameron and Craig Burton have been big proponents of a new identity technology intended to replace the cookie.  It’s called “the Selector”.  The idea of the Selector is that you, the user, use Information cards in a manner allowing you to fully control the experience you have as you peruse the web.  The idea uses an extension to information cards, called “action cards“, which enable users and consumers to specify their own preferences as to who shows them data and when around the web.  The cool thing is that businesses have a part in this as well that the users can opt into.

For instance, Ford could provide an action card (or “Selector”) using technologies like Kynetx to display comparisons of Ford products right next to Chevy’s right on the Chevy.com website.  Chevy.com can do nothing about it (other than provide their own selector) – it is 100% user-controlled, and the user’s choice to enable such.  Or, let’s say I’m a big Mac user and I want to see what Dell products are compatible with my Macbook – I could simply go to Dell.com and find out because hopefully Apple has created a Selector for Dell.com.  Not only that, but these sites, Dell.com, Apple.com, Ford.com, Chevy.com can all track my interest based on preferences I set and customize the experience even further so I am truly gaining a “purpose-based” experience around the web.

All of the sudden I’m now visiting “the web” instead of individual sites on the internet, and the entire web becomes the experience instead of a few websites.  The possibilities are endless, and now imagine what happens when you add a social graph full of truly contextual identities on top of all this.  Now I can feed my friends into this contextual experience, building an experience also based on the things they like and adding it onto the things I like.  There are some really cool possibilities when the web itself is a platform and not individual websites.

Ubiquity

The future of the web is Ubiquity, the state or capacity of being everywhere, especially at the same time.  Users will be ubiquitous.  Businesses will be ubiquitous.  There are no boundaries in the web of the future.  I’ve talked about the building block web frequently but that just touches the surface.  In the future these building blocks will be built, and controlled by the users themselves.  Businesses will provide the blocks and the users will stack them on top of each other to create their own web experience.

Businesses will have more sales because the consumers will be getting what they want, and consumers over all will be more productive.  This new approach to the web will be win-win for both sides, and we’re just getting started.

Where We Are At

Here’s the crazy thing that blew me away last week – we’re so close to this type of web!  We see Google building an operating system entirely out of a browser.  We have Information card and Action card/selector platforms such as Azigo, which enable users to seamlessly integrate these experiences into the browser.  We have developer platforms like Kynetx which enable the creation of such an experience.

Imagine if Google were to integrate information and action cards right into ChromeOS.  What if Kim Cameron were to get Microsoft to integrate this into IE and Windows? (hint – they will)  What if Apple integrated Information Cards into the Keychain so you actually had context with your log on credentials?  All this is coming.

Where We Still Need to Go

We’re not there yet, but we’re so close!  I want to see more focus on this stuff and less on the Social web and real-time technologies.  For those technologies to fully succeed we need to stop, take a deep breath, step back, and get identity right.  We’re not quite there yet.

I want to see technologies such as Mozilla Weave integrate Information Cards for their browser (rather than reinvent the wheel, which is what they appear to be doing).  We need more brands and more companies to be writing contextual experiences on the Kynetx platform (which is all Open Source, btw).  We need more people pushing companies like Google and Microsoft and Apple to be integrating these technologies so the user can have a standardized, open, fully contextual experience that they control.  I want to see Facebook create an experience on these platforms using Facebook Connect.  I want Twitter to build action cards.

For this to happen we need more involvement from all.  Maybe I’m crazy, but this future is as clear as day for me.  I see a future where I go do what I want to do, when I want to, and I get the exact experience I asked for.  This is entirely possible.  Why aren’t we all focusing on this?

Sign in Graphic Courtesy Chris Messina


Discover more from Stay N Alive

Subscribe to get the latest posts sent to your email.

79 thoughts on “The Future Has No Log In Button

  1. In order to build mozilla weave based on this “selector”, you need to standardize it first.
    Mozilla is not going to implement something that you can not find RFC on.

  2. The easier you make it to tell a website all about you, the more web sites will insist you tell them all about you. Even to do the simplest things, be they comment on a post or even get beyond the home page.

  3. Brad, the advantage to this is there's no one controlling what each website
    knows about you. In the future you'll be able to specify, on your own
    desktop, what you want each website to know about you and those websites
    will be forced to respect that.

  4. Alas, history shows it doesn't work that way. Giving users control is the panacea that is always offered in response to this problem. And yet, time and time again, it is shown that they don't exercise it, and I don't think it is simply because the UI isn't well enough designed, nor is it because, if you ask them, they will say they don't care.

