Gillmor Gang 06.04.08
Chris Messina and Bob Lee join the Gillmor Gang’s Dan Farber and Dana Gardner for more Plan B. Recorded Wednesday, June 4, 2008.
[music]
Gillmor: Hi, this is Steve Gillmor. Welcome to the Gillmor Gang. It’s Wednesday, June 4th, the day after the campaign of Hillary Clinton for president ended. Welcome. Dan Farber.
Farber: Good afternoon, Steve.
Gillmor: So, did you watch the coverage last night?
Farber: I did. I was riveted by the coverage.
Gillmor: Now what did you watch?
Farber: I was waiting as Hillary was giving her speeches, I was waiting for the punch line. And I thought the punch line would be that she’s going to now do everything she can to support Obama’s candidacy. But she wasn’t quite ready to do that. I watched McCain go after Obama, and it wasn’t very convincing. And then I watched Obama who, again he continues to hit it out of the park. You have to wonder if he’s actually real or not.
Gillmor: How did he hit it out of the park?
Farber: He’s definitely very charismatic. That gets you a certain amount of the way. He’s quite articulate, and he really paints a picture. He really is in the Bill Clinton vein, a preacher who is preaching a new America. I think one of the things that caught my attention was he wasn’t going to use patriotism as a bludgeon in reference to McCain. I think there’s truly a real movement for change behind him.
Gillmor: So you’re confident that there’s actually something going on, that he’s not just going to retreat into business as usual.
Farber: Yeah. I’m confident that he’s not just campaigning and that when he gets into office that all of that youthful idealism will go away. On the other hand, if you go back in history a little bit, go back to 1992. The Clintons came into office with very high ambitions. For example, trying to change the health care system, trying to change Washington. And that did not happen.
On the other hand, Obama has done a little bit of time in Washington. He’s knows how it works, and I think at this point it really depends on who he’s going to surround himself with.
Gillmor: Dana Gardner, welcome.
Gardner: Hey, Steve. How are you?
Gillmor: I’m good. What’s going on with you?
Gardner: What going on with me? I’m just very busy. I don’t know, I’ve been so busy I haven’t had a chance to dive into this political stuff other than just glance at the headlines. Obviously, you guys have been deeper into it than I have. So I’m delighted that it’s over, I guess.
Being in New Hampshire, we were dealing with this back in November and thought that things would be wrapped up by March. But here it is the first week of June. I guess the only lingering question is the vice presidential picks of these two nominees, right?
Gillmor: Yeah. So, what have you been doing other than that, since you haven’t been following it?
Gardner: Well, I’ve been immersed in trying to keep my clients from banging down my door and doing fulfillment. Sometimes you have to kick back and say, “OK, now it’s time to get this stuff out the door.” And it’s been busy.
June is a real busy month family-wise. There’s usually weddings and graduations, and you’ve got to go to the kids’ recitals and listen to the band play. So that’s kind of eating into a lot of stuff, too. So it’s been work-family the last couple of weeks.
Gillmor: And Dan Farber, what do you see as going on in the world of technology that is of interest to you?
Farber: Well there’s the ongoing Yahoo! Drama.
Gillmor: Why? What’s going on there?
Farber: Well I think the news today was Carl Icahn is trying to get enough shares and support to oust Jerry Yang and his people from the board at the August, I think it’s the August 3rd shareholder meeting.
And Sue Decker was on CNBC this morning not really answering that question. But just saying that Microsoft walked away, and that they’re still open to doing some kind of deal. But that they just didn’t think that the company was valued at the right number.
Gillmor: I saw some analysis that basically all the poison pills that Yahoo! Had put in place. I think Icahn said this.
Farber: Those were in place, but Microsoft had already said that they were putting aside 1.5 billion dollars to cover employees. So it’s…
Gillmor: So they’re beyond that? Then what is the…
Farber: He’s talking about the same kind of thing. That it’s going to cost whoever buys them some money, which could range from half a billion to two billion, I think it was said. But I don’t think that’s the issue. The issue is more that Yahoo! Is caught between the proverbial rock and a hard place.
And that is to say, they believe that the company is undervalued in the bid that was given and walked away from by Microsoft. And yet they don’t have an alternative to sell the shareholders, which is to say, just believe us! We’re going to be great with the Yahoo! Open strategy. We’re going to get a lot of display ads, and we’re going to be just fine.
Or they sell off the search ad business to Microsoft. It’s just a very confusing time for them right now, and I think it’s also a difficult time for Yahoo’s board, which doesn’t seem to know which way to go.
Gillmor: Well they’re all going to get arrested and thrown in jail, aren’t they?
Farber: No.
Gillmor: Well, they’re hemorrhaging their shareholders’ value.
Farber: I don’t see the stock tanking. Do you?
Gillmor: No, because they keep trying to spin the idea that Microsoft is still interested.
Farber: Well they are still interested. They have said that they are talking. It just remains to be seen. They have another quarter, the quarter that’s coming up.
Gillmor: What was that George Bernard Shaw or Woody Allen or was it Harpo Marx that said, “We know what you are, we’re just dickering on price.”
Farber: Yes. I think it’s something like that.
Gillmor: OK. Chris Messina, welcome.
Messina: Thanks. Thanks for having me.
Gillmor: [sarcastically] So I know you really care a lot about Yahoo!, right?
Messina: [laughs] Well, obviously they’re a player in the bunch, so it’s definitely worthwhile to watch what’s going on there. But the business stuff typically bores me.
Gillmor: So, you were talking online. I don’t remember if I read the whole thing yet, so hopefully you’ll explain it to me. This whole situation with Facebook Open.
Messina: Yeah.
Gillmor: What’s the story there? Bring us all up to speed, please.
Messina: We’ve known for a couple weeks at least that Facebook was planning on open sourcing at least parts of their platform. And they finally did so the other day. And when they did, they licensed it under the CPAL. I don’t know if it’s the Common Public Attribution License, or something, or Community whatever blah, blah, blah.
Anyway, it’s an alternative license that was developed at Socialtext in particular as a way — it’s based on the SOA public license. As a way of putting out source code but requiring that modifications, or at least implementations of the source code, bear some attribution to the original developer. So it isn’t exactly the most free use source code that you’ll find, because there still is that stipulation.
The second aspect of this — and these are sort of addendums that Facebook made to their version of the license. Is that they added what’s called a “network use clause.” And essentially, it fixes what’s called the ASP hole, or the network operation of the distribution of the code.
Such that if you’re going to run the Facebook platform on your own server and you’re going to make modification to that code — because it touches the open web — effectively you’ve got to release that source code. So this is sort of a fix to GPL v2 or a number of other licenses that have come out that, as Tim O’Reilly has talked about, require an active distribution to invoke the licensing terms.
Whereas what we’re talking about here is now changing it, such that if you offer a web service based off of this source code, that is the triggering act that requires you to release your source code.
So this is sort of like the different issues that have come up. And I think what’s interesting to me about this in reflecting on these things, is how on the one hand open source is generally changing to fit into the cloud era of computing, or being changed by moving to cloud-based services.
But also how open source — I was sort of ruminating on this idea of what comes after open source? Once we’ve achieved this notion that all source code can be free, and that’s no longer either a competitive advantage or something that we’re struggling against.
I mean, Stallman basically wanted to be able to tinker with his apps, and when he received a binary executable that he couldn’t decompile, he was hindered from actually having control over the software on his computer.
Well, now we’re talking about web services that store your data and there are two important aspect there. One is that through APIs and through web services, you can essentially interact with your data, but if you data is locked up or put in proprietary formats, it’s a lot harder for you to actually do the kind of tinkering that was at issue before.
