it’s just a thought….

The “why get an account to the site” question is going to be replaced with the desire to be rewarded for the use of OpenID. Visit site X with an OpenID provided by below-the-line marketing client Y and get Z back as a voucher delivered to your phone as a QR code. OR perhaps turn it another way round, brands are going to sponsor OpenID providers log-in real estate, to redeem the voucher offered on your log-in page, you just follow the affiliate link. Brand awareness no longer a finely honed mystery, but actually a measurable science.

Yes, a strange thing occured to me this evening, another nail in Microsoft’s coffin was changing the user interface in Office.

more to follow

eee – I missed this one:

31st October 2007

This one day session at BT Centre in London explored the risks and benefits of open source.

Phil Whitehouse blogged about the event. He also uploaded several photos to Flickr.

We have two presentations of note; first Doc Searls (who co-wrote the Cluetrain Manifesto and is currently the Senior Editor of Linux Journal) gave an excellent presentation on Why All Business Will Be Based On Open Source:

Why All Business Will Be Based On Open Source from Phil Whitehouse on Vimeo

http://www.osmosoft.com/

Previous events -> BT Open Source – Open for Business – London, 31 October 2007

LBS applications for the masses

twitxr pronounced “twicher” is an awesome 2.0 application, you post a microblog to it and then it posts to twitxr and if enabled under your profile settings also twitter, facebook and flickr!

But the killer critter in twitxr is the location based services potential, twitxr have by the looks of it done a deal with Google to obtain the cell-id information to provide fairly accurate LBS information on phones without GPS. Thus their first native phone application on the market is the iPhone, but with 70% market share of the Smartphone market they have decided to support Sybian Smartphone’s S60 platform and android next by the looks of it.

This unlocks the door for all developers to write LBS application by leveraging Google’s Mobile Maps application, those that have GPS phones and use this application on their mobile are helping Google and it’s partners liek Twitxr. Mobile companies do not publish their databases of cell mast ids/locations and they change the mast id’s apparently… However when people use the Google Mobile Maps application, I “suspect” they are also help Google’s database be up to date. Initially in each country, people in cars with a GPS/GSM enabled laptops will have been sent out to make the first database, recording the cell-id, mobile network and GPS location.

Who are FON, the parent company behind twitxr?
“FON has raised more than €30M in financing from among others Skype, Google, Index Ventures, Sequoia Capital and BT. These leading Internet and communications companies have shown the industry’s support for FON’s vision and business model.” Martin Varsavsky

Why twitxr this so important?
Well I can only speak for myself, but I’ve been wanting to develop LBS applications for about 3 years, but I just couldn’t see a way of doing it.

GPS continuously on, on mobiles seems to really drain the batteries, telling twitxr where you are when you post, or letting your phone tell twitxr where you are by your cell-id is a lot more practical where power is concerned. And also the major problem with GPS is the time needed to get a fix, with cell-id, the phone just has to push the details of the towers and IDs to the SaaS application.

$64 million dollar question
Can twitxr create enough presence to expand it’s mother ship Fon to greatly expand it’s user base for global wifi domination? (Fon now has 80% of Tokyo covered as of February 2008) If they provide good coverage, then it will be practical to make and receive a VOIP call using wifi/wimax and also make using your laptop out and about an easier & cheaper past time.

The problem with 3G data is that is still expensive. Fon is cheap but QOS lower, but for John Doe – do you really need the QOS offered by 3G data at the prices being offered? I suspect not.

Won’t the ISPs get upset about FON usage?
I don’t believe so, UK ISP’s are now all introducing capping levels on a monthly basis, so UK broadband is going “pay as you go”. A base price, including X gigabytes of download and Y pence per gig if you go over your package level.

Initially BT wholesale offered UK ISP “as much as the user can eat” contracts, but this is now no longer the case. (But I still have one through my ISP and will loose it when I move house…)

So what about the future of mobile networks?
I think they have to race ahead and endorse OpenID like French Telecom, so that they can make mobiles the Digital Wallets of the future or a Ripple server on your phone! Mobile phone technology is mature and it’s very easy to implement biometric security, OKI have patents on using a camera in a mobile phone to scan your iris which looks promising:

“The software does require a mobile with a camera ability of at least 1-megapixel, and takes around 0.5s to authenticate an iris, but Oki claims faster checks would be possible with a beefier CPU.”