    When you give the user control, you actually strip them of their power to negotiate. It becomes large company vs. single person, and that's no negotiation at all. It's take it or leave it. Or worse, “Give us everything, and you 1% tin foil hat folks can give us a bit less and we now feel we have done our bit for privacy.” And then after a while it switches to Facebook's approach “If you won't tell us everything about you and all your friends, you can't use our 'application' (embedded web site)”

    Before proposing doing a failed strategy like user control again, it is important to have a good model of why it failed before, so you know you have fixed it, if it can be fixed.

  5. Very interested in all of this – a common business requirement in any new service relationship (physical or on-line) is “Know your customer” and that often has a regulatory requirement to be repeated uniquely for each new business relationship (even going to a bank to get a new mortgage when you already have a regular verified business relationship with them – we need a mechanism which is in effect “KYC once with a trusted regulator – use many”

  6. Hello Jesse, great post. It is a good concept. Security would of course be a huge consideration with this type of streamlined approach. Protecting against multiple log-ins is one thing – when you assume that these logins also include banking details, credit cards etc, then security takes on new importance.
    The ability of many sites now to incorporate the role of search engines as well as combine multiple rss feeds may lend themselves to your scenario as well. Even now, the possibilities presented by open-source platforms such as wordpress allow such limitless customization that can only be enhanced further by the use of selectors. If we use a simple OS combined with a smart opensource platform that incorporates selectors, what you're left with is an extremely fast and infinitely customizable internet. *waves goodbye to microsoft*
    Katie Kay Holmes.

  7. Hi,

    good article – Infomration Cards are the closest digital way to offering the same atributes as a real life ID.

    By the way, Avoco Secure have just reelased a Cloud Selector for Information Cards to improve usability and allow anywher access (including mobile devices) – I demoed the system at the openID conference and the IIW conference.

    You can see a release on it here: http://www.prweb.com/releases/2009/11/prweb3140

  8. I think selectors are completely the wrong direction. The problem with them is that they tie you to a single computer, or at best a single selector service that only works with one browser. Many people use multiple computers – I routinely switch between five – my iPhone (at home in the UK and in Europe), my Android (for trips to the US), my laptop, my partner's laptop, and my desktop. I switch between Safari, Firefox, Stainless, and Google Chrome regularly, and sometimes Tweetie on the iPhone handles my web browsing duties.

    On top of that, when I'm visiting family or friends, or in a space with kiosk computers but no easy wifi access, I often use the local computer, which often runs Internet Explorer.

    I'm unusual, but not that unusual. Most people don't take their computers with them on vacation, and as such rely on 3rd party computers to handle their logins. Selectors / cardspace / infocards / weave simply don't work everywhere, and therefore they're a non-option for the vast majority of users. If we could agree on a global standard, and get that standard implemented universally, then *maybe* we could see significant adoption, but that's a long shot.

    I'm surprised you don't mention Webfinger in your post. The thing that Webfinger offers is a progressive enhancement approach to login. Above this input box, I see a NASCAR of login buttons for Disqus, Facebook Connect, Twitter, and OpenID. Below it, you require me to enter my name and email address.

    Try going to webfinger.org/login (using a GMail address works best thanks to Google's pioneering support, but Hotmail and Yahoo addresses, as well as most personal email domains also do the trick). If you don't want to login, try using my email address: http://webfinger.org/lookup/romeda@gmail.com

    It turns out that with this extremely simple discovery mechanism keyed off of the already required email address, you can find all of those bits of information: facebook, twitter, openid login details, names, avatars, etc. It works today, and it's easy to add support. Cardspace / selector tools can be made simpler and more effective if built on top of a decentralized identity system like Webfinger, but the reverse isn't true.

  9. I think selectors are completely the wrong direction. The problem with them is that they tie you to a single computer, or at best a single selector service that only works with one browser. Many people use multiple computers – I routinely switch between five – my iPhone (at home in the UK and in Europe), my Android (for trips to the US), my laptop, my partner's laptop, and my desktop. I switch between Safari, Firefox, Stainless, and Google Chrome regularly, and sometimes Tweetie on the iPhone handles my web browsing duties.

    On top of that, when I'm visiting family or friends, or in a space with kiosk computers but no easy wifi access, I often use the local computer, which often runs Internet Explorer.

    I'm unusual, but not that unusual. Most people don't take their computers with them on vacation, and as such rely on 3rd party computers to handle their logins. Selectors / cardspace / infocards / weave simply don't work everywhere, and therefore they're a non-option for the vast majority of users. If we could agree on a global standard, and get that standard implemented universally, then *maybe* we could see significant adoption, but that's a long shot.