So it’s going to be interesting to see if open source licensing changes to reflect this new reality in a widespread way. Second, if people adopt these changes. Third, what this will mean for the open source community. Will people still have a frame of reference from desktop applications and desktop software and binary software? So that’s where the fight’s going to be fought.
Or are other efforts around, for example, the portability of data going to become the things that are going to matter for the next generation of open source software. And the last thing that I might say, is just about…
Gillmor: Bookmark that last thing, because I want to go down there, because I don’t think that’s a correct assumption to make that this is about data portability.
Messina: No, right. That’s fine.
Gillmor: Go ahead.
Messina: So the last thing that I was thinking about is in terms of a Facebook generation of open source developers, where it is presumed that source code is going to be made available via some service label, and people just aren’t going to care so much about the licenses and long as in passing they notice that the code is available and they can do some hacking and so forth.
I’m thinking about a lot of the college kids now that are interested in building fun apps. They want to be able to make apps that work. They’ll look at the source code from the platform. They won’t actually use the platform itself. It’s kind of like Microsoft Shared Source Initiative.
And there’ll be a whole wave of people that are like casual open source developers who just take it for granted that the code’s going to be out there. So that battle might be won. Where’s the next sort of opportunity?
Gillmor: On News Gang Live today, we were talking in a very abstract way about the notion of which is more important, the file system and file sharing and how you access information, or — and I’m vastly oversimplifying this — the people in the system and how you find the source of information, and are therefore ready to receive it one it occurs.
In other words, is it the data we’re looking for or is it the locus of the data? In other words, where the data is emitted from, that’s more important. And that’s why I wanted to push back on the notion that data portability is somehow the operative thing here.
It sound to me, and maybe this is just another way of looking at what you’re talking about, but it sounds to me like we’re developing a new kind of way of looking at the network as a service, rather than as a bunch of companies or entities. That the value is moving from the code to the services and the information streams that are made available through the infrastructure of the code.
Messina: Yeah, I think where you find sort of edges or blockages in terms of being able to do the things you want to do with the people that you want to do them with, that’s where stuff becomes the most interesting.
And I think that it’s going to be a combination of people, access to the data, the ability of people to sort of roam freely through these networks. And I think right now we’ve developed a very explicit, discrete model and architecture of the Web. You go to a specific web service, a specific domain, things happen.
We’re gotten a little ways with RSS feeds and stuff like that, that allow data to at least move around. But in terms of data, again, sort of what I call the “citizen-centric” view of the world, what we need to be able to think about is from an individual perspective, what is their view on the world, how do they relate to their friends, how do they connect to other people, in durable and consistent ways between different services?
And I guess this is sort of where some of my criticism of the data portability project is coming in, that it’s framing it, again, from the systems perspective. Which is the way that social networks have been developed, from this systems perspective point of view. And instead we need to think about this from, “Well, how does the individual who’s actually consuming these services interacting with these other things out there?”
How do they make sense of where they’re data lives, and how can they move their data around in a way that doesn’t put them in harms’ way necessarily?
Gillmor: OK, so looking at what Facebook is doing here, how do you see that as interacting with that vision that you just described? Or not?
Messina: Yeah, exactly. I actually had a conversation with Dave Morin about open source and the platform. And at the time that we had the conversation, it was kind of like this actually doesn’t move the needle at all. This doesn’t actually make a difference. It’s nice that you put this out there, it makes it easier for people who are developing Facebook applications to see what is consuming and parsing their code.
That’s convenient, but really, you had to do that anyway. There as no way that you necessarily compete with OpenSocial, where they’ve got Shindig as a reference implementation that does all the stuff in the spec, in the open spec, in a fairly well, or at least being well-defined spec. And have this sort of closed system that just is going to continue to be kind of evasive in terms of the way developers interact with it.
So in terms of the overall picture, maybe what it does is it allows us to see how the Facebook conception of these social objects within their system actually is constructed. That’s fairly useful. We certainly can get some ideas and grok how they see the world, but I don’t necessarily see this of being that much of a huge difference.
There are two things that are important here. One is it doesn’t mean we’re going to see a thousand Facebooks all popping up running off of this code. And two, a lot of the important bits of the Facebook platform — which I would include being the actually hard-core guts of this thing — are still definitely proprietary. I mean, they’re not out there in the wild.
And that’s something that I think is really important for people to understand, that the Facebook platform at the open itself is only a small sort of subset of all the stuff that is inside of Facebook. Now I may never actually expect that all of the stuff that is inside of Facebook to be open source, and I don’t know if that would change the game at all.
But overall, I think that the bigger problems here — and this is kind of what I wrote about in the “Battle for the Future of the Social Web” — is around these standards and formats. Once we get a good deal of adoption across a number of players with basic building block protocols and formats, that’s when it becomes interesting. That’s when you have real choice.
For now we’re just talking about building Mac or PC apps, and maybe having some translation layer in between. That’s where we are right now.
Gillmor: Dan Farber, have you got any questions?
Farber: Not really. I think Chris is laying out some of the issues that the industry is facing: what is the meaning of openness, what is the meaning of data portability as it relates to all these social networks that by nature are trying to colonize the web as opposed to necessarily create this great open space.
Gillmor: I think though that the notion of data portability is being somewhat debunked by what Chris is saying.
Farber: But I’m kind of more on the side of what David Recordon of Six Apart had to say, it’s not about data portability, it’s about openness and what degree of openness is there.
Messina: Do you think that what Facebook is doing is actually openness?
Farber: No, I don’t think it’s fully open, but I think they’re obviously taking some steps to address it. As you were saying earlier, the fact that OpenSocial and Friend Connect exists. And you will take the wrong path if you decide to become even more closed.
Messina: Yeah.
Farber: But I think the other question is really, who’s asking for this? We can talk about all the nits of the law, and what is data portability. But at the end of the road, it’s whether the people who are going to Facebook or MySpace or Google or wherever really care about how portable is their data, or what open source license they’re using.
Gillmor: It doesn’t seem like any of these so-called data portability maneuvers on the part of the major vendors are in fact about portability at all. It’s about access to the data which is stored on the proprietary service. Isn’t that true, Chris?
Messina: Yeah. I think that’s essentially true. And the reality is, I think, and this is my personal conviction, is that until people can host their own data and be considered first tier operators alongside the large silos, you don’t actually have real agency.
And real agency translates into having real economic choice, such that if you want to pull your data out of these systems and yet still be able to provide either APIs or talk to those APIs and what not, you should be able to do that. It’s very interesting to look at the latest version of Leopard that came out from Apple.
One of the big features that they built in was contact syncing an address book with your Google account, your Gmail account, basically. Now that’s great and all, but if you actually look at the interface, I believe you have essentially four different options. And so those defaults are critical.
There isn’t an option to choose some self-hosted contacts services that you’re hosting on your own domain someplace. You basically have to go through those main-line providers. And this is true — not just with that simple address book example — but this is true for just about any service, and any service that, for example, does contacts import from the major email providers, the webmail providers.
One of the things that — and I think I might have brought this up last time. I talked to Kevin Marks about with OpenSocial is that, what I would like to see happen is that, if I go to log into one of those friend connect sites that supports OpenSocial or whatever, allows me to log in with my OpenID.
Rather than outsourcing my friends list or my contact list to Google or to MySpace or those guys, at the end of my OpenID, I should be able to point to where I host my friends list. Now that might be on my own server in some adjacent format or whatever. Or it might be with one of the other providers or some third party that doesn’t even exist yet.
