Tag twitter

Entries 5 Total

Identity, SSO, and networked namespaces

Jul 13, ’11 9:54 PM

Jud Valeski had a notable observation about how potentially powerful an OS level namespace and single sign-on capability could be for internetworked applications:

Everyone’s talking about the power of Twitter and Apple’s native single sign-on model in iOS 5. While this is a phenomenal coup for both Twitter and Apple, it’s only the tip of the iceberg. Having a widespread, networked, account namespace (Twitter) baked in at the operating system level is one of the few things that can truly revolutionize the network again.

I am certainly not going to be one to criticize this desire at all. But (of course there’s a “but”), I have no real reason to believe that a big company team-up is going to actually enable this desire. The history of big software companies’ attempts at some kind of unified, distributable identity is littered with bungles, with everything from Passport to Apple’s own MobileMe.

There, is of course, the big advantage that there are already a lot of integrations and knowledge about Twitter auth and users, but is that enough?

I’ve always thought that “user-awareness” was incredibly key to making applications powerful and much more user-friendly, but I don’t write about it enough. So, here goes the following…

I still think the solution to this “who is the user/omfg passwords everywhere” nightmare has to be something that provides “connectedness” and an extra layer of security that is used pretty rarely at the moment.

What does that mean? Glad you asked. I think it looks something like this:

  1. A user connects to an Internet service (through a browser, mobile app, desktop app, anything).
  2. A hashed key is provided to the service along with that request. The hash initially blinds the service from the user’s identity.
  3. The service sends the hash off to a third party.
  4. The third party then contacts the user, most likely through a mobile app: “The service MyHotNewThing wants to connect with your information, do you want to share the following info?…”
  5. The user says Yes (or No and the process stops and the user gets a “not logged in” view of the service), makes any customizations to what info they want to share with the service, and the third party then provides a key to the service that allows them to access the user’s information.
  6. The user is logged in to the service and any approved content or other connections(!) are also now available to the service.

Boom. It’s a bit similar to OAuth, but not the same: No browser required, no bouncing through URLs, no confusion about who is asking for what.

A few additional key points:

  1. Those hashes have to include, behind the scenes, devices. In normal language this means something like “User X has approved access to Service Y from Device Z.” Now, implicitly, the user is probably approving this for all the user’s devices, but all of those keys are different. This lets a user completely disable access from a (stolen, lost, broken) device for everything in one action. It also lets the user disapprove access from an unknown (hacker) device.
  2. This also makes all the keys and hashes different for the triple combo of service/user/device as opposed to most current schemes, which are just service/user.
  3. By handing off the approval process to a third-party this opens the door to things like social authentication (my friends trust this, so I will too) and content-sharing without conflict of interest.

Getting back to the original post, I’m not saying that possibility isn’t there, but I don’t see the big players thinking about this problem in this way.

Thoughts?

Comments

The debate about social media and popular movements in the Middle East is stupid

Jan 28, ’11 9:50 PM

I’ll try to make this quick, since I feel like it’s painfully obvious. Arguing either that social media “caused” these events or had “nothing to do with them” are both stupid arguments.

Clearly people are marching in the streets because they are rejecting decades of oppression, human rights violations, corruption and poverty. It’s just as clear that tools like Twitter and Facebook help people connect, communicate and organize… and… ergo, help enable popular organization. It’s just like the communications equipment assisting Solidarity in Poland. These tools are disruptive accelerators and empowerers not causers (yes, I know I just made up at least one word there).

Does anyone really think that the governments wouldn’t be trying to suppress these communication tools if they weren’t tools that worked for the people???

Comments

Idea Giveaway: How to Kill the Kindle in 4 Easy Steps, No New eReader Required

Jan 7, ’10 10:00 PM

I was pretty busy today, but I was able to glance long enough at my #ces column in Tweetdeck to see lots of noise about eReaders (for the record, it’s my blog and I can refuse to use the hyphen, cause I hate hyphenated tech stuff). It struck me that all these devices are a high volume of missing-the-vote-itis (that gets hyphens, keeping up?).

