B. Mann Consulting

It doesn't seem that long ago, but the first Barcamp Amsterdam was way back in October 2005, where RalphM and I first schemed about Jabber World Domination. But in reality, a lot of time has passed -- Jabber is now called XMPP, there have been many more Barcamps outside of the US (yes, Amsterdam was first! picture from Ton's Flickr pictures), and we've got a ton of interesting identity and social software standards / formats / tools to start integrating.

Ralph did a workshop on Federated Social Networks at the beginning of December, which I unfortunately wasn't able to attend on short notice. Now Ralph has set the date for a follow up event to be held along with Barcamp Amsterdam III on March 1st and 2nd.

I will, unfortunately, once again be missing the event, since Drupalcon Boston 2008 will be happening at the same time. I'm hoping that some co-conspirators on a couple of projects will be able to attend (I'm looking at you and you).

I suspect the technology stack that will be discussed includes DiSo, OpenID, OpenID Attribute Exchange, and OAuth, so anyone interested in those items and how they relate to social networks should plan to attend. Note: although I have a reputation as a handwaver supreme, this will most likely be a down and dirty technology, specs, and implementation discussion at its core, so pack your developers and throw them into the capable hands of RalphM.

So, we now have Google's answer to Facebook's closed development platform: OpenSocial (link goes live Thursday).

Google has a good selection of launch partners for this -- Ning, LinkedIn (an API?! finally!), and Plaxo being the most interesting ones. RockYou and Slide are Facebook development companies that are also signed on, so we'll definitely see some launch apps, not just bare APIs.

This is, of course, very encouraging and similar to the short discussion I lead at the Facebook Developer Garage: integrate with systems other than Facebook, use open standards, and put your stuff out on the open web. Marc Canter has a gleeful post about all of this, including linking back to standards and experiments that have already been underway. Be interesting to see how OpenID Attribute Exchange, which I have long been a fan of, fits into all this.

I couldn't believe my eyes when I saw that there was already a Drupal module ready to go -- here's the project page. Except, it's just a placeholder for now :P But, nonetheless, this is an obvious set of APIs for Drupal to support and participate in this open web.

Will it work? Well, we've got a whole other set of mashups and connections to be making. This code is brand new, and developers, designers, and business owners are going to have to spend time kicking the tires and just trying stuff. Just like Facebook and the Facebook platform has been a new thing which has seen an explosion of creativity and experimentation, I expect we'll see the same thing around these open APIs. It's going to be a fun ride...

Scott Kveton does a bit of a round up of what some folks are working on a technical level with portable social networking, in and around OpenID and some loose markup.

He takes what, in my opinion, is a bit of a cut against Attribute Exchange:

Also, attribute exchange doesn’t solve the portable social networking component although I imagine it could be hacked up to do so.

Sorry, Scott, when you use phrases like "hacked up", I take issue. Frankly, I would never have gotten on board with OpenID if I didn't see AX on the horizon as the logical conclusion of the SREG stop gap.

AX is an extensible system that will be able to pass many different kinds of information back and forth between systems. It has the same decoupled nature that OpenID has. Different sites can loosely couple by doing nothing more than using the same keys to define different sets of attributes. Why, exactly, would one NOT use this? In theory, one could do something as simple as host an agreed upon list of attributes -- based on FOAF, XFN, or for that matter any one of them in their own namespaces or with mapping between them.

I mean, we implemented syncing of user profiles using Drupal's simple distributed authentication + FOAF *3 years ago*. Working with SXIP in their various protocol incarnations, DIX, and finally the merging into OpenID and AX has all been part of the process of consensus around standards.

Attribute Exchange is a flexible, extensible base on which to implement many use cases around data exchange for user profiles and related information. Any solution around portable social networking should use this at its base, and the OpenID community should move to finalize the extension and move forward to building cool sh*t on top of it.

At some point I got a ping from someone that was working on a SAML implementation for Drupal. Unfortunately, that was a year ago or more, and trawling my email doesn't seem to surface anything.

So, anyone out there in blog land working on a SAML *SP* (aka client) implementation for Drupal? I have some folks that would like to test interop. Please contact me if you've got something.

Related to this is the Google Apps Authentication module, which lets you use your Drupal database as an authentication source for Google Apps -- the for pay, Enterprise or Education edition. This is a SAML v2.0 IdP implementation as far as I know...

And yes, I'm still a huge OpenID fan. But combining the two standards is even better, since theoretically you could create new Drupal accounts via OpenID, and the Drupal accounts in turn would serve as auth for Google Apps. AKA how to use OpenID with Google :P

So, everyone is writing about the Google Apps Premier Edition. Lots of partners have announced services that integrate with Google Apps today -- see the Google Enterprise Solutions gallery for what's available today.

I've complained before about Google's messed up identity system (it's not fixed yet). And it looks like SXIP is now doing the same thing that it provides for Salesforce: identity management.