    I'm surprised you don't mention Webfinger in your post. The thing that Webfinger offers is a progressive enhancement approach to login. Above this input box, I see a NASCAR of login buttons for Disqus, Facebook Connect, Twitter, and OpenID. Below it, you require me to enter my name and email address.

    Try going to webfinger.org/login (using a GMail address works best thanks to Google's pioneering support, but Hotmail and Yahoo addresses, as well as most personal email domains also do the trick). If you don't want to login, try using my email address: http://webfinger.org/lookup/romeda@gmail.com

    It turns out that with this extremely simple discovery mechanism keyed off of the already required email address, you can find all of those bits of information: facebook, twitter, openid login details, names, avatars, etc. It works today, and it's easy to add support. Cardspace / selector tools can be made simpler and more effective if built on top of a decentralized identity system like Webfinger, but the reverse isn't true.

  10. Another way to look at the shortcomings of our current web login paradigm is to conclude there needs to be an open identity metasystem that allows opt-in user choice relationships on the web similar to those you enjoy in real life. You choose which store to go in, you choose what to buy, how to pay, and if you like the store, you come back. Think of the 'Selector' as a wallet to hold your cards. You can choose any selector vendor you want just as you choose your wallet brand. But this goes beyond fashion. Unlike choosing Prada over YSL, the selector gives you control over how and where links to your personal data live. Note that the actual personal data could live with multiple identity providers representing merchants, banks, clubs, government, etc. and/or some of it could be stored locally. Your selector determines what you can do (how you can wield) your personal data. Microsoft has a selector already built in to Windows/IE, and supports the information card standard approved by OASIS this year. Azigo supports the same standard, but also extends that to support action cards that for example, show you on a Google search, which links are with companies that offer a AAA discount (if you have a AAA information card in your wallet-selector). Both work with IE. Azigo supports Firefox on Mac/Windows as well.

  11. Katie, ironically, I predict Microsoft will actually play a part in this
    process. Kim Cameron, a huge leader in this space, got his start in this
    while at Microsoft.

  12. Blaine, thanks for your input – you've been involved in this much longer
    than I and I value your ideas and feedback. I am still getting to know
    webfinger – I'll definitely check it out more. I think the dilemma is a
    matter of whether we sacrifice the ability for context across any website on
    the internet, or across any browser or computer. I think eventually we'll
    get the cross-browser/computer thing right though. A strong set of
    standards around this, which are definitely on their way (but definitely not
    there yet), along with a cloud-based, open source, standards-controlled
    system that keeps the data away from the organization and only extractable
    by the client I think could make this possible.

    That said, I'd love to know more about other ways these problems are being
    tackled, standards being built to push these efforts, etc. My goal is to
    bring much more awareness to this space, regardless of what the end solution
    ends up being.

  13. The general history of trying to solve privacy and identity issues with user control panels, be it P3P, Cookie control tools and various other privacy protecting tools.

    By and large the overall architecture and defaults defined the results, not the user control. The success stories, such as they are, all come from times when the overall architecture was done right in the default configuration.

    The reality is, one hardly needs to have an account at 99% of the web sites you visit. That's even true of online stores when one can use online payment systems which provide your shipping info to the store when you buy. (In an ideal world you would not even need to provide your address, just a token that can be given to the shipping company, which will know your address and have an API to calculate costs from it.)

    I just fear that with many of the identity proposals coming forward, they will generate a world where you end up with an account of some sorts at vastly greater numbers of web sites, all with no particular value to you over and above what you got from cookies.

    Why? Sites are desperate to monetize, and they all think “analytics” is the answer because they can't think of another one. If they know their users more they can somehow make some money from them.

    Your blog (and mine) are rare, and getting rarer in allowing people to comment as a guest.
    In fact, it could all be done with a stateless authentication system with the site storing nothing about the user.

  14. BTW, to try it, I tried to login to your blog for commenting using my openid (since it does not remember things for you without that) and the login “works” but nothing changes, it still has me posting as a Guest and makes me jump through pointless hoops to do so.

    The problem with many systems is, I fear, differing concepts as to the purpose of identity, or whether identity is the right solution to a problem at all. Quite often, what you want to know or remember about a user has nothing to do with their “identity” as we usually tink of the term. You more often want to know various attributes, such as “Is this the same poster as before” so you can keep names constant and kick off spammers. The sites that actually need “identity” from you are actually quite rare. The sites that *want* identity from you are much less rare.

    It's hard to argue with the point that if you make it easier and easier to identify yourself to web sites, you will be identifying yourself to web sites more and more often, and almost surely identifying more about yourself to more web sites more often. Most online ID efforts, like openid and information cards seek to make identity easier to do. They rarely ask if this is something we want to make easy to do, because in our instincts anything we do is something we want to make easier.