But I think that’s really critical to advancing the state of where this is. And like you talk about right now, this portability stuff, moving data between big silos and big partners, really isn’t, I think, where the open web needs to be for this stuff to really be moving towards the future that I think is still necessary.
Gillmor: Bob Lee from Google. Welcome.
Lee: Hey, how’s it going?
Gillmor: It’s going good. Dan, did you have something to say?
Farber: I just had a question for Chris about whether he sees a version of Drupal for mere mortals or something that would enable people to just roll their own social networks, their own data portability.
Messina: Well, I don’t want to paint what I’m doing too much. But this is the basic premise behind the DiSo Project, which is about distributed social networking. And in fact, right now we have a number of plug-ins for WordPress, so you can actually host your own blog and start hosting your own blog roll. So that’s one way of actually storing your own contact list.
We are actually, on June 18th in San Francisco, going to have a Drupal/DiSo meet-up, where we’re going to talk to the Drupal folks about adding support for some of the concepts and plug-ins. Well, for them, for modules. In order to enable this stuff. And Steve Ivy, who’s actually in the chat has actually been working on plug-ins for Movable Type Six Apart.
What we’re trying to do right now is essentially figure out a way of doing very basic, low-level distributed social networking between Drupal, Movable Type, and WordPress, to start. And eventually, if the formats and methods and mechanisms that we develop with this project can flow upstream — and in fact, OAuth is one of those things — then we actually start to provide something of great value that the larger organizations really have no reason not to adopt. It grows their pie and it allows people to innovate on their own spaces.
Gillmor: Right, but, Chris, you and I are talking about the past, about the notion of trying to convince the big players to do something as opposed to rolling it from the bottom up. How can users actually adopt these ideas? First of all, it’s completely Greek to most people, what you’re talking about.
Messina: Absolutely.
Gillmor: But there must be some value proposition that can be attached to this. When I hear WordPress, people are already using the fact that you can sign on to a WordPress blog and basically build out a web service without any cost whatsoever.
Messina: Yeah, that’s right. We have to start somewhere, and the reality is, as I like to point out, OpenID 2.0 and OAuth 1.0 were only finalized in last December. It’s been six months since then. And we are actually moving rapidly forward with getting adoption for those standards in particular with the large vendors, like AOL and Yahoo!, and even Microsoft is coming on board on a number of these things coming up. And we are actually jointly developing a portable contacts formatted API based on Bcard. So we’re making progress with these things.
To answer your question though about two things: user value and when this stuff actually plays out for them. On the one hand, it’s kind of like, you can talk about XMPP and Jabber for a long time, and people are like, “What the hell are you talking about? What is this nonsense?” But when you show them that two people on two different networks can talk and chat back and forth with one another, and they don’t need to sign up for a new account, and now you’ve broken down that barrier.
As far as I’m concerned, demonstrating that you can connect with someone using what you’re already using, what you’ve already invested in, given a profile or a blog that you’ve been using for several years. And all of a sudden that becomes your social network hub. That to me is where this starts to demonstrate real value.
Gillmor: OK. Explain that on a practical basis. What do you mean chat? I saw the other day that Mike Arrington finally gave up on Adium completely.
Messina: [laughs] Well I only bring up chat because it starts out with a bunch of different acronyms that developers can understand and use as tokens in the course of their conversation.
Gillmor: I don’t think it’s a trivial issue. I’ve attempted so far not to use the “T” word. But in fact, the “T” experience is chat.
Messina: That’s right.
Gillmor: A ubiquitous chat service certainly seems to me to be the simplest way of engaging a user base. So, what are we talking about?
Messina: I think that, in fact, XMPP is one of the protocols that we really want to embed and bake into the way in which DiSo works. It’s a little ways off, because it does something differently than your standard HTTP calls are going to work.
But even still, there’s a large number of people working on this stuff.
Gillmor: Can you boil that down just a little bit more?
Messina: Yeah. So for example, this past February we were at Social Graph Bootcamp in Sebastopol, and Blaine — who was still employed by Twitter at the time — and I think Ralph. And who else was there? Maybe Uri or Andy Smith or any of these folks.
Anyway, they created a bridge between Pownce, Twitter and Jaiku, allowing you essentially to follow any member of the social network and then post messages. Now that bridge basically was really simple code and it was never released, but that was actually the power in the demonstration of using XMPP as the foundation of the social network.
So the fact that it hasn’t been done yet, especially given Twitter’s recent issues, is curious, of course. But it also speaks to an opportunity that eventually could be realized through the widespread distribution of XMPP, which, of course, also powers Gtalk.
So, I think, we are just waiting, again, for a lot of these pieces to line up, to fall into place. We obviously have to write a lot of code to get to there. Again, maybe the sort of answer your question in a very roundabout way, there is definitely going to be a lot of individual value created through this type of distributed social network, and we have the machinery to do it. Twitter is actually an excellent demonstration of that, even though they are a centralized service.
Gillmor: Bob Lee, you want to comment on this?
Lee: Yeah, I don’t really have much. [laughs] It sounds good.
Gardner: It seems we have got a little bit ahead of ourselves as we go application by application, and social network by social network, in determining what people should or shouldn’t get in terms of openness. Seems to me we need to take a lesson from the open source movement and recognize that very little happens until you get an established license, defined and in-place and agreed upon by the multiple parties.
Don’t we really need something like the equivalent of a GPL or an Apache or a limited GPL license that gets in between the individual users and these multiple online applications and providers, that distinguishes what belongs to whom and what can be reused and extended out into a community or back to the individual?
Gillmor: Well, I don’t think so. This is why I am trying to get my arms and everybody’s arms around this whole XMPP bridge that already exists, that has already been used. There doesn’t seem to be a lot of issues around who owns the code, in terms of talking to the Jabber framework.
Gardner: But if we go protocol by protocol, code by code, it seems more tactical, whereas if…
Gillmor: I don’t agree. I think that what Twitter shows us is that incredible power can be unleashed with a few very, very simple primitives. So why do we want to wait around for data portability or the W3C or IEEE, or any of these kinds of agreed-upon bodies and all of the politics that results from it.
Think of what happened with RSS, and if you take a look at what happened even with Atom. There were a bunch of people, who, after there was enough critical mass, they came in and basically, against some degree of opposition, were able to push through some standards which are now being used by some of the major players.
But it doesn’t take the major players to adopt this right now.
Gardner: I am not proposing third party like that. I am saying, what if users could agree on a stipulation that’s part of their user agreement with these organizations…
Gillmor: The users, they are not even interested in using these tools. That’s what I was trying to ask Chris, that to begin with, what do we do to incentivize the user to… I tried to log on to Discuss, for about the fifth time the other day. I am pretty sure that I have logged on and that I have gone through the profile process, and that I have the user’s name, but I cannot figure out how to get into it.
Isn’t there some sort of a capability, even if it was just like a honey pot that could be set up, that would allow people to come to one place and be able to register, in order to be able to use these kinds of services that was simple. Even if it was just a game that you ended up playing, where you could get a certain number of points. I have seen my wife play this Fandango game until her eyes bleed.
There must be some way of incentivizing users, to be able to deliver some value, that can then be stuffed into these so-called standards.
Gardner: Right. So there is power in numbers. If you get enough users, you can band together and then say, this is the kind of license we…
Gillmor: I get the model, Dana. What I want to hear is from the propeller heads — whether or not there is some way of doing this. John Udell has been saying for years, that the problem with a lot of this authentication stuff is that it is way too complicated.
Chris?
Messina: That absolutely is correct.
Gillmor: OK. Is this hopeless? Are we wasting our time?
