Internet Identity Workshop Wrap Up November 5, 2010 by Katie Keenan event Janrain just wrapped up an exciting couple of days at Internet Identity Workshop 11 (IIW). Jason Cowley, one of Janrain’s Software Engineers, jotted down a few highlights from the event. This was my first visit to an IIW event, and my first experience with the Unconference format. With this format, there is no pre-set agenda. Each morning, the attendees gathered together and set the agenda for the day. Anyone had the ability to create a working group by writing down a topic on a card and announcing it the group. We then stuck the cards to a wall in columns under various 1-hour time slots and assigned one of the many available meeting places to each card. Because of this format, the sessions were all focused on the most current topics that were relavent to the group. Attendees were encouraged to only attend meetings in which they would be actively engaged. The sessions for IIW 11 seemed to revolve around a few major themes: Refinement and convergence of standards / protocols under development?? Personal Data Stores Activity Streams Vendor Relationship Management? New paradigms for Authentication, Authorization, and Social Sharing There were more interesting sessions to attend than there were hours in the day. Here are the highlights from a few that were interesting to me: Relying Party (RP) Best Practices Google presented the results of their research on Relying Party Best Practices. One of the common problems that RPs face is how to give users the flexibility to login through multiple identity providers (Google, Facebook, Twitter, etc.) while still mapping each user to a single account on their system. Janrain Engage solves this problem for RPs by providing an account mapping API. Beyond that, though, what are the best practices for guiding a user through the sign-up / sign-in flow to minimize confusion and maximize conversion rates? Some interesting UI paradigms and suggested best practices were presented. Stanford University Project Stanford professor Monica Lam hosted a couple of sessions on a social networking platform under development at Stanford. The goal of the platform is to provide an open, decentralized environment that allows for a wide range of social networking applications to exchange data while still giving users complete control and ownership of their own data. The platform uses existing email protocols to transport JSON data between mobile, device, and desktop applications. During the demo sessions at IIW, Stanford students demonstrated several applications built on the platform. One application used the very cool technique of connecting mobile devices together by having one device take a picture of a QR Code displayed by another mobile device. The QR code contains the information necessary for another device to connect to the user and download the application required to interact with that user. Regardless of whether the platform becomes the standard, the demo gave a really interesting glimpse into the future of social networking, where ad-hoc social networking will become the norm. Personal Data Stores There were several sessions on Personal Data Stores (PDS), which are repositories that individuals control and use to share information about themselves, including addresses, medical records, credit cards, etc. Envision a day when you no longer have to type in your address and credit card when you buy something online, but instead provision temporary and controlled access to these resources with the click of a button. Much like Janrain Capture provides a secure, cloud-based repository for web sites to store data today, PDSs will provide this capability to individual users in the future. OAuth 2.0 leeloo Library The OAuth 2.0 specification is not yet finalized (currently in draft 10), but we already have an implementation of an OAuth 2.0 authorization server. Leeloo is an open source library written in Java that implements the current version of the specification. The authors, from NewCastle University, walked through the basic steps required to use the library to set up an OAuth 2.0 server. Notes from the individual sessions at IIW 11 can be found here.