“The software is compatible with Windows Mobile 2003, XP and Symbian operating systems, the latter of which is commonplace on Nokia handsets including the N70. However, Oki claims it that future compatibility with Linux and Brew may be possible.”

Iris scans can normally detect stress or duress, but a 1-megapixel camera phone is probably pushing the boundaries at this stage!

Wifi LBS enablers:

http://www.skyhookwireless.com/
http://www.herecast.com/
http://www.spotigo.com/

It’s all connected…

2008-06
Update, when I wrote piece I hadn’t heard of Fire Eagle from Yahoo! to Google, click here

Michael Arrington wrote “Is OpenID Being Exploited By The Big Internet Companies?” on TechCrunch on the 24^th March 2008

If you’ll excuse the pun, the crunch here appears to be that the initial Big Four Internet companies are not acting as “relying parties”. My next question is, “Do they need to be relying parties?”

Do they need to be? Obvious not, but many people in the community would like see them as relying parties; AOL are, in fact, allowing OpenID URLs issued by other OpenID servers to be accepted by white list.

I don’t think the other companies at this stage want to be “relying parties” forever. OpenID, as a technology, represents uncharted waters with some fair degree of risk regarding poor implementation. I recently managed to grab a conversation with Bob Blakley from the Burton Group, because I read his blog concerning “OpenID weaknesses”

From my conversation with Bob, my personal belief is that the all the Big Companies will become “relying parties” in time, and OpenID will have to go down a certification route, and here is the way I see it at this moment.

Tier1
Government issued with two-factor/hardware tokens

Tier2
Mobiles and Banks, two-factor/hardware tokens

Tier3
Individually certified OpenID servers which don’t use two-factor/hardware tokens

EG Media owners, ISPs, Brand owners

Tier4
Certified OpenID servers that don’t use two-factor/hardware tokens, but are based on FOSS software, where a release can have security testing claims made against it at the time of certification. EG WordPress v3.0 or Drupal v6.1 etc

Tier5
Not certified

Certification in this manner would allow the Big Companies to become “relying parties” quickly by submitting OpenID servers, which are certified to their white lists, like AOL are doing presently.

So from my point of view, the Big companies will become “relying parties”, but it is going to take some time. Hold tight folks!

OpenID will take off because:
OpenID allows media owners to moneterise their readership. I bet that less than 1% of users register to create a profile for an online newspaper. OpenID reduces the friction to create a profile on a site to near zero. Imagine there comes a time that if you don’t use your OpenID URL to log in, you will only be able to read the basic headlines? Logging into a rich content site, like an online newspaper, enables online advertising to be customised for the user – based on their known browsing habits without the identity of the user needing to be known.

I surmise that 80% of users will choose to use the OpenID server from their Tier3/4/5 provider when they are interacting with an online newspaper or an individual’s lone blog. So the number of OpenID “relying parties” that will accept OpenID URLs at this stage is paramount, and given that media owners have everything to gain by allowing Tier3/4/5 providers OpenID URL to log in, surely this aspect of relying parties is what really matters and will come reasonably quickly.

Question:
How will brokers put a value on OpenID user profiles that are built up on “relying parties’” data? (Without breaking privacy laws – nobody will want a Phorm storm on their hands, perceived or real – the true or facts never matter.)

Thoughts:
Media companies that are OpenID servers, “relying parties” and have their own advertising engines will be valuable because of the data they hold on users who browse their content who have logged in with an OpenID URL. And the more companies they acquire with similar data sets, the more the data value will increase according to Metcalfe’s law. Why? Because they as they buy up media property, they can see the interests of individuals over many OpenID “relying parties”.

Unless you use Google as a logged in user, Google can only track usage by browser, not by user.