Messina: No, not at all. Again, I think that there is so many different layers to this, and so many different things that need to be fixed. Because we have basically been running the web kind of backwards for a while, where it was OK when it started out. Then, both in terms of the market and the way monetization happened, we moved towards this trend of centralization.
And not like just centralization, but also trying to close down the web and protect things and stop the free flow of information, whether it was through firewalls, or through intranets and blah, blah, blah. People just try to exert all this control on what had previously been a pretty open system, or very open system.
Ignoring the abuses that came from that, open systems to me are much more resilient than closed ones. Again, I cite the human body as the perfect example of this, where we can catch the common cold but we can actually… Because we are an open system, we have mouths and ears and eyes and stuff like that, where we can get diseases, but we have resilience in that we have ways of fighting back.
I think that there has been a lot of move towards these Facebook silos, or the MySpace silos. It seems more obvious how to monetize them, as opposed to moving towards the distributed approach, where you compete on quality of service.
Now, let me go back to this question about authentication, because it is a very good one and a very pertinent one. The user experience of OpenID, for the most part today, sucks. I think that’s not something that’s going to go away right away. Just like browsers sucked for a while, they have gotten a bit better. I think IE 8.0 is doing some interesting things from an interface perspective.
As we discover these use cases, we can make improvements. Let me suggest that while OpenID allows us to do single sign-on or authentication across multiple domains using a single account, the real value, I think, also comes in having a single identifier for an individual such that it becomes now valuable to have a place where you are storing a bunch of information about you. That becomes your profile. That becomes your hub on the social network, the distributed social network.
There is value in that, and it makes it really easy for you to participate in these new applications, because at that URL endpoint you are advertising all the different services that you use, such that when you sign up for a new service, that new service can then go find your profile, find your friends, find a bunch of other data about you, and then you are able to provide it with permissions to access parts of that data.
Gillmor: Why would you want to take all the time to be able to fill that out?
Messina: OK, let me back up a little bit. The point is that you should be able to do stuff once. So you are maintaining one list of your friends, one profile, in which you can, maybe, have a few facets. Your professional profile, your biodata, or whatever.
Gillmor: I understand that as a goal, as a laudable entity. That’s what Doc Searls was talking with vendor relationship management.
Messina: That’s right.
Gillmor: But the question I have always had is why would I ever want to spend the time to do that?
Messina: OK. Two things. One is that a lot of these sites are asking for you to do that anyways. Second is that, when you sign up for a new service, there are two aspects to a lot of new web services that come out. One is the notion of being able to look around and find your friend who is here. The second is that if you do find other people who are on the service you want to know a little bit more about them.
Now, all these different services usually provide one nugget of goodness. They don’t need to recreate the entire photo-sharing system or uploading videos and all of this blah, blah, blah crap that actually builds out a really rich profile, so that you get a good sense of the other people that are on the network.
Therefore, it seems to me that if I can show up - for example, I leave a comment on your blog; your readers want to know more about me. Well, if I log in your blog using my OpenID, and on the end of my OpenID I advertise a number of services or data that is available for anybody to see. On your blog, your blog software goes out and pulls in parts of my profile and say, “Oh, and here’s Christmas photos and here’s some of his videos.”
This is all public data. Now people have a much better sense of the context in which I’m coming and who I am. And they may choose to connect with me in a very different way.
Gillmor: OK, so let me take this…
Messina: That’s why I would do it once.
Gillmor: I understand now the value proposition of this. And I’m not speaking as me here, because I understood it before I asked the question.
Messina: [laughs] OK.
Gillmor: Now, let’s talk about the most atomic level of profile data that I think is useful. And somebody in the chat just said it, I believe. “Export your Twitter XFN.”
Messina: Yep.
Gillmor: You want to say what that means?
Messina: Sure. The brilliance there is that Twitter actually already supports XFN, and they already support…
Gillmor: OK. So this is…
Messina: What that means though…
Gillmor: This is a family-oriented show.
Messina: [laughs] That’s right. What’s with the gobbledy-gook acronyms?
Gillmor: What does it mean?
Messina: What it should mean, I hope, and actually I like that Twitter sort of sits there as being this almost retarded system, and yet that’s where it’s brilliance lies, in that one, it provided people a tool to put stuff out on the Web — awesome. But second, it also provides you a place to keep some of your friends handy.
So if you were to use — as someone suggested in the chat — their Twitter as their OpenID or as their identity, they go to a new service, they can actually bring their friends with them because Twitter is exposing those friends through the XFN micro-format.
So there’s a list of identifiers, which is essentially twitter.com/username. Now somebody might have chosen to add personal URL to their profile, which is also marked up using the “real me” XFN value. Like, “Here’s another one of my profiles.” And there are any number of things that can actually be done with that very, very simple basic information, that allows the contacts to flow.
Gillmor: Stop. All right. So, who’s going to do that? Who’s going to have an economic incentive to create a service? You’re telling me that these XFN records are on the network, assuming that Twitter is actually working.
Messina: That’s right. [laughs] Assuming it’s up.
Gillmor: OK. So how is that delivered? Is that delivered through the real-time XMPP feed? Or is that delivered through and API, calls, or what? How is it available?
Messina: All of the above. The XFN in particular, however, is actually on the web page itself. So if you go to my Twitter account, if you go to Twitter.com/factoryjoe, and you look on the sidebar and you see all those little faces, those faces and those faces and those links are all marked up with “rel=contact.”
Gillmor: So it could be screen scraped, in other words.
Messina: Absolutely.
Gillmor: And hopefully there would be a more high-bandwidth service that would be available as well.
Messina: Well, you can get — and this is kind of what we’re working on with the portable contacts API stuff is how to represent this stuff in a much less dense format, but we’re still using more or less the same values.
And I think it’s also important to look at a service like Doppler, as well as I think Satisfaction might be doing this, where they are actually using XFN as it exists on Twitter to tell you, “Hey, by the way, some of your friends on Twitter, who happen to have the same name and the same user name are already here as well. So rather than importing your email addressed you could add your friends now.”
Gillmor: I get that. But, again, I’m trying to go from the fundamental rather than… I mean, Doppler’s great; my brother’s a co-founder. I have no idea what it is. Let’s not confuse things.
Messina: [laughs] OK.
Gillmor: I want to go back to the notion that if my fundamental identity, if I’m willing to deed access to my identity through this one record…
Messina: That’s right.
Gillmor: Namely the Twitter record, right?
Messina: Yeah.
Gillmor: Basically there have been very few people who have been denied Twitter identities.
Messina: That’s true.
Gillmor: And it’s been built up rather rapidly and it has tremendous value in terms of a social graph.
Messina: That’s right.
Gillmor: Assuming that Track is working.
Messina: Yeah.
Gillmor: OK. So what’s to prevent somebody from establishing, in the real world, a directory that’s based on this and give people the incentive to be able to log in — I mean, are there credentials that are attached to the XFN records?
Messina: No. In fact, I guess to cut to the chase and answer your question, absolutely nothing is preventing anybody from doing that.
Gillmor: Yeah, but is there anybody incenting anyone to do it?
Messina: Like, for example, this Plurk service came out the other day, and I don’t know if you saw it, but it’s essentially Twitter with a timeline and some verbs. And it kind of drove me nuts that here they’re providing a service that could ostensibly provide some value because they’re adding in a fairly interesting, somewhat compelling visualization on top of the Twitter concept.
But they didn’t do friend import. It’s like sitting right there in front of them. It’s the easiest thing with the highest value possible, to say, “By the way, we have this cool service. You can continue posting to Twitter like you’ve always done, but we’re going to add some value.” And they can do whatever they want to do: throw some adds next to it, services, sell you a car, whatever they want.
