Marc's Voice

Extending the OpenID Attribute Exchange

Now that Facebook and MySpace have truly opened up and will allow their users to move their profile data, social graph and content to other systems (under certain access controls) its time to talk about these behemoths connecting together via the OpenID Attribute Exchange.

Initially developed by Dick Hardt and Sxip Networks - the Attribute Exchange specification as it exists today was contributed to OpenID2 – as it became clear that OpenID was the winning solution for identity management.

First off I want to thank Dick for his enlightened approach and understanding of the politics and nuances surrounding evolving open standards and I’m excited as hell by something Allen Hurff (SVP of MySpace) said to me at the recent Facebook f8 conference:

“We looked at Attribute Exchange and we like it, but we need to do some extensions to it to match our solution.”

So this blog post is a plea to Allen, Dave Morin (Facebook), Kevin Marks (Google), Eran Hammer-Lahav (Yahoo), Angus Logan (Microsoft), Joseph Smarr (Plaxo) and of course David “get it done” Recordon (SixApart) to work together and extend the Attribute Exchange – so that we (the industry) can ALSO mesh into this compatibility ‘river’ of data and deliver to ALL our users and customers the ability to freely and easily flow their data – wherever the hell they want.

And let’s not forget Chris Messina and Will Norris (Vidoop and DiSO), Stephen Paul Weber, Leah Culver, Ben Laurie, Brad Nueberg, Simon Phipps, Scott Kveton, Tantek Celik and Brian Oberkirch – and all the other independents who are working on open social networking – in their various guises and scenarios.  Or Dave Winer.

I know I’ve been ranting about this for a while (my wife actually complained to me that she’s sick and tired of hearing the same dam thing over and over again) but I hope you all agree that this idea’s time has come.

The key ascept to these extensions (from my POV) is matching, mapping and normalizing the various techniques of access controls.  This will facilitate the smooth movement of user’s data between systems – with concise privacy and access controls over that data.

If one sets up their controls – in say Facebook (and utilizes their recently announced ‘dynamic privacy‘ system) then it HAS to match up to whatever MySpace and Google are doing.  And vice versa.

And Microsoft is gonna have to play along with us – as well.  We need to put the user’s best interests first and let that dictate what happens.  But it seems to me that Facebook’s DRM bits for people sort of sets a standard level of behavior here – so the trick will be how others can get compatible with Facebook (utilizng other techniques.)

The goal is that (let’s say by Thanksgiving) we all have a normalized set of access controls with which we can interop between.  It’s not just about enabling Facebooks apps to work outside of Facebook. Its about moving MySpace data into Facebook, then moving it to Orkut or Microsoft’s world – and back to Yahoo or Plaxo.

I’ll leave the technical details to you folks as to what exactly needs to get extended and mapped.  But certainly upcoming efforts on ‘portable contacts‘ will supply us with a standardized schema and set of APIs to interconnect the PUT and GET of profile info.

Now we need to just all agree upon some common notions of media, messages, events and places, and of course the 800 lb. gorilla of them all – social graph.  Both FOAF and XFN provide ways of doing that.

So let’s have at it.

BTW here are Dave Morin Allen Hurff and Kevin Marks (and me) at f8:

Final note – Allen says to me: “we’re trying to decide between FOAF and XFN” and I immediately say BOTH dude BOTH!  We need them BOTH!