The IIW is an "unconference" where ideas related to user-centric identity are discussed in an open, freeform manner and conversation topics are determined by the event participants. Last week I went to the Internet Identity Workshop held at the Computer History Museum in Mountain View, California.
People manage their online identities across the range of websites, services, companies, and organizations that they belong to, purchase from, and interact with. In its simplest form, Internet identity covers the technical and user-experience aspects of site signup, login, profile usage and permissions, social networking, data-sharing, storage of personal information, and the associated issues of privacy and security that arise. At the IIW, companies that normally compete in the marketplace collaborate to explore and solve the challenging issues around Internet identity.
This year's hot topics of conversation included, but were not limited to:
OAuth and data portability w/OpenID
OpenID and OAuth are powerful methods for getting a user signed up and into a site and moving that user's profile data between websites. The implications for Havi Hoffmanng a combined spec for both OAuth and OpenID are quite exciting.
Open profile sharing
Using methods such as OpenID Attribute Exchange 1.0, companies like Yahoo!, MySpace and Google can feature Open Profile Sharing, allowing users to take their data with them to other trusted sites. The integration of totally portable data across many sites on the Internet is vital for the social Web communities.
A seamless logged-in user experience is the ideal scenario for many users, especially the growing number of users who traverse the Internet, checking multiple social networks and content providers during one session. The ongoing discussion of single sign-on continues to be an important theme at this workshop.
Activity streams data formats standards
Activity streams, like the activity stream feature in Yahoo!'s MyBlogLog, is a feature that both providers and relying parties (RP) want to integrate into their sites. The benefits of Havi Hoffmanng a relying party's data available on another relying party's site and/or featured on a provider site are huge; portable activity data can help a relying party's business evolve to the next level.
Design Prototyper / Web Developer
Yahoo! Developer Network
One of the fantastic advantages of an unconference is that when there is down-time, anyone is at liberty to start their own ad hoc panel session. I had a chance to sit down with my colleague Jonas Hinn from Yahoo! and Max Engel of MySpace and the three of us discussed the future of data portability and activity streams, and how those features play out between sites like Yahoo! and MySpace.
For the three of us, our primary concern was design for the average user: so that anyone can log in to a site, authenticate with the other site, and bring data back and forth, and not have to think about it as a chore or pain-point. We discussed the "connect" method, where a user must enter his/her email/password in order to connect features/data of the RP with the provider site. A primary concern is that if we make this too easy, we may be teaching users to be less careful about where and when they enter and share their login credentials. However, the advantage is that the user has a simple, seamless experience.
We also discussed the usability issues around a user importing his/her social graph to a RP site, and how that site then handles the imported social graph data. This brings up a lot of questions, since many providers have rules about what data gets carried over and stored locally from the provider. Say, for example, Mary imports her MySpace Contacts to a new site that features movie favorites and reviews. Mary has a friend named Nicole in her friends list. Does Mary want Nicole to see the same things Mary's family gets to see? If Mary and Nicole decide they don't want to be friends on that site, how is that handled? Even more of a concern is the fact that Mary has imported and/or included Nicole on her social graph at this new movie reviews site, but is that something Nicole consented to?
We talked at length about the importance of raising the user's awareness of what data is shared with whom on their social graph. Furthermore, there is an unaddressed requirement for the possibility of different types of social graphs. Maybe there's a "wild friends" graph that differs from a "family" graph. Does your family graph really want to read your review of Zack and Miri Make a Porno? While I'm sure it's a great review, remember, your grandmother could be on the same feed (that is one hip, Web2.0 grandma)! So, there are a lot of usability issues with the process of importing a social graph and maintaining it on a RP site. These issues may make sense to us geeks, but do they make sense in the real world of consumer end users. Interaction design exploration is needed to find simple, logical ways to communicate complex processes to the end user, without creating tasks that will drive users away.
These unstructured discussions led to a very intense level of idea-sharing and openness to new thoughts and innovation in the identity realm. I enjoyed the opportunity to participate in the the key purpose of the IIW, which is to enhance an end user's login, profile, and data-sharing experience on the Internet.