If you have been following me on twitter, you probably know that I am no longer at Yahoo!. My last day at Yahoo! was Friday, June 13 2008. Since then, I have foundamplereasons to procrastinate on writing this post. As my temporary break from The W2 Life ends very soon, I can procrastinate no more. So, for those of you who don't already know, I am excited about joining Google next week (more about it in a future blog post).
I was at Yahoo! for a little under 2 years and I can say without any hesitation that I have never had as much fun at any job as I did as a purple-lovingYahoo. I was lucky to have led some high-impactplatformproductinitiatives and to have worked with an amazing group of people both within and outsideof Yahoo!. Yahoo! is a great company, with compelling products that touch the everyday lives of an astounding number of people. There are only a handful of companies in the world where one can improve the web by positively impacting 100s of millions of users (which, btw, is a really fun product management challenge) and Yahoo! is clearly one of them.
It was a hard decision to leave Yahoo!, but after carefully thinking through my medium- and long-term career goals, it became apparent earlier this year that this was the correct next step for me. The initiatives I started at Yahoo! are in very good hands and the time is right to start a brand new adventure!
A neat feature
of the OpenID technology is that it allows you, the developer, to verify that the
user indeed has ownership of a URL endpoint. I had stated earlier that lifestreaming
services are going to find this feature very useful. Services like FriendFeed,
Plaxo Pulse (and of course, MyBlogLog) can enable users to verify ownership of their
various online identities/profiles, thereby promoting more authentic activity
feeds and eliminating the impersonation scenarios that will inevitably come up.
More generally, once a user has proved to your service that he owns a particular URL endpoint using OpenID,
interesting things can follow. Your service could retrieve (you should do this under user
consent and control, of course) user attributes that lie at the verified URL
endpoint. The retrieval is significantly easier if the attributes are marked
up with the appropriate microformats. I am sure people will come up with many interesting features by combining this simple, yet powerful, capability with technologies
like YADIS, FOAF/XFN, MicroID.
Now, for
the big news of the day. Today, we rolled out support for MyBlogLog profile
URLs as OpenID identifiers (Ian Kennedy's post on the MyBlogLog blog). With this change, we have also eliminated the only-one-custom-OpenID-identifier
per-account restriction. This means that you can select both your Flickr photostream AND your MyBlogLog
profile URL as your OpenID identifiers, in addition to creating a pretty
me.yahoo.com identifier. Simon, we heard you loud and clear. :-) This change is especially
exciting because the folks at MyBlogLog have been awesome about implementing support for hcard,
XFN, FOAF, in addition to hosting a pretty rich profile complete with the New With Me
activity streams feature. We hope that you will find this change useful and
that it can act as an enabler for more fun applications of the OpenID technology
in the future.
To set your MyBlogLog profile URL as your OpenID identifier, start here (requires logged-in state).
If you've been following someoftheposts on this blog, you've hopefully drank the kool-aid on the view of identity standards like OpenID and OAuth as the fundamental building blocks for more interesting and interoperable apps on the web. At Yahoo!, we've been thinking hard about the value of adopting open standards instead of pushing proprietary products that have been in existence prior to these standards. We have also been talking to and working with the OAuth and OpenID communities on technical, business, and legal fronts. To put our money where our mouth is, in January 2008, we launched the public beta of the Yahoo! OpenID Provider, with an emphasis on significantly improving the OpenID user experience and allowing users to have the convenience of a single identity without the burden of understanding the technical underpinnings of OpenID.
Today, Ari Balogh (new Yahoo! CTO - see video below) publicly announced the broader Yahoo! Open Strategy at the Web 2.0 Expo keynote session (see Cody Simms' post on the Yahoo! Developer Network blog for the juicy details). A key element of this announcement is that, in the not-too-distant future, we will be supporting OAuth as THE STANDARD for authenticated API access for 3rd party developers that want to innovate on top of Yahoo!'s incredible assets and diverse array of services. This auth mechanism will work with web applications, thick-client (installed) applications, and embedded applications! For those who are not familiar with OAuth, it is a community-driven standard that allows 3rd party developers to securely access APIs that expose user data residing on services like Yahoo!. This is done in a way that:
the user doesn't have reveal his Yahoo! password to the 3rd party application - A good general practice
the 3rd party application only has access to the stuff that is necessary for its use, and nothing else (eg. only access my Address Book, and not my Mail or my billing information) - Scoped access is better than global, unfettered access to all my data
the user can easily revoke access if he no longer trusts or uses the 3rd party application - User is always in control
If you are familiar with Yahoo! BBAuth, you can think of OAuth as a standard way of doing what BBAuth enables. As a developer who's building interesting things on top of Yahoo! APIs and APIs of other companies that support OAuth, you will not need to write a whole lot of custom code to integrate with 'N' different authentication APIs which all essentially do the same thing. Besides, you can take advantage of open source client libraries for OAuth to reduce the time to implement the auth component of your service or mashup - instead, you can focus that time on building features that really delight your users.
Our announcement today represents a big win for the OAuth community's efforts and is a harbinger of even more interesting things in the near future. As always, stay tuned for more...
In case you haven't been keeping track, the fine folks at MyBlogLog have been working on some prettycoolthings recently. This afternoon, I was playing with my MyBlogLog profile. This brought me to their new About Me widget (its actually at least 2 months old, so yeah, I am slow). This is exactly what I had been looking for - a simple widget that can display who I am on the services I use across the web. It took me a bit longer than I would have liked to get the widget colors to somewhat match with this blog, but here it is (as of Feb 21, 2008):
Note that the About Me widget isn't the only benefit I get out of listing my services on MyBlogLog. I am eagerly looking forward to the activity aggregation/lifestreaming/activity streams functionality that they are going to release in the near future.
Now, it would be even cooler if I could optionally also verify all of my identities above, without providing my ID and password for each service. I wonder if any open technologies can be leveraged for this purpose. Wait! How about this one or maybe this one? ;-)
This morning, the OpenID Foundation announced that Yahoo!, along with Google, IBM, Microsoft, and Verisign, will be joining as board members to help further the marketing, user experience, and adoption efforts around OpenID.
The last 48 hours have been incredibly busy - as we had previously promised, we launched the Yahoo! OpenID Provider service (official blog post) on January 30. Actually, we had quietly launched it one day earlier. ;-)
In addition to the folks we mentioned in our official blog post, many other people have helped make this happen - so I'd like thank everyone that has provided input, given direction, rallied support, or has been plain excited about what we have been working on. You know who you are!
I am obviously excited about what our foray into OpenID means for our users, for the OpenID technology, and for the web in general. Our public (beta) product launch is coming up pretty soon and we are looking forward to getting lots of good input from the OpenID community and from our users. Stay tuned for much more...
I am currently holidaying in India - mostly spending time with my parents, whom I am meeting after 2+ years. After spending 5 relaxing days in Ooty in Southern India, we are heading over to Bangalore. While in Bangalore, I am going to spend 3 days working from the Yahoo! Bangalore offices. A lot of awesome stuff has come out of our Bangalore offices and I am excited about seeing the place and meeting the people there. On January 9, I am giving a tech talk on authentication and the emerging trends in openness, so I am also looking forward to a good dialogue on these topics. Should be fun...