But it’s like going to a party where I’m making friends list available to you to also invite, and you’re kind of ignoring that and saying, “We’re going to have you call all your friends manually when you get to this party, and now it’s up to you to convince them to come over.” As opposed to letting it happen serendipitously the way that most things on the web happen.
Gillmor: Right. But serendipity and the economics of developing a service, aren’t they somewhat antithetical to each other?
Messina: No. I mean, if you look at the way that Plurk spread on Twitter actually, and this is just like two days ago. And this the way that most Twitter cliques kind of happen.
Gillmor: I know. But a lot of why Plurk spread on Twitter is because Twitter’s down.
Messina: Yeah, of course.
Gillmor: I mean, people, once they get there — I got there and I have no idea what the hell this thing is and I’m not going to use it.
Messina: [laughs]
Gillmor: It’s a great marketing thing that the Twitter gateway is down, but it won’t always be like that. Again, my question is, is there some degree of user value that could be attached to using the XFN records of the Twitter social graph to be able to build up some sort of a container that can allow people to be able to add and relate the different social graphs that they are on to that fundamental initial graph, which is Twitter.
Messina: Yeah, I mean, you can use things like the..
Gillmor: Bob?
Lee: Yeah?
Gillmor: You’ve got a really noisy line.
Messina: I don’t think that’s me. Do you think that’s me?
Gillmor: No, I don’t think so, I think that’s Bob. Let me check. Can you mute, Bob?
Lee: I muted. I just muted and came back on.
Gillmor: OK, that actually wouldn’t tell us anything. Let me just take a second here to figure this out. I’m going to mute you, Bob, let’s see whether it goes away or not. No, it didn’t go away. Let me see. It’s better now anyway. Go ahead.
Lee: Who?
Gillmor: Whoever was talking. It wasn’t me. I think it was Chris.
Messina: Yeah, well, I’m doing a lot of talking again.
Gillmor: That’s all right.
Messina: I guess to answer your question, there’s no reason why you can’t use something like Google Contact — well, not the Google Contacts API — the social graph API that Google offers that does XFN spidering, as a way..
Gillmor: Explain that.
Messina: Essentially, I believe it was Brad Fitzpatrick that did most of the work there. Or all of the work, I’m not sure. Yeah, all the work. And basically it goes out and finds these XFN connections. There are 18 different values within the XFN sort of attribute set. It looks for them and then makes correlations between URLs.
It’s actually a very efficient way of expressing a graph, and it’s very compatible with the open Web. Essentially takes any URL, you describe the relationship to another URL, and viola, you have a relationship.
Now if that relationship is reciprocated, or if there’s a relationship expressed in the inverse direction, that also is useful information. So for example, if I go, and you can do this right now, if you go to twitter.com/factoryjoe, there is a link to my website, factoryjoe.com. That link is specified with the relationship of “me.” And the “me” value basically says this is another one of my profiles, this is another website that I control.
Now on my website, and I think I need to set this up still, but presuming, let’s say, that you go to my website, if on factoryjoe.com I link to my Twitter account, and as a “rel=me,” that is a way of sort of bi-directionally claiming those two URLs as being the same person. That’s one very, very simple link.
Now, if I link to any of my friends, you know, Steve Ivy or something, redmonk.net, and I say, “rel=contact/friend,” that is a description on that link, so essentially, just through URLs and through hyperlinks, the very things, the very fabric of the web, we can create this distributed social graph.
It becomes useful then, at least convenient, to host one’s social graph in one consistent or convenient place. Twitter, right now, is a really useful place to do that.
Gillmor: OK, so now we’ve got Twitter and we’ve go the Social Graph API on Google.
Messina: Yeah.
Gillmor: And I think that’s what you said just now. How do we relate that Twitter or Google Social Graph data to Facebook, for example?
Messina: Well, unfortunately, basically it doesn’t do a whole lot in terms of exposing those relationships in sort of a lowercase semantic web kind of way, in the sense of expressing relationships.
And they also have problems with caching the data remotely, so once you pull that data out, it’s unclear. You know, this sort of goes back, I think, to what Dana was saying about this contract stuff, which isn’t a great leverage point, but it does sort of bring up the issue of, “Well, if I want to be able to move my friends around, Twitter at least makes it possible for me to do that.” They don’t do it through XMPP yet, unfortunately, but they do do it through their API and through the publishing of XFN.
When it comes to Facebook, you can at least, for example, on your Twitter account, point to your Facebook URL and say “rel=me.” And that’s one way of at least getting at that data.
Now, I don’t think that a Facebook endpoint, today, exposes a lot of information. This sort of goes back to one of the primary problems with Facebook behaving sort of like the nanny state, where they say that they know best, and what’s best for their users, by setting certain defaults, certain limited defaults in terms of what data they expose, but they actually also don’t provide for more permissive or expressive options if someone does want to, for example, use their Facebook URL as their main profile. Does that make sense?
Gillmor: Yes.
Messina: So in terms of the question, you can do a correlation between your Twitter friends and your Facebook friends, but it really requires an order of magnitude more work. For example, you’d probably have to install a Facebook app that then would interact with your Twitter account, and blah, blah, blah, and it’s just kind of a mess.
Gillmor: OK. And also they may shut you down at some point, right?
Messina: That’s very likely, yeah. Yeah.
Gillmor: OK. So basically we have to route around Facebook completely.
Messina: For the time being, it doesn’t seem like, with the way that Facebook approaches data protection, protectionism, yeah. If you want to do anything effective, and this is, let me sort of also say this: Twitter has added support for XFN, but the beauty of that is that anybody can implement support for XFN on any website.
So if you have a blogroll in WordPress, and you actually specify those relationships using the link tool, you are actually operating at the same level as Twitter. You don’t have to do anything different, you just publish the links just like Twitter does, and then you now have, in terms of the social graph parser, it doesn’t care whether it’s Twitter.com, or whether it’s factoryjoe.com, or whether it’s redmonk.net or whatever, the links look the same to it.
So now you’re playing on the same equal footing as everybody else as opposed to having to support some proprietary format for expressing relationships.
Gillmor: Right, but the politics of this is that those large players that refuse to allow an entry point, they will remain outside of this.
Messina: And eventually, just like the dinosaurs, they’ll get stuck in the mud.
Gillmor: Yeah, I’m not so sure.
Messina: OK.
Gillmor: At some point, if you look at the history of Windows, for example, at some point the dinosaur, everybody else got stuck in the mud and the dinosaur won.
Messina: I haven’t seen too many dinosaurs around today, but…
Gillmor: Well, I mean, at some point Windows became the default platform that everybody had to be on regardless of what the openness of the platform was.
Messina: Yeah, fair enough. Fair enough.
Gillmor: OK. So at this point, is there any way..
Messina: Are you saying, then, though, that Facebook is going to win in that way? I mean, this is what I..
Gillmor: No, I don’t think so. I think that Twitter’s going to win. I’m just asking, you know, at some point we have to figure out what it is that we could do to evangelize what you’re talking about in such a way that users would understand that this is imperative, of Facebook, is going to be counter to anything that would be useful.
Messina: Yeah, I see what you’re saying.
Gillmor: At which point people might gloat by going after a solution which has more of a chance of spreading.
Messina: Well, OK. I mean, you have to look at this from sort of a two-step solution, or like a one-two punch type of thing. One is that you have to actually create something that has immense value, because right now actually — and this is sort of an interesting, I guess, parallel — we did some work with Songbird, they’re a Mozilla-based media player, really interesting project I think, but their competition is essentially iTunes.