For Google to compete against the New Media companies, they must start acquiring content providers, or the New Media companies will club together to create new Yahoo! directories and search style Internet resources based on user’s actual surfing habits, as opposed to inbound links ranking algorithms that are constantly being manipulated.

The good news is that media owners, both large and very small, will benefit financially. Is content King?

Sending server is the OpenId profile which a user uses to send their first email from to get on the targets white list
Target server is the OpenID server that hold the email address that the person wants but only releases it after a Turin test.

These are the functional steps required, as I see them:

#Sending server sends
xmlrpcmsg(‘OpenId.RequestEmailCaptcha’, $OpenIDUrl, ’string’, $EmailToWhitelist, ’string’);

#Target server sends
(‘CapthchaAsJPGencode’,'encoced binary IAB sized jpg’, $OpenIDUrl,’string’, ‘TransActionId’,'INT’)
If the person declines to issue an email the ‘CapthchaAsJPGencode’ could be NULL

#Sending server sends
xmlrpcmsg(‘OpenId.VerifyEmailCaptcha’, $OpenIDUrl,’string’, $CaptchaValueOffered, ’string’, ‘TransActionId’,'INT’);

#Target server sends
($OpenIDUrl,’string’, ‘TransActionId’,'INT’, ‘EmailAddress’, ‘email0′, ‘EmailAddressMetaDescription’, ‘email0MetaDescription’, ['EmailAddress','email1','EmailAddressMetaDescription','email1MetaDescription'], ['EmailAddress','email2','EmailAddressMetaDescription','email2MetaDescription']….)
If there is no email address or the person declines to issue one even after a captcha challenge. This email0 will be NULL EmailAddressMetaDescription is something like Work/Home/whatever

Questions:

1. Is there schema basic correct – to keep it AS simple as possible?
2. What offer functions or parameters could be included but NOT impact on a delieverable at developer level

3. The most important one – could this be implemented across “applicable to any URL-based identity system”?

A working idea – feedback required, mad / stupid /possible?

• You log into your OpenID server – go to initate email to a new person
• You enter the person’s OpenID into the To: field
• Choose your email From: (if your profile knows about multiple email accounts you hold and your OpenID server will confirm as holding)
• Your OpenID server (acting as a consummer) queries the receivers OpenID server to see if your OpenId is already on the person’s white list, if not up pops up a captcha box
• On correct entry it returns back the to your OpenID server the “correct target email address” and ”authorisation key” (the receiver’s OpenId server makes a note of your email address, authorisation key and adds your email address to their white list), your OpenID server also embeds the key into the header of the email which about to be sent
• The key might be an MD5 of your OpenID plus the receives OpenID plus timestamp plus random number plus a salt (I’m no expert here advice please)
• Your OpenID server also adds the target email address into your address book for you to further manipulate and tag within your OpenID server profile. The receive like wise now has a new person they can choose to tag within address box
• For the receives end before they check their email, they log into your OpenID server and it also holds your email login details. You can sweep and it validates the emails by reading headers and looking for the authorisation key or white list entry in your profile. (Linked to a blackhole database it offers allow you really clean up your que before you request your emails with your normal client.)
• At first this would be implemented as a web based system – to get you on the person’s white list, then next time you could use your usual email client. After a time the system would gain popularity and get included in standard email clients
• There will be three types of email, email with no authorisation key, email on your white list, possible spam
• In the corporate world your emails would be scanned for the authorisation keys before they reached your MS Outlook box!
• At point into time when take up has become universal you can just set your system to automatically delete the possible spam queue – your choice
• After the initial spec the system needs one or two ISPs as sponsor who use SquirrelMail and Horde. Where their email server is able to act as the person’s OpenID server to mark email messages as people log into their accounts
• Grisoft could be approached to create a freeware Exchange plug-in to automatically check incoming email, as they would get a lot of public visibility from such a move
• Next would be to get a OpenSource Windows cleaner which would login to your OpenID server to do the cleaning before you ran Outlook Express or whatever
• After that we would be looking a widespread take up along with address book synchronisation for thick email clients with your OpenID server’s