selectors Archives - Stay N Alive

The Future Has No Log In Button

Graphic Courtesy Chris Messina - http://factoryjoe.com/blog/2009/04/06/does-openid-need-to-be-hard/

Since last week’s Kynetx Impact Conference I have gained an entirely new vision for the open web.  I now foresee a web which the user completely controls, lives in the browser, syncs with the cloud, and has no boundaries.  This new web completely makes the entire Social and Real-time paradigms miniscule in terms of significance.  What I see is an internet that, regardless of what website you visit, you will never have to enter your login credentials again.  I see the end of the log in button.

It all centers around identity.  The idea comes with a technology called Information Cards, and a term called the “Selector”.  With these technologies, websites will rely on the client to automatically provide the experience you want without need for you to log in ever again.  It relies on OpenID, doesn’t really need oAuth (since all the authorization ought to happen on the client), but the best part is you, the user, don’t ever have to know what those technologies are.  It “just works”.

OpenID

OpenID LogoLet’s start with what you might already be familiar with.  You’ve probably heard about OpenID before.  If not, you might notice a little vertical orange line with a little gray arrow going from the line in a circle on some sites you visit.  Google just announced today that their profiles are now OpenIDs.  That basic concept is that you can specify on any website on the web a “provider”.  When you log in via Open ID, all you have to enter is your preferred website that specifies this “provider”.  The website you’re logging in to then redirects you to that provider, you provide your password, and it takes you back to the authenticating site.  It’s a simple authentication mechanism that enables sites to know who you are, just via a simple URL.  StayNAlive.com is a identifying URL for me, and points to my provider, myopenid.com.

In addition, utilizing technologies such as “FOAF” (Friend of a Friend), and the Google Social Graph APIs and other technologies, you can do cool things with identity.  Since I know your provider ID is being linked by your website, I know both your website and that provider are the same person.  You can link sites together, and now you know which profiles around the web are truly you – it becomes much harder to spoof identity in this manner, especially as more and more sites begin to adopt this methodology.  The problem with OpenID is its still a little confusing (even for me), and not everyone is familiar with entering in a URL into a log in space to identify themselves.

Information Cards

OpenIDSelector

Enter Information Cards.  This is a new space for me, but a fascinating one.  An information card is a local identity, stored in your browser or on your operating system, which you can “plug in” to any website, and it tells that website about you.  Theoretically, they could even sync off of a local server somewhere, but Information Cards (so I understand) are controlled on the client.

The cool thing about Information Cards is that you can store lots of different types of information on them (again, if I understand correctly).  At a very minimum, information cards allow you to store an identity about an individual.  In an ideal environment, you would be able to download an information card program like Azigo, visit a site like Yahoo.com, select your Yahoo information card, and just by clicking the information card it would immediately log you

into Yahoo.  The cool thing is that ideally, this completely avoids the phishing problem because Yahoo is the only one that can read your information card for Yahoo.com.

Here’s the kicker though – you can store more than just the log in for an individual in an information card.  Imagine storing privacy preferences.  What if I don’t want Yahoo to have access to my birth date, for instance?  Or what if I wanted to go even further and completely customize my experience?  What if I wanted Microsoft to provide updates for me right on top of Yahoo.com?  What if I wanted to get a completely customized experience based on the websites I really like around the web?  This is where the next part comes in.

The End of the Cookie and Birth of “the Selector”

Imagine a web where you, the viewer or user or consumer, are able to browse and get a completely customized experience that you control.  What if you are a Ford user and want to see comparable Ford cars on Chevy’s website? (I talked about this earlier)  Or here’s one I’ve even seen in production: I’m a big Twitter user.  What if I want to learn what others are saying about the websites I visit on Twitter without ever having to leave those websites?  Or say I’m a AAA member and want to know what hotels I’m searching for are AAA-supported?  What if I don’t like the way a website I visit is rendering content and I want to customize it the way I want to?   All this stuff is possible with the Selector.

Azigo Action Cards in Action

In the past you usually were at the mercy of these websites unless they provided some way for you to create your own context.  This is because these sites are all reliant on “cookies”, pieces of information stored on the browser that are reliant on IP that are only readable by the websites that generated them.  With a cookie there is no identity.  There is only IP.  With a cookie the website controls the experience – each website is in its own silo.  The user is at the mercy of each silo.

Kim Cameron and Craig Burton have been big proponents of a new identity technology intended to replace the cookie.  It’s called “the Selector”.  The idea of the Selector is that you, the user, use Information cards in a manner allowing you to fully control the experience you have as you peruse the web.  The idea uses an extension to information cards, called “action cards“, which enable users and consumers to specify their own preferences as to who shows them data and when around the web.  The cool thing is that businesses have a part in this as well that the users can opt into.