    It is always a good idea to ask what the real purpose of the technology is, and who it is serving. Does it serve me to give my email to a web site? Sometimes, but usually not. Usually it only serves me in the sense that the web site demands it and won't let me come on unless I give it.

    Contrary to intuitions, control over all this may not, as I have pointed out, serve me either. Sometimes it will, but will it benefit me on the whole? Again, the easier it is for me to hand over information, the more information that will get handed over, not just by me but by everybody. Have I won?

    The web would obviously be much more convenient if every time you visited a web site you handed over a whole slate of ID card information. Indeed, early web browser implementations sent your email address with every web hit. Sites would no longer need signup procedures at all or logins. Everything you did could be pre-customized to your needs based on shared profiles about you.

    But would this be a good thing? I suppose some would say yes but most would say no. So clearly it's possible to make it too easy for the browser to pass over all sorts of stuff. How do you decide when you have gone too far.

    I would venture that a typical site only needs to know two things to let you post a comment, for example. One is are you a spammer. The other is are you the same as somebody who posted before (which is part of deciding if you are a spammer.) These don't need a login, but so many sites demand one for it. Expect sites to demand far more than they need when designing your system.

  15. The ability to integrate, in an instant, your portable profile – will help any help any website build their community, their brand, CSI levels, etc….the key is making it an option.

    Its crazy to think of how much more information could be passed along to the company & the consumer with these information cards in place…

    Great thoughts in this post…nicely done.

  16. Dave, agreed. There are people working on that problem now though – I've
    had a few people contact me telling me about cloud-based solutions that
    integrate with the client to solve that problem. I think the client is
    necessary, but it should also utilize the cloud in some way to ensure
    portability. It's not an easy problem to solve, but I predict we're very
    close to solving it!

  17. I came here to point out that Information Cards would tie me to a single computer at best, and a specific installation of a single browser at worst. You made that point and several more that I agreed with at every turn but didn't think to include in my idea for a comment. I just want to say, thanks.

  18. Heyo Jesse!
    Another interesting post.
    But the comments helped me even more than your ideas about the future web.

    Many folks aren't ready to share too much information to third party sites, even if it's publically shared info. I rely on this info to enable social search (2way search) and contextual ads.

    Check out the groovy stuff that Tyler (a little help from me) has contstructed at http://imm.victusmedia.com when you get a chance.

  19. Mark, your hesitance to share info with third-party sites is the exact
    reason this technology needs to be implemented. This info relies completely
    on the client, with the help of centralized servers, but you decide, on the
    client, what you want shared, and the experience you want to have. This is
    the most free you will ever be as a user in terms of being separated from
    third party sites and still being able to have a contextual experience.

  20. I'm a third party sharing machine, but I want users to feel comfortable using a service I'm helping to build.

    It turns out, you have inspired our tech lead to check this identity system out, so we're convinced of utility.

    Will check back once I learn a little more about the implementation.

    Ps, we're branching into social search as a user value add. Always looking for ways to stack strong filters. Where's the best place for me to catch up socialtoo's direction?

  21. Mark, just send me an e-mail – jesse@staynalive.com and let me know what you're thinking of and I can tell you if it fits into SocialToo. A lot of the best filters we have I'm still testing behind the scenes and will hopefully be launched soon.

  22. Stay at home and go sightseeing the world.Thank to the authors carefully describe about travel.Here are some sits about travel products.I hope you can help to recommend a always11 tourist products for this season travel.

  23. Jeder Mensch braucht Bewegung, Sportgerte, natrlich entscheidend, und die wie Sportschuhe, Sportbekleidung wie. Bevor ich auf anderen Seiten suchen gehen, habe ich mehrere gute Seiten ber die Sportgerte finden eine Menge Hilfe bieten, knnen wir frei sein zu sehen.Gucci sweaters

  24. Stay at home and go sightseeing the world.Thank to the authors carefully describe about travel.Here are some sits about travel products.I hope you can help to recommend a always11 tourist products for this season travel.

  25. […] must consider carefully. Specifically, when I read posts like Jesse Stay’s concept of a future without a login button, or evaluate the mockups for an “active identity client” based on information cards or […]

  26. The easier you make it to tell a website all about you, the more web sites will insist you tell them all about you. Even to do the simplest things, be they comment on a post or even get beyond the home page.

What do YOU think? Let us know your thougts below!

Discover more from Stay N Alive

Subscribe now to keep reading and get access to the full archive.

Continue reading