<talk>
phil: i'm a bit tired, but let's see how this goes
this talk is called 'openid and the state of the distribueted social graph'
it's intended to be more of a broad overview than an indepth discussion
and some people may have more detailed knowledge of certain aspects, feel free to jump in
what I mean by 'distributed social graph' is the way that certain closed social networks are moving to a more open model
<slide> your identity on the web
how many user accounts and passwords do you use? how do you manage them? do you use the same username and password across multiple websites?
<nickyg> I only use sites that support OpenID!
<phil> so really you can't even simplify this by using the same credentials across sites since many sites present different restrictions on username and password  (length, special characters, etc)
and even if you did this you'd have issues when one of the accounts was hacked
what about having to update your password for all of these sites?
<slide> Rinse and repeat
Does it annoy you when you have to sign in multiple times for all of these sites?
<slide> A solution
There is a better way: Microsoft Passport!
the idea here was to have a central authority with personal information to provide a single signon to multiple sites
so OpenID arose as a DEcentralized system to do roughly the same thing, but allowing YOU to maintain control over your info
<slide> OpenID
OpenID first developed by Brad Fitzpatrick in 2005 (working for Six Apart at the time)
just for sixapart sites at first but gaining traction elsewhere
<phil> Basically how it works is, instead of using a username or an email address for identity, it use a URL
and just like how an email address contains the information of who you're sending to AND where to send information, URLs contain location information for identity as well (allowing multiple identity providers)
<slide> Explanation of the process
<browser> demonstration of entering a URL and password to authenticate at ma.gnolia
openid entered as a username, url is followed (possibly using delegation), the provider and relying party exchange a shared secret key
the OpenID provider asks for authentication info if you aren't already logged in, and then you are redirected back to the original site
the actual authentication information is free to be determined by the provider, so people can use more than just passwords (fingerprint readers, etc.)
<slide> issues with this system
usernames are not URLs
UI issues as well
<doug> how about a javascript bookmark that autofills your openid URL into the selected form element?
<tilgovi> I don't see any issues of URLs as authentication info
<nicholasbs> if we have these big nasty urls as id, what shows up for your username on these sites?
<phil> openid lets you set a username, which would then be shared to all sites using it
<sbenthall> I think the weirdest thing is that if I have an account from one domain, it's weird to use it at a different site
I think it could be really cool to have a url that is just ME
but it doesn't make sense to have 'seb from wordpress' at other sites
<luke> but it allows you to have different accounts to use for different roles online
<phil> yeah there's also work being done to have a translation between OpenID and Email addresses
so you could use your email address transparently for openid-enabled sites
<luke> but there's potential confusion there as well, since not all email services would provide it
<slide> adoption and support
openid has been supported by most of the big players now
yahoo and AOL automatically provide this for all of their users
microsoft provides a service called CardSpace that works with OpenID
google's a big supporter, Brad Fitzpatrick works at Google now
But there are still some issues with the technology being worked out
<phil> okay, so that's basically what OpenID is
but there are extensions for OpenID that allow you to share more complicated information such as real name, phone number, physical address
<slide> Data portability
microformats, etc. being used to ensure the information translates properly between sites
(microformats being means of marking up data in existing formats (like classes in XHTML) to make it more computer parsable)
hCard, hCalendar being a good example
<phil> there's actually a site (friendfeed) that allows you to friend people and see a feed but not have to integrate them into a single site like facebook
and then noserub is a piece of software you can use to host this sort of information anywhere you want
<slide> share with your friends
there are lots of technologies coming out for people to use in sharing personal data with friends; opensocial, friend connect, myspace data availability, facebook connect
another technology for this kind of thing is 'xfn' which just attaches metadata to normal HTML links
it has the interesting property of not requiring both members of a relationship to agree that it exists
(ie A can say he is friends with B and B doesn't need to agree)
okay, questions
<novalis> so what I'd like do is: if I'm on livejournal I want to whine about stuff and expose that blog post only to my friends and not to potential employers
and no social graph api currently allows syndicating to only a slice of the people that are out there
<phil> well it seems like they could do this, just have a password protected fee
<novalis> then you have to update everyone whenever you defriend someone
<phil> well it's just hard
<arne> it's just a tough problem in trying to share authentication with a decentralized system
</talk>