gdp's Comments

Lucas Gonze's blog : Unite is not Sucky Apache

Wed, 17 Jun 2009 17:57:24 +0000

My understanding is that each app is contained in a sandbox... do you mean that a single Unite instance could simply talk to the other sandboxes over HTTP — as though they were just web services on the web, but happen to be served from the local filesystem? Indeed, that IS interesting...! I just wish they'd pushed forward some of the discovery technologies (XRD/XRDS-Simple) that we've been working on!

Lucas Gonze's blog : music implications of the Opera announcement

Wed, 17 Jun 2009 03:34:49 +0000

I agree with you that having a web server on the client side that's accessible from the rest of the web is awesome. This is why I love SimplifyMedia... It makes it possible for me to access my Mac Mini which holds my 60GB of music from anywhere that has an internet connection. That said, I think that we still a way to really do P2P-style, disintermediated connections that don't rely on a centralized proxy. It's one thing if you want to bootstrap with such a service — that's fine! — but I think it should be one option among many.

mtrichardson : Why Wordpress

Wed, 13 May 2009 16:59:47 +0000

It's funny to think that, of 17 must-have plugins that were "must have" for me in 2007 no longer are (save for the OpenID plugin!): http://factoryjoe.com/blog/2007/07/10/my-defaulta... Here're a few that I like: http://www.feedburner.com/fb/a/help/wordpress_qui... http://wordpress.org/extend/plugins/apture/ http://deanjrobinson.com/projects/fluency-admin/ http://www.arnebrachhold.de/redir/sitemap-home/ http://yoast.com/wordpress/analytics/ http://www.stimuli.ca/lightbox/ http://blog.matrixagents.org/wp-plugins/ http://txfx.net/code/wordpress/subscribe-to-comme... http://ocaoimh.ie/wp-super-cache/ http://crowdfavorite.com/wordpress/

mtrichardson : Why Wordpress

Wed, 13 May 2009 06:38:21 +0000

Whohoo! Welcome to the land of PHP and the_loop()! ;)

FactoryCity : Does OpenID need to be hard?

Tue, 7 Apr 2009 14:35:08 +0000

I mean in cases where identity is useful or necessary but where you
don't have a browser. Consider if Netflix supported OpenID and you
wanted to access your account on your Blu-Ray player where you have no
web browser.

In that case, you'd need to have a solution \"beyond the browser\".
Surely you could use OAuth generally, but the idea is identifying
yourself and providing proof of who you are through some out of band
mechanism.

Coding Passion : Would OAuth have prevented the latest attack on Twitter?

Mon, 26 Jan 2009 21:26:24 +0000

For more on this topic, you might take a listen to the podcast that Larry Halff and I did with Alex Payne of Twitter where we reinforced this point: http://tr.im/cg_10

Twitterrati : Coming Soon: No More Passwords Giveaways!

Sun, 25 Jan 2009 21:52:53 +0000

Just wanted to clarify something about what you said. OAuth is not about using a "universal ID to use third-party applications". Instead, it's merely about substituting an application key and a token in place of your username and password. OpenID more about a universal ID -- so OAuth and OpenID are complementary. An easier way to think about this is that OAuth is about what you can do, whereas OpenID is about who you are.

Michael Richardson : Single Sign Out

Thu, 8 Jan 2009 18:39:36 +0000

Isn't that what the openid_check_immediate function is for? So RPs can immediately look up whether the current user is still signed in?

Michael Richardson : Single Sign Out

Thu, 8 Jan 2009 08:12:49 +0000

I think it's important to think about this as a hub-and-spoke model, where Facebook is acting as your identity provider, and therefore you are going to want to stay signed in there the longest, and flit around to other sites here and there, on and off. If you had to sign in to Facebook EVERY TIME you went to a third party, that'd be a serious buzz kill. (Hence the long-lasting sessions). Now, that said, it seems like the optimal user experience is a two-step process: 1. log the user out of the local site 2. pop a lightbox that says "we've logged you out of this site; would you also like to sign out of [Identity Provider]?" If it were baked into the protocol (say, OpenID 2.1??) this would be a pretty great user experience. This is what Facebook's UI currently looks like, FYI: http://www.flickr.com/photos/factoryjoe/317850696...

Michael Richardson : Single Sign Out

Thu, 8 Jan 2009 08:09:12 +0000

You could also add some IP-sniffing or geo-IP smarts to see if the user is in a context where you expect him or her to be and kill sessions accordingly. I'm pretty sure Facebook was doing this when I was in Hawaii -- I swear, every 15 minutes I had to sign back in to Facebook!! When I'm at home (SF), my session rarely, if ever, expires. Clearly something intentional was going on there. Kind of a nice feature for travelers who use internet kiosks, etc.

Ben Werdmuller : Who cares about OpenID awareness?

Wed, 19 Nov 2008 03:29:29 +0000

I find it somewhat ironic that I'm commenting on this post having signed in with an identifier that IntenseDebate describes as my "OpenID". If they didn't call it "OpenID", what should they have called it? Furthermore, you might have made the same argument about "email" years ago... and thankfully that happened or else we might be asking each other for our "AOLs, Prodigies and Compuserves" and we all know how relevant those "household" names are today. The point is, we need to call these special URL-based identifiers something, because NOT ALL URLs are OpenIDs. If I asked you for your blog address to sign in, not all blog addresses are OpenIDs; sure I can ask you for your AOL, Yahoo, Microsoft, Google, MySpace and other accounts -- but one, that doesn't reflect the decentralized model of the web and two, is a list that EVERYONE is going to want to get on (and will probably use dirty tricks, as you suggested). As much as I don't want OpenID's inner workings to be seen by people, I think in order to enable the decentralization that's necessary for the protocol to thrive, we need to get people in the position where they can recite at least ONE OpenID-capable identifier (which will hopefully soon include email-formatted identifiers).

> Blog Home : Help me build the identity session

Tue, 22 Jul 2008 18:23:42 +0000

It's too bad that you frame this as being about "information overload." Truly we are in a period of information *abundance* (as my girlfriend Brynn likes to say). Still, there is certainly a challenge in picking out the best bits, making sense of them and applying them to your reality. This is I think is certainly something that social software and identity infrastructure must facilitate or at least provide the building blocks for making this situation more manageable as technology becomes easier to use for publishing.

Again, as Brynn likes to say, the amount of information being publishing online is increasing but our cognitive faculties are not -- unless you consider distributed cognition (which is really where we're going).

This is certainly an interesting and worthwhile topic -- something I'd love to contribute to.