OpenID, Drupal and the Open Web, (DrupalCon 2009 notes)

OpenID, Drupal and the Open Web
James Walker

He's given this talk before, but all of a sudden (months) things have gotten more interesting

today: "web 2.0"
All of these various sites where we need to recreate identity and relationships

password antipattern
giving out passwords for other sites -- you've given facebook access to all of your Gmail, Google Docs, etc?!

how about User Controlled Authorization
I am the center of my internet
It's MY identity, they're MY contacts, it's MY content

Facebook Connect

You are not Facebook!

USER-centric,

DiSo: Distributed Social
activity streams, microformats, portable contacts

OAuth

• realms
• per-site
• OAuth in D7? (because Dries mentioned it...)

OpenID

• Identity: need unique, ubiquitous identity globally (on the internet)
• what about when someone dies?
• what about single sign-out
• how to merge OpenIDs or Facebook Connect IDs with current IDs on sites
• Who is the "you" that's in the middle of the graph?
• Are you a URL? An email address?
  • globally unique
• Do you know you have an OpenID (if you have a Google, Yahoo, MySpace, AOL, etc., account) ?
• Usability issue: redirecting to OpenID provider's site on login. Facebook Connect does this nicely.
• Facebook is showing a certain amount of recognition of OpenID: joining board as corporate member, hosting UX conference to share what they learned through Facebook Connect...
• What about using DNS's distributed model

So, OpenID and Drupal

• Drupal's tagline: community plumbing... new one: social publishing?
• plaxo + Google teamed up to do a Facebook Connect with open standards: 92% success rate!
• http://drupal.org/project/openid (in D6 core now)
• http://drupal.org/project/oauth
• http://groups.drupal.org/openid