The Kindle seemed like the greatest thing ever when I first got mine: “I can finally read Neal Stephenson on the subway without getting neck and should cramps!!!” However, despite being a fantastic device at its launch – especially compared to, ya know, paper – the Kindle actually lacks quite a bit. So here’s my 4 easy steps to killing the Kindle (or making it a lot better, if Amazon is paying attention):

1. Make it social

This seems spectacularly obvious, and there have been a bunch of attempts to link books and social networking, but nothing has really taken off. Consider this: Why can’t you post a review of the book you just finished on your Kindle to the reviews on Amazon from your Kindle? And that’s just to start:

Why can’t you push an update that you just finished a book to Twitter and/or Facebook, from your Kindle?

Why can’t you click “Recommend this book to [your friend] ” from your Kindle?

These examples are just the beginning.

2 Drop the device

Is the Kindle hardware or software? Think about it. What really makes the Kindle work? It’s the ebook format and the wireless delivery. If you use the Kindle iPhone app you’ve probably realized this. Consumers, particularly geeks and early adopters, already have oodles of devices and there is massive craving for the iSlate or other tablets. And more importantly, all you need is the software and a device: a smartphone, a tablet even a plain old laptop or PC. You could probably launch with the following versions:

  • Windows XP/Vista/7/Mobile
  • OS X
  • iPhone
  • Android

3. Make it an open API

Guess what? If you’re selling a socially-networked, multi-device bookstore, you aren’t selling software; you’re selling books, electronically. You want that service to be exposed to as many places as possible and you want the community contributing innovation to your service. You want people integrating the next new hot web service with your service before you’ve even thought of what to do. You want it on new devices before your own employees have even heard of those devices.

And oh, by the way, wouldn’t it be cool if you were on your favorite author’s blog and they just announced their newest book was released in a post, and in that post there was a widget and all you had to do was click to buy the new book and have show up on your device of choice?

4. Give the authors a better deal

The Kindle’s pricing structure eats into the author’s share pretty harshly. Charles Stross has written about this pretty extensively and certainly knows more about the topic than I do. In addition, Amazon doesn’t do much to incentivize authors to encourage their readers to buy ebooks. In fact, the pricing structure discourages it. This is just plain silly.

Now put all these things together and what have you got?

  • You’ve got a web (HTTP technically) based store sold through heterogeneous client software
  • Your expenses are rights to the ebooks and format licensing, bandwidth and the software to run the store and handle transactions.
  • What expenses have you eliminated? For one thing, you don’t need a warehouse, either for the books or devices, which incidentally means you don’t have shipping costs.
  • And oh, by the way, unlike the Kindle, you aren’t paying for the customer’s bandwidth because they are using their own devices. You’re only paying for delivering the books, which are small, especially in comparison to other electronic products like music, movies or games.
  • You’ve provided your customers with a way to build on top of your services and integrate with future, unknown third parties.

And what have consumers got? They have ebooks that they can read on whatever device they feel like, they can share their experience with what they’ve read on whatever social network they feel like. Their favorite authors will be encouraged to interact with them in this format. And they don’t have yet another device and charger to keep track of.

Now, cue someone pointing me to where I didn’t Google enough and this already exists, cause I would really like it. Or funding it :)

Comments

Twitter followage pattern oddities

Jul 14, ’09 1:47 PM

Twitter creates fascinating connections. I follow a few the US Men’s National Team soccer players. One of their sports marketing firms now follows me. Of course, in the context of Twitter this makes perfect sense. But in the context of the world at large it’s kind of mindblowing if you stop to think about it.

Comments

RMAD: Recoverable Mutually Assured Destruction, as seen first in Iran

Jun 19, ’09 5:26 PM

Assuming reasonably equal resources and knowledge: two parties attempting to knock each other off the internet can result in only two outcomes: either they both get knocked off or neither does. The possibility of either party “winning” is essentially impossible. The Internet’s combination of network redundancy and ability to communicate with, and garner assistance from, sympathetic parties from around makes it nearly impossible to for one party to squash another. The only thing they can do is cut themselves off completely. I think of this is RMAD “Recoverable Mutually Assured Destruction” since they can turn it back on afterwards (unlike the nuclear MAD).

We are seeing this now in Iran. The government controls the connections, but can’t cut off the opposition without cutting themselves off. So we are seeing outside parties providing proxies and passing along messages (see http://twitter.com/#search?q=%23Iranelection).

This is all intuitively clear and long predicted, but I think this is the first time we are really seeing it in action.

Comments