what kind of social software are you?

I am a Wiki and I just deleted everything.

[from: JB Ecademy]

I'm seeking LAMP developers interested in working on an open source, Liberty compatible, LAMP based, Federated Digital ID project. If you could get involved or know people who could (on or off Ecademy), please email me or join the Hack4Ecademy club. [from: JB Ecademy]

Welcome to wallop - Please Log In. Membership to wallop is by invitation only. If you know someone who's a member of wallop, have them invite you to join!

Are you a member? Please invite me! Please? [from: JB Ecademy]

I'm desperately seeking LAMP developers interested in working on Liberty for LAMP Federated Digital ID. If you could get involved or know people who could, please email me.

Just posted this to the SourceId Users mailing list.

I'm not sure where to ask these questions so if there is a better forum, please point me at it.

The very first message archived for this list asks if there's a Liberty implementation in php, perl, python. This is my issue as well. The problem here is that the only open source toolkit I can find is SourceId, and I'm not sure if it's fair to expect you to either do this yourselves or help another project to do it.

Some background. I'm coming at this from the bottom up and so from a rather different place compared with the fairly corporate approach of Liberty. Here's some example use cases:-

1) Federated SSO implemented in a series of open source community software projects including Drupal, phpBB, *Nuke (and possibly Movable Type) These are mostly php-mysql based with some perl/python and postresql.

2) FSSO implemented in Social Networking sites like Ecademy, Ryze, Friendster, Friends-Reunited. There's a real mix of technologies here but a significant number are LAMP based.

3) FSSO with paid subscription extensions used within a cloud or family of loosely coupled social networking sites.

4) Somewhat far-out, a Personal IDP with minimal hosting requirements that very large numbers of people could run. This probably has to be perl or php with no database and simple text config files.

So all in all, Liberty in LAMP looks to me like a *good thing*.

So now I'm left with some problems. A lot of my potential targets are GPL so the SourceID license and the RSA waiver are just not going to work. Reverse engineering SourceID directly is awkward both technically and legally. Liberty doesn't appear to be setup to involve individual OSS developers. Trying to wade
through the Liberty PDF docs is *hard work*. And so on.

So if anyone can direct me to some short cuts, I'd love to hear them. Equally, I'd love to hear criticism of the idea. And of course, if you could help build something I'd *really* like to hear from you.

Hack 4 Ecademy is a meeting place for people interested in hacking together code and services that extend Ecademy in interesting ways. I'm sure you understand that this is "Hack" as in create clever code rather than "Crack" as in break into machines illegally.

Some of the projects I have in mind are LAMP based and probably open source while some could be any technology. So don't feel that a particular technology is necessary or even that it involves code.

I can't promise any direct reward for work done, but you'll certainly gain reputation! I'm hoping that it will spark work that helps you as much as it helps Ecademy. Some of this is along the lines of "This ought to exist, and if it did then Ecademy could do that". If you can gain benefit from that while at the same time helping Ecademy that would be great for everyone.

So if you can write php or perl, or can offer some cheap or free hosting, or want to build a commercial dotnet based system that exploits Ecademy data, or can produce flash or html documentation, or whatever, then please join in.
[from: JB Ecademy]

Welcome to wallop - Please Log In [from: JB Ecademy]

In a box on the left, you'll find a small form that launches a hotspot search on )(JiWire. I've been pretty impressed with the depth and accuracy of this system. Hope you like it. Though right now the UK Postcode search seems a little flaky. [from: JB Wifi]

This article Habits of Online Adults - InfoSeeker News - Microdoc News is mainly about what people do on line. But it ends up being a description of how email is no longer used. Such has email become a black-hole of disuse that we could not conduct our survey through email this year. ... Eveyone has their "hotmail", "yahoo" or other email address, but more than 58% of our respondents no longer check their email address. Of the 450 respondents who use the Internet more than five times a week, 53% of them no longer remember their email address.

If this is generally true, then we may have to seriously re-consider how we go about communicating with people online. When we build websites we routinely (as in Ecademy) use email to verify that there's a real person on the end of the request and not a bot. I should check to see how many people we're losing because they never get their password.

I'm still absolutely convinced that the killer app of the Internet is one-to-one communication. If that's not going to happen via email then how is it going to happen? And as someone who is fairly addicted to email and has been using it since before the web, I find this really sad that we've collectively managed to destroy it's usefulness. [from: JB Ecademy]

Next time you're reading or commenting on a weblog entry, click on the [G] and [F] below it, just after the number of [comments].

G does a Google search for the blog title. F does a search on Feedster for the same thing. You might need to adjust the search a little on Feedster but it's a useful resource if you're looking for recent web entries somewhat similar to this one. [from: JB Ecademy]

Take a look at this. Before you ask, it's a bit of harmless fun that doesn't mean anything much.

