<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.5pt;
font-family:Consolas;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:Consolas;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 92.4pt 1.0in 92.4pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoPlainText>By actually playing with various blogging sites, I feel
much clearer about OpenID's message and core value. I was already convinced –
as an engineer -- about the fundamental notion of the URI as an udnerlying form
of identity that will be suitable to scalable collaboration, especially having
learned about its potential interplay with modern RDF which similarly exploits
URIs as a scaling technique for representing domain-specific knowledge sets.<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText><span style='color:black'>I finally did a blogit/trackback
to a blogentry.<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>Now this is when I think I finally
had my openID moment.<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>There I was being asked to fill
in the form, to leave my own blogit-trackback data (name, emailaddress, URL…).<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>If OpenID allows me to simply
fill out the URL, and the rest comes via OpenID Auth… then I get it
(finally!).<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>Furthermore, if the policy of
the blogsite accepting comments requires auth of the user behind that URL,
OpenID Auth comes through again.<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>Furthermore, as a gazzilion blogsites
can be doing a gazzilion trackbacks between each other without reference to blogsite
provider as the validator of ID, the delegation mode(s) of OpenID Auth makes
total sense.<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>Now why cannot the wiki say
something like this (in 200 words)?<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>It’s taken me two months
to get it! (Ok, 2 weeks for the rest of humankind).<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>--------<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>So, I downloaded MSFT's offline
web blog editor - Live Writer. It's configured to publish to my blogsite at a
URL I best not cite again, lest an atom (pun) of disapproval be expressed. At
some point, I’ll also have it publish to that Google blogsite I made in
an earlier experiment with OpenID (using the anonymous OP in India, failing to
interworking with the wiki of this group). Unlike MSN Spaces, the Google
provider doesn’t curtail so much which web techniques one can apply (e.g.
set metadata tags in HTML for Openid delegation!) and so should allow a more “as-intended”
OpenID experience.<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>I also installed a plugin to
Live.com skydrive - which allows one to easily add iframe markup to a blog
entry linking up to "files" stored in skydrive. I was simply trying
to reference my foaf file! More on this in a moment.<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>Of course, the 5+ year old single-sign-on
world of live.com/Passport lets me logon once to Live.COM's IM client “Live
Messenger” – something I must have used for 10 years now, to
leverage the MSN personal portal page, created during the last round of “portalservers
will rule the Web”! If I now startup up offline blogsite editor and
publish a post, the http publication on the website does a behind-the-scenes
SSO to get me login privileges sufficient to complete the act of publication. It’s
identical in form these days with the WebSSO used for years to so auto-logon to
MSN.com:<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText style='margin-left:.5in'><span style='color:black'>For
example: "GET
/login.srf?wa=wsignin1.0&rpsnv=10&checkda=1&ct=1189346476&rver=4.0.1534.0&wp=LBI&wreply=http:%2F%2Fwww.msn.com%2F&lc=1033&id=1184
HTTP/1.1" <o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>Now, the form of that URL is very
suggestive of the "WS-Federation passive' protocol flow (which my
Federation server vendor happens to support, in addition to SAML). It's obviously
playing the role that OpenID Auth messages play, when doing solicited auth. But
that’s not the point.... this is WebSSO; and OpenID is not WebSSO. More
on this in yet another moment.<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>I also played similarly with
livesite.com, the work of http://www.nbdev.co.uk/blogs/webcasts/archive/2007/08/17/live-id-single-sign-on-the-webcast.aspx,
seeing how one cardspace interaction occurs with a next generation blog
experience. I got to play with cardspace management and binding, “account
linking” of the LiveID (onto a community server account), the various
levels of cardspace UI experience, and use the “enhanced security” option
(pretty green title bars! certified by VeriSign.)<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText style='margin-left:.5in'><span style='color:black'><a
href="https://login.live.com/login.srf?lc=1033&ru=https://login.live.com/beta/ManageCards.srf%3fru%3dhttp://login.live.com/login.srf%253flc%253d1033%2526appid%253d0016000080002409%2526alg%253dwsignin1.0%2526appctx%253d%25252fDefault.aspx%2526vv%253d500%26id%3d3%26vv%3d500%26lc%3d1033&wll=1&id=3&bk=51313236">https://login.live.com/login.srf?lc=1033&ru=https://login.live.com/beta/ManageCards.srf%3fru%3dhttp://login.live.com/login.srf%253flc%253d1033%2526appid%253d0016000080002409%2526alg%253dwsignin1.0%2526appctx%253d%25252fDefault.aspx%2526vv%253d500%26id%3d3%26vv%3d500%26lc%3d1033&wll=1&id=3&bk=51313236</a><o:p></o:p></span></p>
<p class=MsoPlainText style='margin-left:.5in'><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText style='margin-left:.5in'><span style='color:black'>I even
now have a formal cardspace id, for use with that site: WX2-JXGB-SBW!