For instance, Ford could provide an action card (or “Selector”) using technologies like Kynetx to display comparisons of Ford products right next to Chevy’s right on the Chevy.com website.  Chevy.com can do nothing about it (other than provide their own selector) – it is 100% user-controlled, and the user’s choice to enable such.  Or, let’s say I’m a big Mac user and I want to see what Dell products are compatible with my Macbook – I could simply go to Dell.com and find out because hopefully Apple has created a Selector for Dell.com.  Not only that, but these sites, Dell.com, Apple.com, Ford.com, Chevy.com can all track my interest based on preferences I set and customize the experience even further so I am truly gaining a “purpose-based” experience around the web.

All of the sudden I’m now visiting “the web” instead of individual sites on the internet, and the entire web becomes the experience instead of a few websites.  The possibilities are endless, and now imagine what happens when you add a social graph full of truly contextual identities on top of all this.  Now I can feed my friends into this contextual experience, building an experience also based on the things they like and adding it onto the things I like.  There are some really cool possibilities when the web itself is a platform and not individual websites.

Ubiquity

The future of the web is Ubiquity, the state or capacity of being everywhere, especially at the same time.  Users will be ubiquitous.  Businesses will be ubiquitous.  There are no boundaries in the web of the future.  I’ve talked about the building block web frequently but that just touches the surface.  In the future these building blocks will be built, and controlled by the users themselves.  Businesses will provide the blocks and the users will stack them on top of each other to create their own web experience.

Businesses will have more sales because the consumers will be getting what they want, and consumers over all will be more productive.  This new approach to the web will be win-win for both sides, and we’re just getting started.

Where We Are At

Here’s the crazy thing that blew me away last week – we’re so close to this type of web!  We see Google building an operating system entirely out of a browser.  We have Information card and Action card/selector platforms such as Azigo, which enable users to seamlessly integrate these experiences into the browser.  We have developer platforms like Kynetx which enable the creation of such an experience.

Imagine if Google were to integrate information and action cards right into ChromeOS.  What if Kim Cameron were to get Microsoft to integrate this into IE and Windows? (hint – they will)  What if Apple integrated Information Cards into the Keychain so you actually had context with your log on credentials?  All this is coming.

Where We Still Need to Go

We’re not there yet, but we’re so close!  I want to see more focus on this stuff and less on the Social web and real-time technologies.  For those technologies to fully succeed we need to stop, take a deep breath, step back, and get identity right.  We’re not quite there yet.

I want to see technologies such as Mozilla Weave integrate Information Cards for their browser (rather than reinvent the wheel, which is what they appear to be doing).  We need more brands and more companies to be writing contextual experiences on the Kynetx platform (which is all Open Source, btw).  We need more people pushing companies like Google and Microsoft and Apple to be integrating these technologies so the user can have a standardized, open, fully contextual experience that they control.  I want to see Facebook create an experience on these platforms using Facebook Connect.  I want Twitter to build action cards.

For this to happen we need more involvement from all.  Maybe I’m crazy, but this future is as clear as day for me.  I see a future where I go do what I want to do, when I want to, and I get the exact experience I asked for.  This is entirely possible.  Why aren’t we all focusing on this?

Sign in Graphic Courtesy Chris Messina

All Your OS Are Belong to Google – Why Aren’t We Worried?

Kool-Aid ManI’m following the stories of the Google Chrome OS release today and am a bit concerned about some of the claims that are being made.  Mashable even goes to the extent of predicting Google is going to “destroy the desktop” with it.  Google is banking on the fact that many users use their computers solely for accessing Twitter, Facebook, and E-mail through a browser.  They’re right – we’re becoming more and more of a web-reliant society, and the cloud is rendering much of the fluff that happens on the traditional operating system unnecessary.  However it concerns me when a company so known for wanting to run that operating system fully from the cloud is the one pushing this model.  Let’s not kid ourselves here – Google wants you to run as many of their services as possible (since they’re a web company) so they can own more information about you.  That’s not always a bad thing – the more they know about you, the better an experience they can provide for you with as little effort on your part as possible.  I argue it’s the wrong approach though, and it’s harmful to user-controlled and open identity approaches on the web. My hope is that Google has a plan for this.

A Client-based OS vs. a Web-based OS

Let’s look at the old (well, I guess it’s not old yet) approach to operating systems.  They were all about the user.  A user booted up a computer they could very well have even built themselves.  The user logged in to that computer.  On Windows machines they have a Control Panel where they can adjusted their system settings.  On Macs they have System Preferences.  On *nix they have command-line (okay, I’m joking there, mostly).  They can install the programs they like.  They can adjust who can and can’t log in through the computer.

The problem with putting the user in control is that they have to be responsible for their data.  They have to be responsible for their Hard Drive not dying and losing an entire life history because of that lack of attention.  Most users don’t know how to do that.  Not only that but allowing user control includes additional overhead on the operating system, slowing boot times down, adding complexity, and increasing the learning curve for most users that just want to access their e-mail or visit Facebook, etc.

This is why a web-based OS could make sense.  The web OS focuses on one thing and one thing only – moving the user experience wholly to the cloud.  The cloud becomes the new OS, and services can be provided from there to shift the burden from the user to the cloud in storing their data.  Great!  Where do I sign up?