And I know that Rob Lord would take issue with me making that characterization, but the reality is, when people think of playing music, right now it’s primarily through iTunes, especially if you’re on a Mac or if you use an iPod.
When we worked on the Spread Firefox project, our competition, you know, is Internet Explorer, which was fraught with malware, spyware, pop-ups, you know, the Web was just a pretty awful place if you used IE.
So Firefox came along, fixed a bunch of those issues, provided a much more compelling user experience such that anybody who had a grandmother, mother, father, brother, sister, or cousin who didn’t actually follow technology but used the Web, would gain some benefit from using Firefox.
And so while the technology that enabled Firefox to happen was obviously compelling and very interesting and they solved a lot of problems, it was obviously the end user value that people were able to promote, I think, to drive the adoption of Firefox.
So the point that I’m making is that Firefox is actually, I’m sorry, Facebook is not actually that bad for most people. In fact, a lot of people have reconnected with people that they went to kindergarten with, you know, and that has actually had some value for them because it’s helping them to reestablish relationships and connections.
Now, the only way for us to really, I think, answer that opportunity is to provide a better, more consistent, more reliable type of connecting with people that also allows for new types of expression that don’t require someone just to live within the Facebook universe.
So Facebook will continue to exist; I think it should continue to exist. I think MySpace and all the open social containers should continue to exist, but I think that there should also be this alternative, distributed approach in order to make sure that competition is ensured, I guess, for the future of the open web.
So I guess maybe I’m a little less concerned about Facebook locking all these people in, or locking all these folks in, because right now it’s having its heyday because of how good it is at providing a mean for people to get into social networking and to connect through the Internet. That’s what I think.
Gillmor: But the issue here, first of all, everything was fine up until the last three or four sentences, where you suddenly got theoretical.
Messina: I see. Interesting.
Gillmor: OK. So what seems to me to be, if we could focus on what you were just saying prior to that, which is if there was some way of providing utility…
Messina: I didn’t finish my one-two punch thing, so on the one hand…
Gillmor: By the way, it is your line, by the way. Just so you know.
Messina: Which is?
Gillmor: Are you 412?
Messina: I am. That’s right.
Gillmor: It’s your line that’s dirty. Go on.
Messina: I’m sorry.
Gillmor: I don’t want to interrupt this. I just wanted to let you know.
Messina: OK. I brought up both Songbird and iTunes to suggest that while there’s actually not a huge pain point there for Songbird to fix, when compared with Firefox and Internet Explorer. So Songbird clearly has to come up with something that’s a huge value proposition.
The second part is that Facebook right now actually provides pretty good value. They do a pretty good job of protecting, whatever that means, protecting their users from exposing themselves in a place that, so far, a lot of people are still intimidated by. They don’t understand. They need to have a clean experience.
Now, where we go from here. Once we establish the ways in which this stuff can work in a distributed way, and we define the user flows, user interaction models, things that actually are going to work no matter what system people are on. Again, whether they’re self-hosted or whether they’re out working on it with Facebook.
One of the big challenges here really is allowing, let’s say, someone who’s on Facebook to add someone on MySpace as a friend. The reality is that people have friends that exist on these two ecosystems.
Gillmor: Yeah. Forget about that. Let’s talk about somebody who is a friend on Twitter adding somebody on Facebook.
Messina: OK, well that’s fine. Let’s use that as an example. It doesn’t really matter.
Gillmor: No, it really does matter. I don’t use MySpace. I don’t care.
Messina: [laughs] OK. Let’s say it’s Twitter adding a friend from Facebook as a friend. That’s great. The way in which I think we accomplish that is by building out the platform underneath all this stuff, built on these open formats and standards, protocols, whatever. We make this stuff really just work, really be seamless.
We create an identity layer on the Web, a relationship layer on the Web, put together a social layer on the Web. And we allow people to start building applications that take a bunch of things for granted. And it no longer should matter whether someone is on Twitter or on Facebook. They should be able to connect to their friend.
Gillmor: That’s wonderful. We’re all singing “Kumbaya.” But now, how do we do it? I’ve got an idea. Let me ask you a question.
Messina: Go for it.
Gillmor: You know the TinyURL? It’s very powerful.
Messina: OK.
Gillmor: I think it’s powerful because you don’t know what’s in it.
Messina: That’s also scary, but sure.
Gillmor: No. I mean, you can figure out what’s in it.
Messina: By clicking through it?
Gillmor: Sure. Software can jump ahead and look at it and say, no don’t do this, right?
Messina: Yeah.
Gillmor: You can intermediate it.
Messina: Yeah.
Gillmor: OK. So what if you’re on Twitter. You click on a TinyURL, and it knows who you are and what your password identity information is on Facebook.
Messina: Yeah, OK.
Gillmor: So it passes that token, or however that..
Messina: However that magic works.
Gillmor: As a proxy for you.
Messina: Yeah.
Gillmor: And so it opens up that page on Facebook as though you were on the free wide open Web. Because you’ve established those credentials as part of your Twitter profile identity store.
Messina: OK.
Gillmor: Would that help?
Messina: I’m not sure it does, only because at some point there does need to be an explicit act that authorizes Facebook to either have some access to my account, to know who I am, or what have you. Now presuming that flow has already happened, and let’s say that I’ve authorized Facebook to have that kind of access.
So there’s absolutely no reason why that stuff shouldn’t work. In fact, I believe you can kind of do that with Facebook apps today if you install the Twitter app. And I guess that’s where the big barrier exists. It’s actually installing these apps. Because you have to have a Facebook profile, you have to have a Facebook account.
Gillmor: Right, but my point would be that if all that stuff exists and there was an application that was Twitter-based that allowed you to be able to create those relationships, Facebook wouldn’t even have to know about it.
Messina: That’s true. In fact, maybe the best thing to look at in terms of one implementation of this at a very rudimentary level is the Flickr casual privacy stuff that Kellen has worked on. And that stuff is actually fairly interesting, simply because of how, again, dumb the implementation is, but it works.
He uses sort of a metaphor of secrets, which by design or by implementation or whatever, are actually somewhat lofty when it comes to the real world. So when someone shares a secret with you, you may choose to actually pass that secret on even if you promised not to tell someone else.
The same thing is true for these URLs that get passed around in email that lead to a collection of photos which may or may not be publicly shared. So, you can imagine something similar happening where there may be URLs that only you can see within the Twitter realm that also provide you access to protected resources elsewhere.
Gillmor: Right. So isn’t it possible that a consent-laden connector could be built up on top of Twitter?
Messina: Yeah. I think technically a lot of this stuff is feasible and possible. The biggest challenge is, and again this is why we’re focusing on plug-ins for platforms [...].
[audio problems]
Gillmor: You’re breaking up. Say again.
Messina: It shouldn’t be mine.
Gillmor: Say again.
Messina: I’ve got full bars. I don’t know what’s going on.
Gillmor: Who’s breaking up?
Messina: I don’t know. I can hear you just fine. I don’t think it’s me.
Gillmor: It’s hard to hear you now.
Messina: OK. Can you hear me now?
Gillmor: Yeah, that’s better. Go ahead.
Messina: All right, I don’t know what happened. OK. What I was going to say is that, technically a lot of this stuff actually isn’t that hard to do, especially if you do it one-off. The harder part is getting adoption. And second, getting the attention of either Facebook or Twitter developers to implement this stuff.
For example, OAuth actually came from a need expressed by Twitter in considering implementing OpenID. So last November, I was trying to convince — actually, not this last November. It was the November before this past November. I was trying to convince Blaine Cook to support OpenID in Twitter.