From a privacy angle, we do store your votes, but I won't ever show your vote to the person you're rating.

And do give me some feedback. Maybe there's some real value hidden in there? [from: JB Ecademy]

The Buttafly Guide to Interpreting (network site) Photos Actually about Friendster of course, but works equally well for other network sites such as Ecademy, Ryze or Yafro. [from: JB Ecademy]

My particular interest in SSO is mainly with Drupal and Drupal based systems. I've been puzzling over how to extend Drupal's existing Distributed Auth[1] to make it more general and available in other systems.

I believe there are two or three approaches here.
1) Top down, BigCo, Industrial strength. Passport, Liberty, SAML, WS-*, PingID
2) Federated signon, profile sharing between known websites. PingID(maybe), Universal.
3) Bottom up distributed auth between unknown websites. Drupal, SEA.

I have a real problem with 1) I can't understand the specs. Even though it's supposed to be open standards it keeps drifting into proprietary land. Ref implementations are typically Java and DotNet ignoring LAMP. Some (possibly all) of the standards are encumbered by Patents. The possible saving grace is that
Jabber and Andre Durand are involved in PingID and SourceId is at least open source.

2) and 3) Look like good starting points. I prefer the philosophy of 3) because it doesn't require prior agreement between participating websites. Which then opens up the possibility of people running their own authentication server (like running their own Movable type install). However both Universal and Drupal/SEA need to do some major work on the authentication process. Passing plain text ID+Password around is too primitive. it should be possible to use some of the patterns from 1) in architecting this.

So I'm up for helping to build a bottom up solution and getting it implemented in lots of different broadly social networking software. Things like Drupal, Nuke, phpBB, MT, etc.

[1]http://drupal.org/node/view/312 Note that Drupal already has code to authenticate and use an ID+Password pair located on Blogger, Delphi, Drupal, Jabber, LDAP, Livejournal, Manila, Yahoo. There are patches for returning a User Profile and creating a local user record from some of these. There's some good
starting points in there.

Another one for the blogroll and RSS aggregator. Telepocalypse Some very interesting discussions going on here. [from: JB Ecademy]

Wow! No cigarettes for 6 weeks and I'm still more or less sane.

Just saw that SourceID supports SAML 1.1 (via Jeremy Allaire, via Marc Canter). I wrote a rant today about this whole area. The gist is that I'm sure this announcement is significant, but I can't work out why or how I can play too. I would absolutely love to see some support for LAMP instead of just Java and DotNet. And I'd love to see someone explain SAML (Liberty, PingId etc etc) in words of one syllable.

Then I read this. RSA Security has identified four patents which they believe could be relevant to implementing certain operational modes of the OASIS Security Assertion Markup Language (“SAML”) specifications. To obtain a royalty-free license to the RSA Patents to make, use and sell products conforming to the SAML specifications, a customer or partner must sign RSA's Patent License Agreement. Well I guess that's that. I cannot and will not support this sort of bollox! So if Passport is out because it's proprietary. And SAML (and hence Liberty and PingId) is out because RSA think they might have some patent hold over it, where does that leave us?

We really can't let a bunch of scary corporates have control over something as important as Mydentity.

I've got a number of applications in mind that involve Federated Digital ID. The problem is that the standard specs and toolkits are too damn hard. So I'm looking for some advice and help about how to approach this.

The basic requirements are that it should be possible to go to more websites, to be able to use a Single Sign On, have a single Profile under your control and preferably avoid having to login and be authenticated repeatedly. These websites range from simple community, news, bulletin board or social networking sites to full blown ecommerce.

So far I've discovered Passport, Liberty, LoginDog and Drupal working in this area but with very dfferent rationales. Then there's WS-Federation and a bunch of other SOAP based "Standards".

- Passport. With MS behind it and the links to MSN and Hotmail, this has considerable momentum. If you use MS technology on your web site and you're prepared to play with them at a corporate level then fine. But the support for non-MS technology is effectively dead. The wire protocols are proprietary. And while MS did pay lip service, the toolkits for non-MS (Linux, Solaris, Java) are broken and no longer for current Passport releases.
http://www.pcworld.com/news/article/0,aid,105972,00.asp

- Liberty. Liberty, SourceID, PingID are a bunch of initiatives to provide an open standards based alternatives to Passport. These revolve around XML standards like SAML. Now there are some reference implementations in Java and DotNet but nothing in Perl, PHP or Python so that pretty much cuts out the low end of the market. I had thought that toolkits in these languages would be a good thing to contribute. Then I started to look at the docs and I quickly gave up. It's full of words like "non-normative"! I still think there's something in here and this is the best bet but damn it's inaccessible.
http://www.sourceid.org/wiki/Wiki.jsp?page=Specs.Standards.Overview