I've pinged the folks at SXIP to find out more. Their press release points to SXIP Access, which is their, dare I say it, "previous" solution vs. the OpenID bandwagon? Or maybe not?

Update: I got the scoop from Lori Pike at SXIP: "At this point in time there's no relation between [SXIP Access] and OpenID or SXIP 2.0/DIX." -- and likely there will be a blog post that explains a bit more.

Marc Canter continues to blog up a storm. If you really, carefully, read about all the stuff he's been posting: he really is looking to the future.

Yes, I do find it a bit scary to be agreeing with Marc. I mean...I love the guy, I love his family, but he drives me crazy 50% of the time

So, what has Marc got right lately?

• It's about the network of networks
• social networking is a feature...and it makes sense to pick and choose building blocks to start from rather than blowing your brains out developing code (and UI, and standards, and, and...) from scratch every time; Marc feels burned by open source, so he's doing PeopleAggregator, me, I'm pushing away at my old friend Drupal
• identity is great for sign on is great; now let's get working on attribute exchange, without which 2.x is somewhat pointless -- we had this working 2 years ago with SXIP

That last point is from Marc's latest on Microsoft's CardSpace plus Open ID, and he closes with "without import/export we have no context". That is code for "don't make me create an account on another god-dang site that really should be a feature, and especially don't make me re-enter all my stuff into another system".

Coming up January 17th, 2007 (next Wednesday, if you're reading this in current day blogtime), SXIP is hosting the Vancouver incarnation of an OpenID MashPit event. Here's the scoop:

Want to learn more about OpenID 2.0 and spend an evening hacking on the new code? Join Sxip at the OpenID 2.0 Mash Pit evening in the New Year in Vancouver. There will be simultaneous events that night in Portland and other locations, with a live webcast amongst us. OpenID is an emerging Identity 2.0 standard for exchanging identity data on the internet. This is for people to come and hack on OpenID 2.0 and figure out how to make it work for their sites or applications.

We'll do a brief introduction on OpenID 2.0 and the new stuff you can do with it such as attribute exchange with the email verification service, followed by 5 minute lightening talks on whatever you want to demo or talk about and then break out into small groups to help people actually dig into the "doing" of OpenID enabling their site. The goal? More hacking, less talking.

OK, I've talked to several people about this now and everyone is feeling the pain. 2007 means no more free ride for Google. No, they're not evil....they've just seriously messed up their infrastructure to the point that it is utterly broken.

Darren describes the situation quite well. I know that Jeff has the same issues, with an extra fun one trying to connect to people with Google Talk. Both Jeff and I have talked to people we know inside Google, but they haven't been able to find anyone on the "inside" who knows more.

Here's my screenshot (extended description on Flickr) of being logged in twice with the same address:

Public acknowledgement of the broken-ness? Not that I can find. Response to "regular" channels? i.e. this is critical and I can't use Docs/Spreadsheet? None.

Google, what's the plan? I'm not asking to switch to OpenID or allow OpenID logins or any sort of *crazy* talk like that...I just want your existing identity structure to work, to allow me to combine or retire accounts as needed, and not have everything be broken.

Be nice to have a name or pointer to the person/team that is working on this...there are many people willing to troubleshoot and work on this. 

If you haven't been back to LinkedIn for a while, it's time to check it out again. I've written about it in full or passing before -- my favourite title is probably The first business plan with social networking features: LinkedIn, highlighting the fact that connecting people really is just one aspect of any such service.

So, why should you go back now? LinkedIn Answers. It lets you ask questions, answer them, recommend experts and links. It's definitely going through some growing pains, especially as there are no feedback loops in place to stop people from marketing or pitching rather than really asking questions.

I've been using it for the last 5 days or so....and it's addictive (bagged my first "expert" star in the Blogging category). The quality of the interaction is quite high, and I actually find myself browsing the questions. That has been my single biggest feedback about LinkedIn (not bad or good, just feedback): you go there when you need something, but there isn't anything that inherently draws you back. With Answers, that changes.

One thing I would like to see is increased open-ness from the system. Answers is exactly the sort of thing that should be out in the open, for many of the questions and answers. Any decent answer I post is likely of high enough quality that it should be posted out on my blog, available to the "open Internet". Having an account on LinkedIn is a fine barrier for interacting, but the content itself should be publicly permalinkable. Yes, LinkedIn is an identity system with reputation built in...wonder when they will connect to an open standard.

If you want to give feedback directly, I started a question inside Answers: Suggestions on how LinkedIn Answers should evolve.

MyBlogLog is the closest to distributed social networking I've seen. There is no "claiming" of blogs, which is a bit of an issue...they'll need to add something like that soon.

They also don't have identity figured in, plus the most ridiculously long profile information pages which just underscores for me that I really never want to fill out another one of those, and I don't want to have to set privacy...I want that stuff to just work.

This might be an interesting purchase for Technorati (which just added OpenID support...). 

Update: and apparently I should link to my "community".