Alcides Fonseca

Ideias3 is now one year old and this weblog will also be in a few days. Since its beginning, I’ve been using it as the center of my web activity. It has my hCard, it is my OpenId, it has my XFN friend list, it has me links to all my social profiles. Although typing in your browser’s address bar “alcides fonseca” would return this website, I guess that having my identity outside ideias3 was important, and now my web presence is pointing to alcidesfonseca.com.

Although the old url is still active and redirecting to here, I’d appreciate you link to this new address now. I’ve just changed a few lines in a few templates (and APML and FOAF) and this line helped a lot regarding the database. Now I am in the quest of changing all my web profiles with the new email and website. I’m curious to see how technorati deals with it.

Changing your personal details everywhere is always painful (I’m hating it, and I’m fearing changing my address when I move to my new house two streets away from current one) but I believe the social web may help this. I had this conversation with Bruno and I guess it could work in a year or so: I have a new email and url. I change my hCard in this new website. I ping technorati’s kitchen or pingerati for both urls. Both those services propagate the pings to popular services like twitter, flickr, etc… They notice that alcides.ideias3.com is redirecting to a new url, so they change it from my profile, and then they update my details from the hCard, since I use alcidesfonseca.com as my main identity page (or as my OpenId). And that way, everything is updated everywhere, with just one change and one ping!

Just a final note: I now enter my email address without any spam protection. I guess it is already somewhere in the web my plain email address, so I don't care anymore. Gmail works fine as a Spam blocker (I've stopped using my MSN address because I still get too much spam).

I’ve talked about OpenID, CardSpace, LiveID and now I now came across MicroID. It is not some single-sign-on service or a way of authenticating yourself, but a simple and tiny way of claiming some content.

It is a simple mechanism: you encrypt two URI ( usually your email address and the website of the service you’re using) and re-encrypt the concatenation of the two hashes. Then you display it as mailto+http:sha1:ca94387152e8ea62fee73c45c4bae79e54543485 and it’s ready to be claimed! Pretty hard? Well, you can always use the libraries available for Python, PHP, C#, Java and Perl.

This may sound a bit geeky and with no real life purpose, but in a world where social networks are popping up everyday, and you need some portability, this is pretty handy. One good example of the use of this technology is ClaimID, a online identity manager (openID enabled) that uses MicroID to check claims from the services you add to your profile, like Ma.gnolia, Wink.com, Jyte.com, del.icio.us, last.fm and a lot more.

One of the things we most criticize in OpenID in Fred's Barcamp Presentation was the fact that the official website was too heavy in information, and not very attractive for non-techies. Kventon (well spelled!) and David Recordon did an awesome job revamping the website.

It not also makes OpenID pretty, as also makes people want to use them and make services implement it (or so I hope!). In my opinion it’s a great step to bring OpenID to the regular internet user. There is only one thing missing in my opinion: multi-language. If I want to make a OpenID powered service here in Portugal, no way everyone would go and read the website if it is in English. OpenID guys, with France Telecom and soon other international companies adopting OpenID, please think about translating the website. I would gladly help in the Portuguese one :)

Microsoft has been using their Passport, now Windows Live ID since Hotmail become popular, and a lot (and when I say a lot, I mean A LOT!) of Internet users do use it.

Recently, Microsoft has released the Windows Live ID Client/Web Authentication SDK that allows users to base their authentication systems on Windows Live ID. This is a great solution for a single sign-on, but all the authentication is relied to Microsoft. Most users won’t find this a problem, but other will.

Well, there is a more open solution to this problem: OpenID. I’ve wrote about this before but now, I have an idea for a new project and I wanted to hear some feedback.

I know that Microsoft has been working together with OpenID to improve the system and make both systems compatible, but I can imagine a quick way of making live ID work as an OpenID: I’m thinking of making my own OpenID provider that uses Windows Live ID as a authentication. Yeah, it will re-delegate the authentication, and probably will take more time, but it will use the authentication you already have (thinking about liveID users).

I wonder if you have any suggestions, or are interested in helping out :)

Uma das apresentações mais esperadas do dia era do Fred Oliveira sobre OpenID. Começou por nos falar da ideia e fez uma pequena demo de como usar OpenID do ponto de vista do utilizador. Isto levou a plateia a levantar problemas sobre o sistema que ainda não estão bem resolvidas. Falou-se da integração com browsers que é um must para os utilizadores começarem a aderir, da necessidade de nós (developers, bloggers, utilizadores da web2.0) comecemos a usar e a divulgar a quem não conhece.

De facto o OpenID não está preparado para o público geral. Como disse a Maria João Nogueira, “as pessoas vão olhar e perguntar que raio é aquele caracol ali em cima”. Mesmo o site oficial openid.net deveria ser mais explicito e apelativo para que as pessoas se sintam interessadas em utilizar aquilo, mostrar confiança e ao mesmo tempo não ser um texto demasiado grande. Uma das coisas que acho que ainda falha, é o facto de quem não usa o seu próprio domínio como OpenID não possa mudar de provider, sem perder todas as suas contas.

Para quem está a desenvolver sites de momento, uma boa prática é implementar openID, mas possibilitar o registo/login tradicionais. Infelizmente o workshop não abrangeu desenvolvimento de sites usando OpenID, mas é umas área que tenciono abordar no futuro.

Photo by P. A. M.

Everyone who uses the Internet has this problem: So many login protected websites and so many different username/password combinations used. A long time ago, people used txt’s to keep their passwords, but with current browsers they keep it for you. But it’s still a pain when you’re not on your computer or you format or even change browsers. What if there was only one login system for every website?

Well, OpenID solves that problem. You can login in any website that supports this system (and that number is increasing) only with your OpenID url (ex: alcides.myopenid.com). As this is an open system, you are not stuck with some company, like you are with Microsoft if you use Live ID. There are a few OpenID servers and you can even have your own. And even if a server goes offline, there is a solution for it: use your own website as your OpenID. Mine is alcidesfonseca.com and to have that, I just had to add this lines to the head tag in my homepage:

If someday I stop using MyOpenID.com and start using another, I just have to change those lines. Simple and secure :)

Photo by April Joy

If you haven’t started using OpenID, I strongly suggest that you take a look at Simon Willison’s screencast on How to use OpenID.

If you own a website with login/password, think about the possibility of adding OpenID support for your users. Here is a list of plugins for CMS that you can use:

Of if you need to code your own, here are some libraries to help you out. In a near future, when adding OpenID support for my blog, I will post and How-to add support for Python applications.