He was all about it, really wanted to do it. And all of a sudden we looked at the API, which was using Basic Auth, which basically means that you have to supply your Twitter user name and password to access the API services. Now if you use Twitterific or Twirl or any of these services, you know that that’s actually how the authorization flow works right now.
So, we realized that this was a problem that anybody supporting OpenID was going to experience. Magnolia had a similar problem, where their dashboard widgets were they had a desktop application that needed to allow for people with OpenIDs to do the authentication flow. Well, BLOA, that was sort of the birth of OAuth.
The point is, if not a year and a half later and many months, six months after the OAuth spec has been finalized, Twitter has still not adopted or supported either OpenID or OAuth.
And the reason why I bring this up, not just to chide them or whatever — they have their own priorities — but it is actually that issue, that both Facebook and Twitter have their own issues. That these things that we talk about in Silicon Valley that are big issues and big deals for a lot of us hyper-connected, augmented humans, really aren’t issues for a lot of the folks that they’re dealing with on a day-to-day basis.
Gillmor: OK. Stop right there. Stop right there. I don’t care about that rationalization.
Messina: It’s not a rationalization.
Gillmor: Historically, that’s been a rationalization that Microsoft has used for decades, which is that, “We don’t hear from our users that they want this.” That’s bullshit. I’m simply trying to reduce this to the lowest number of moving parts. So forget about Facebook for a minute.
Messina: You brought it up.
Gillmor: This is an interactive conversation. I’m suggesting that we forget about Facebook for a minute.
Messina: [laughs] OK.
Gillmor: Thank you.
Gardner: Hey Steve, this notion of the proxy..
Gillmor: Hang on a second. Hang on a second. Hold that thought. Let me finish my point.
If the stumbling block is that Twitter has not yet adopted these tools, what’s to prevent using TinyURL? I know I’m being very stupid about this, but so far I haven’t heard anybody object to it, which means it possibly could be not so stupid.
If we took that and used that as a handoff to be able to go to a second service much like what Gabe was talking about last night around Track, it would go to a second service which performed all those things and serve as a middle person or proxy between the two services, wouldn’t that work just as effectively?
Messina: I think it’s certainly worth trying.
Gardner: And, Steve, isn’t there already something out there that does this? Isn’t authentication and with Verisign offers and RSA offers very much similar to this in terms of concept, but does it at a security and encrypted authentication level? Why couldn’t we bump that level up to include this metadata and definition of user social graph information?
Gillmor: This is a question for Chris or for Bob Lee.
Messina: I’d love to hear from Bob.
Lee: Yeah, I don’t know.
Gillmor: I don’t either but I don’t know why we’re talking about Verisign when we’re talking about something that’s a lot simpler with a much smaller group of people that would be interested in it being spelled out. I don’t know why we want to go to this big models here for something that I’m just getting trying to get a straight answer at a very, very granular level.
Gardner: You might want to go to them because they already exist so you don’t have to rethink it.
Gillmor: I don’t care. There’s a lot of things that exists that I don’t give a shit about. I just want to know a straight answer which is whether or not… What I’ve heard from Chris Messina is that this is worth looking into. That’s a lot better than trying to boil the ocean with VeriSign or anybody else.
Gardner: I have to be honest; I don’t actually understand exactly what you’re proposing.
Gillmor: What I’m proposing is that there is no support according to what I understand Chris Messina to have said. There’s no support for OpenID or OAuth at the Twitter level, correct, Chris?
Messina: Yeah, basically.
Gillmor: OK.
Messina: Actually, let me sort of suggest one thing. Ian McKellar did do something I believe called Twoth. Lovely name and everything. But what it does is it allows you to sign in to a web service by receiving a direct message from Twitter.
So, it’s not exactly the ideal OpenID flow. But if you can receive a direct message on a certain Twitter account, you have basically just done enough to authenticate that you are the owner of that Twitter account, and as such the OpenID flow can proceed and continue.
Gillmor: OK, so that’s OpenID?
Messina: That’s right.
Gillmor: In theory. All right, now what is the OAuth conversation about?
Messina: So, the OAuth conversation — there are two things here. You know, one is around authentication, proving that you know you are who you say you are whether you come from a certain URL, OK? The other is around authorization.
And one of the problems that we have right now with Twitter is that there are so many great applications out there and all of them require your user name and password, whether they’re desktop-based or web-based.
And this is a real, I think, problem because your credentials, your Twitter credentials, especially as you’re talking, Steve, about how important Twitter is to all these things, right, and how cenral Twitter is. People are throwing their user names and passwords to Twitter around like confetti, giving them to any third-party service that says, “Oh, we do Twitter immigration.” You know, so service like Bright Kite comes up or Satisfaction comes up. And they’re like, “We will post to Twitter on your behalf.”
Gillmor: But the canonical example is something that Arrington pointed out called Group Tweet or something like that.
Messina: Yeah, that’s right.
Gillmor: [...] and just collapsed your entire cloud.
Messina: Yeah. That’s right. A perfect example.
Gillmor: So definitely that’s not a good thing?
Messina: No, that’s right. And the other thing is that what’s great about OAuth in particular is because it’s a token-based system so you can provide essentially IDs to certain actions or behaviors or permissions that are granted, you now have a way of recovering.
You know, I talked about these open systems that need a way of being resilient. You know, you catch a cold you take some medicine or something. With OAuth, you can essentially say, you know, this action is being taken by this third-party service device — piece of software, what have you — and all of the sudden it goes haywire, like Group Tweet or whatever. Turn it off and discontinue the actions of that token.
The problem that we have today is that if you change your Twitter user name and password, you break every single piece of integration that you have with any other site that uses your Twitter credentials.
So, you don’t actually have specific control to say, “I want to turn off access from Twitterific. It’s bugging me. It’s like posting random messages, or whatever, it’s clearly gone haywire.” You know, it’s like Flickr provides a great model of how you can turn on and off access from different services.
This is just an example of one of the things that if we had it, I think Twitter would not only be providing greater value, but it would be demonstrating a level of user control over the use of this system that would actually be, I think, leading to greater resilience. I noticed that they just actually reduced the level of API calls a single IP can make from 70 to 30 or something like that.
Gillmor: Mm-hmm.
Messina: You know, these types of things happening could be better metered if…
Gillmor: They went on a global basis.
Messina: With OAuth, that’s right.
Gillmor: OK. So, that will be a good thing to be able to do. So, how do we bootstrap OAuth into the current system as opposed to some future adoption by Twitter?
Messina: That I don’t think is nearly as possible as what Ian did. Simply because, I mean, what we’re talking about is whether or not you provide your Twitter user name and password when you’re accessing private data or you provide a sign-in mechanism and a token. And that’s essentially the difference between the two mechanisms. And so Twitter literally will have to support that on their backend in order to make it fly.
Gillmor: Well, what if you have some sort of application that you put in front of your sign-on to Twitter which basically authenticated to…
Messina: Yeah, if you trust that middle layer and you give it your credentials and — and this is really the critical part, And this is where a lot of the stuff that we’ve done around Service Discovery comes into play — if that remote service doesn’t really care what endpoints the Twitter data is coming from and you allow for a middle man to step in between that transaction, then you could use OAuth for that middleman. Does that make sense?
So, essentially that third-party service, like Twitterific, could say, “OK. I will accept the Twitter data from Twitterauth.com,” or TwitterOAuth.com or whatever. You go to TwitterOAuth.com, you sign up there, you provide them with your actual Twitter credentials and then the data is being provided by that third-party service in an OAuth delegated method. So, it’s still not…
Gillmor: The answer is yes?