The Problem With a 100% Cloud Solution

There’s still a problem with this model though – with a 100% cloud-based solution the user loses all control over the experience and puts it into the hands of one or two very large entities.  The only approach to ubiquity for users is for those entities to have their hands across every website those users visit and every web app those users run.  That’s a little scary to tell you the truth.  With a 100% web-based approach the user loses control of their identity and puts it in the hands of the BigCo.  As Phil Windley puts it, this puts the focus back on Location, which is business focused, rather than Purpose, which is consumer focused.

Let’s try to look at this from another angle.  What if we were all on 100% Web-based Operating Systems and Facebook were to successfully get Facebook Connect into the hands of every single website and every single company on the web in some sort of open manner?  You’d be able to visit any website, bring your contacts from Facebook and other data from Facebook to those sites and they’d be able to customize the experience to you and provide context, right?  That’s partially true.  A server-based approach can provide some context.

However, let’s say I’m a huge Ford fan and I want to see what types of Ford cars compare with the cars I’m viewing on Chevy’s website.  Sure, Ford could provide an API to enable other websites to integrate their own context into other websites, but do you think Chevy is ever going to integrate this?

Heck, if we go back to the standpoint of Facebook, even Google and Facebook are having issues working together on that front (look at Google Friend Connect – see Facebook in any of their providers?).  The fundamental flaw of a server-based approach is there is absolutely no way organizations are going to cooperate enough to be able to provide context across 100% of the web.  No matter how many foundations are formed there will always be some disconnect that hurts the user.  The only way that’s going to happen is via the client.

Enter Information Cards and the Selector

OpenIDSelectorAs I mentioned earlier I’ve been attending the Kynetx Impact conference here in Utah hosted by Phil Windley , author of Digital Identity published by O’Reilly, also attended by such Identity superstars as Kim Cameron (who probably made Microsoft more open than it ever has been with his pioneering of the Information Card concept), Doc Searls (author of The Cluetrain Manifesto), Drummond Reed, and Craig Burton.  My eyes have truly been opened – before anything Social can truly perfect itself we have to get identity right, and a 100% web-based approach just isn’t going to do that.  I’ll be talking about that much more on this blog over the next bit – this is the future of the web.

Kim Cameron pioneered a concept called Information Cards, in which you, as a user, can store different profiles and privacy data about yourself for each website you visit.  When you visit the websites you frequent around the web, you can be presented by your client or browser with previously used Information cards that you can choose to identify yourself with. This can be a very useful and secure approach to combatting phishing (when users become reliant on information cards the authenticating site can’t obtain their log in credentials), for instance.  Check out the “Good Tweets” section of his blog post here for context.

Another great use of Information Cards, a client-based approach, is the ability to provide browser or OS-based context for each user.  This is something Kynetx is working to pioneer.  Craig Burton has talked about the concept of the “Selector”, and how the next evolution of identity from the cookie has now moved to user-controlled context as their accessing the web.  The idea is, as you select an information card, a service such as Kynetx can run on the browser (right now via extension, but future browsers will most likely have this built in) and provide a contextual experience for the user based on the “Selector” for each website that user visits.  The user sets the privacy they want to maintain for those sites, and they are given a contextual experience based on the selectors they have enabled, regardless of where they are visiting on the web.

One example of this, as I mentioned earlier, was at the Kynetx Impact conference when I visited Facebook.com I was presented with HTML in the upper-right corner of Facebook asking me to become a fan of Kynetx and providing me with the latest Tweets talking about the conference.  Among other examples shown, for AAA Auto service, members could provide a selector so that when they’re searching for hotels AAA can customize the experience on Google.com or Hotels.com or anywhere they want to let the user know which hotels provide a AAA discount and what the discount is.  AAA doesn’t need to provide an API to these sites.  They don’t need to negotiate deals.  They can just do it, and enable the users to turn it on at their full discretion.  The consumer is in full control with these technologies and they’re available to any brand right now.  Kynetx has an open API for this that they just launched yesterday.

This form of ubiquitous context for the user can’t happen in a full web-based model.  Users will always lose some sort of context if the entire experience is controlled by the web.  There has to be some involvement by the client to allow the user to truly own their identity and control the experience they have on the web.

Google Has a Responsibility to Do This Right

Google hasn’t revealed their end game in this yet, but my hope is that they continue their “Do No Evil” approach and take this as an opportunity to give the user some more control in the Web OS experience.  There is a huge opportunity for Google to be leaders in this space, and that goes beyond just Open ID.  Google could integrate Information Cards and selectors right into the Chrome browser, for instance, forcing an open, user-controlled approach to identity and introducing a new approach to marketing on the web that is controlled by the consumer.

I hope that the leaders in open standards take note and continue to push Google in this process.  The user deserves this control.  I still think the Web OS has a huge place in our future, but my hope is that we do it right from the start and keep the user in control of this process.  The way it stands it’s looking a little too Google controlled.

Be sure to check out my Twitter stream from tonight for a few more links and thoughts on this subject.

Information Card Image Courtesy Kim Cameron