- WS-Federation. Jamie Lewis at Digital ID world said "WS* is an example of a cartel in action.". If you thought Liberty was confusing you should see WS*. It certainly looks like the BigCos creating standards that are so complex that it's only possible to use them with the BigCos tools.
http://www-106.ibm.com/developerworks/library/ws-fed/

- LoginDog or Universal. This is an RFC for Universal, an authentication replication system for PHP4 and later. The rationale for Universal is web applications such as Phorum, phpBB, WebCalendar, PostNuke, Xaraya, Drupal are unable cooperate because there is no data sharing. Universal is an attempt at bridging these islands of data by providing means for PHP applications written by different people to work better together. As a PHP developer, you can help make PHP web applications interoperate by implementing a shared sign-on mechanism based on the specs described here. Great. Exactly the level of detail and capability I'm after. Except that the security approach is pretty primitive. Then the project appears to be dead and there are no reference implementations.
http://php.weblogs.com/universal

- Drupal Distributed authentication. Drupal has a working system that is in use at most Drupal sites. It's security is minimal. There's some obvious extensons that could be built. Thes are not criticisms but opportunities. If it wasnt for the other initiatives above, it might be worth pursuing as a basis of something that could be used outside Drupal. As it is there's a nagging doubt that perhaps it would be better to implement SAML in Drupal and then use that as a platform to evangelise SAML to things like phpBB, Nuke and so on.
http://drupal.org/node/view/312

This is all getting pretty frustrating! I can see some clear needs here, but I'm at a loss as to how to move forwards. Anyone got any ideas? Can anyone explain SAML to me? Does anyone want to help write code to implement some of this stuff? [from: JB Ecademy]

mySociety: a VoxPolitics project is an attempt to build more of sites like Stand and Faxyourmp.

"We think that sites like FaxYourMP, UpMyStreet.com and TacticalVoter.net are highly socially beneficial and, at base, extraordinarily cheap. However, there are very few of them. Surprisingly few, in fact. We are a project to build more of them."

So if you can code, have a little spare time and are politically inclined, why not get involved. [from: JB Ecademy]

Here's the Executive Summary of a study that shows that the total quantity of information in the world doubled between 1999 and 2002. This reminded me of the "Jumping Jesus theory" of Robert Anton Wilson and Terence McKenna.

Treat the total amount of information in the world at ADzero as 1J. It doubled by about 1500AD, doubled again at 1750AD, again at 1900AD, 1950AD, 1960AD, 1967AD. Wilson extrapolated this out to 1982 when there were approximately 512J. If we keep going and include this latest data as a data point we get these values for for date, doubling period and total information.

2002, 3, 32kJ
2005.15, 2.8, 64kJ
2007.85, 2.7, 128k
2010.43, 2.6, 256kJ
2012.89, 2.5, 512kJ

As technically aware people we'll recognise some key drivers for this. Gordon Moore's law predicted that the number of transistors on a chip would double every 18 months. Hence twice the power for half the cost. General concensus seems to be that Moore's law will keep going for at least another 10-15 years. There's no named equivalent to Moore's law for disk space, but it's going at around 3 times computer power. So that's doubling in capacity every 6-12 months. Gilder's law says bandwidth rises three times faster than computer power. So that's total bandwidth capacity tripling every 12 months.

These sorts of exponential curves have some unsettling properties. Half of all the information currently around was created during the last doubling period. And 90% in the last 3 periods which right now means that 90% of all human knowledge was created in the last 10 years.

The problem with that is that as humans we have a hard time coping with this mentally. We tend to think that the future will be more or less like the past but plus a bit. Actually the future after one doubling will be significantly different and after 3 doublings 90% different.

So let's take a really scarey view. Vernor Vinge speculated in 1993 that "Within thirty years, we will have the technological means to create superhuman intelligence. Shortly after, the human era will be ended." Given the accelerated rate of change in the first 10 years of his prediction and the expected change in the next 10 years, that doesn't look so unlikely. Which maybe brings us back to Terence McKenna who predicted a singularity in 2012 to coincide with, among other things, the end of the Mayan calendar.


[from: JB Ecademy]

Some of you know that Ecademy was originally based on Drupal. What you may not know is that you can log into and create an account on any site that uses Drupal using your Ecademy ID and password. Just go to one of the sites, and for id use my_ecademy_userid@ecademy.com with your ecademy password. The site will magically log you in and create a user record for you. [from: JB Ecademy]