Messina: It’s yes with a caveat.
Gillmor: Which is that the service — the third-party service — needs to be credible?
Messina: Which means the third-party service has to be able to — let me put it this way: the third-party service should not be hardwired to only talk to Twitter. Right, OK? So if you want to provide…
Gillmor: So could it be talking to…
Messina: You can be talking to your other logins if you wanted to.
Gillmor: Friend Connect.
Messina: Sure, if they support the same calls and the same API. For example, very early on when we were doing our work with Magnolia we had Magnolia mirror the del.icio.us APIs. We had all the same calls and functions and everything like that you’d expect from del.icio.us.
So people who built del.icio.us clients, that posted to a del.icio.us account, only had to change the URL they were posting to in order to support Magnolia. And that was huge for Magnolia, because obviously all these tools had already been created for del.icio.us.
So, very similarly if a service-like Plurk comes along or even Pounce or whomever, and they just mirror the same cause that the Twitter offers, you now can put a third party in between posting to Twitter or you could even do it from your own blog if you wanted to.
Gillmor: Right. I’m not necessarily interested in competitors to Twitter, just providing…
Messina: No, I’m just making a point.
Gillmor: Providing like a dual authority which would render both access to a..
Messina: Well, it’s also about convenience. If I log into my WordPress blog, my self-hosted WordPress blog…
Gillmor: Yeah, no, I think it’s a good idea to log into a WordPress blog.
Messina: Yeah. Well, and I click the right…
Gillmor: Or Pownce.
Messina: OK, that’s fine. That’s fine. And I click the right button, and now I have the option of Post, Page, and Tweet, and Tweet is going to go to my Twitter account, going through this third-party-delegated authorization system or whatever, great. I mean, it’s a little bit of an encumbrance in terms of the way that it actually is implemented, but it could absolutely be done.
Gillmor: Right, and it could be done once, and then evangelized at that one point.
Messina: Yeah. And if Twitter ever decided to support OAuth, then it would be even better.
Gillmor: OK. I think that we have, there’ll be a transcript of the show in about 24 hours, and we can start to pore over this and debunk it or move forward with it.
Messina: Yeah, and you know, I’d love to actually get feedback from people, I think, more generally about this stuff, who are more knowledgeable about the technology. I mean, I’m very familiar with all this stuff, and I’m more or less, I think, familiar with the ways in which this stuff works, but if someone has a better, cleaner implementation idea, you know, you started with tinyURL, I’d be very interested to sort of see that.
Gillmor: Well, that’s why the thing on the screen says “Plan B.”
[laughter]
Messina: Yeah, there you go.
Gillmor: All right. Bob, I know that you didn’t say anything, but that’s also good news, because it means that you don’t object to any of it.
Lee: Well, I wouldn’t say that. I was kind of lost, I have to say. I mean, I’m not…
Gillmor: Yeah, I expect. I mean, you know, I’m just the blind leading the not-so-blind.
Messina: The blinder?
Gillmor: Yeah. But, you know, all I’m saying to you, Bob, is that to the extent to which you understand what we’re talking about and don’t raise questions, that, to me, is a good thing.
Lee: Right.
Gillmor: The extent to which you and I talk offline about this and continue to, the extent to which people come up with ideas and we can spread the swarm a little bit further and bring in other people to examine what we’re talking about here and either debunk it or accelerate it, I think that this will fairly rapidly produce some progress.
Lee: Yeah. Well, one of the things that you talked about earlier on that kind of, I had a question, I should’ve probably spoken up, was I think you asked how you encourage Facebook to support these kind of things, how you encourage Facebook to support FXN and stuff like that.
Gillmor: I didn’t ask that, but…
Lee: Somebody asked that, or that question was kind of standing.
Gillmor: Yeah.
Lee: Well, I guess the question in my mind, it’s not really a technical issue so much as how do you encourage Facebook to do that from like a business standpoint? Like, what’s there incentive to support these things, and what’s their incentive to open up? Because really, in my mind, I mean, it’s one of the reasons I don’t use Facebook, is yes, they allow you to put your, they allow outside apps, but they really still only allow those outside apps to run in their walled garden.
Messina: You have to also conform to their terms of service, which are fairly specific and limited.
Lee: Right.
Gillmor: Yeah, and also change according to whatever the business imperative is. I mean, that’s what happened with Friend Connect, which is that they basically, after the fact, basically removed any credibility to their API calls, because that’s all that Google is doing, is calling their API on behalf of the user, which, you know. The only reason that I don’t anticipate that, trying to figure out what is going to encourage Facebook to do something, I think that it’s a political issue completely.
Messina: Absolutely.
Gillmor: But one of the ways of being able to tease out a political issue and turn it into one is if we can create some understanding about this stuff. I mean, this is really, really difficult to understand, and even so, I think that I’ve learned some stuff on this call. Each time, I learn a little bit more, and I think that there are other people who are a lot smarter than me who are going to learn a lot about what your choices have been, Chris, and how you’re developing these things.
At that point, if a reasonable project occurs which can get some visibility, which is based on a simple amount of logic and a certain sense of trust on the part of the people who are involved, at that point it becomes much more difficult for a service to ignore it.
Messina: Right, right. I mean, that is kind of the direction that we’d like to go down. And in fact, we’d like to offer, actually, benefits and incentives, as Bob pointed out, to the Facebooks of the world, to support these things, because frankly, it’s actually better for everybody. It lowers the barrier to getting these things adopted, because then there is actually a common standard.
You know, I wrote about the Russian rail gauge the other day, and it just creates this inconvenience that the people at the top set up a long, long time ago for political and military reasons, and this is again the train tracks we’re talking about. Facebook is doing some things the same way, and while I completely think that they should have every right to build their own platform and to innovate at their own pace, which they’ve been doing quite a lot of, there are certain things which simply have no marginal competitive advantage as far as I’m concerned, that really, the question is kind of like, “Why the hell do they continue persisting in this way when it’s just really hurting developers caught in the middle of these battles between Google and Facebook right now?”
Supporting OAuth for them would be, actually, pretty trivial because their existing authorization protocol is essentially, it’s almost the same thing as what OAuth does today. They just don’t seem interested, or they seem reluctant, let me say, to engage.
Gillmor: Right. And it doesn’t really matter, there’s something that is happening here. I mean, we’ve talked about Twitter a fair amount, and what do they have, two million users?
Messina: Between two and five, something like that.
Gillmor: Yeah, exactly. These other services dwarf Twitter, but if you look at the characteristics of the individual follow cloud, and in particular track dynamics once they are re-enabled, there’s a social graph there which is, on a micro-community basis, is extremely powerful, and there’s about probably 100,000 of them that are a huge affinity group.
Messina: Yeah.
Gillmor: So I saw Posner coming in that and chat at the beginning of this call. So you know, there’s a lot of economics that are possible around something that is much more targeted than trying to convince Facebook to enter at this point, and Facebook has a lot of assets that they could apply to those groups if they were to open it up carefully.
Messina: Yeah.
Gillmor: So my feeling is that if we develop something at the core with people who are interested and care, then we will have something that’ll be very, very difficult to slow down, so this is more than I expected out of this call today. I appreciate everybody who showed up, and especially those who didn’t.
This is Steve Gillmor, this has been Gillmor Gang for Wednesday, June the 4th, and we’ll see you tomorrow.
And by the way, Friday, Mark Lucovsky of Google, the architect of Hailstorm and now doing some other things with Google, will be our guest. See you again tomorrow, bye-bye.
[music]