Presumably, I need to remember that. Good luck, grandma. (There was also
something about CIDs, whatever they are!)<o:p></o:p></span></p>
<div style='mso-element:para-border-div;border:none;border-bottom:solid windowtext 1.0pt;
padding:0in 0in 1.0pt 0in'>
<p class=MsoPlainText style='border:none;padding:0in'><span style='color:black'><o:p> </o:p></span></p>
</div>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>This is all a very nice tittle-tattle
about MSFT-related work this year and last decade, but what about OpenID?<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>So if simple, traditional,
already-fielded WebSSO is not OpenID, lets focus on something that is -- that
which Skip is most famous for: its browser plugins. Flash back – to a
moment ago -- to my skydrive plugin. This was my skip-like moment, without
having to install Firefox. On invoking the live writer plugin to try and embed
a link to a file via its iframe-markup-generator function, it “required
me” to login to the plugin (using the MSFT live.com account, in a
live.com style popup windows (with many warnings about privacy issues,
reputation, this is NOT Microsoft code warnings)).<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>Ok. Well at least I find myself
using a common identity. No longer restricted to doing webSSO, the SSOness is
now unlinked from the webness of WebSSO, and is also working with a (code-component
-> website) handoff of an identity (using the ws-federation passive protocol,
still). Presumably, a full cardspace experience could also be integrated here,
where a card releases attributes to the target active-plugin operating on my
own host (rather than some target website like MSN.com).<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>So is this OpenID like?<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>Perhaps. I had to login to the
card, to login to the LiveID-enabled component. Presumably, I will one day be
using my OpenID to logon to the card… (which presents some local auth UI,
via OpenID Auth flows) to then logon to the target, without or without account linking.<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<div style='mso-element:para-border-div;border:none;border-bottom:solid windowtext 1.0pt;
padding:0in 0in 1.0pt 0in'>
<p class=MsoPlainText style='border:none;padding:0in'><span style='color:black'><o:p> </o:p></span></p>
</div>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>But we still ways away from
blogging culture. I got a login-less publication ability (leveraging WebSSO). And,
an offline editing process had me nicely leverage something openid-like to access
the plugin that then allowed me to create some markup; yet still nothing is
published.<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>OK. So then I published the
blog entry, a rather trivial iframe – causing a browser popup to ask you
to control the download of an rdf file, as it happened.<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>And then I did a trackback to
that entry.<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>Now this is when I think I finally
had my openID moment.<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>There I was being asked to fill
in the form, to leave my own blogit-trackback data (name, emailaddress, URL…).<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>If OpenID allows me to simply
fill out the URL, and the rest comes via OpenID Auth… then I get it
(finally!).<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>Furthermore, if the policy of
the blogsite accepting comments requires auth of the user behind that URL,
OpenID Auth comes through again.<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>Furthermore, as a gazzilion blogsites
can be doing a gazzilion trackbacks between each other without reference to blogsite
provider as the validator of ID, the delegation mode(s) of OpenID Auth makes
total sense.<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>Now why cannot the wiki say
something like this (in 200 words)?<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'>It’s taken me two months
to get it! (Ok, 2 weeks for the rest of humankind).<o:p></o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
</div>
</body>
</html>