Eran Hammer-Lahav just posed about Twitter’s new “Sign in with Twitter” (documentation) functionality which is powered by OAuth (not Open ID).
It is quite a neat solution, you can both authenticate into a site and grant them permission for them to party on your twitter account
If you are interested in OAuth or Open ID (or the OAuth+OpenID Hybrid) read the post and check out the comments.
This reminded me of when I recently saw a customer using the Windows Live ID Delegated Authentication SDK to capture a address book, user’s profile and a static identifier for the user.
It was interesting because they chose to use DelAuth instead of Live ID Web Auth for the authentication mechanism. This meant that instead of using the unique user id (per application) the site was using the CID/LID which is a public identifier for the user (not their Live ID) – the customer had used DelAuth for something we never intended it would be used for.
Moreover, the user experience was a little funky:
Below are screenshots of signing in with Twitter (they offer both traditional forms based auth and signing in with Twitter via OAuth).
I authenticated to twitter about an hour ago and got this screen (2nd is if I'm not authenticated)
And after I am in I see my picture, name and actions i can do.
You may notice a difference here between the twitter consent screen and Microsoft’s consent screen:
Luke Shepard posted about avoiding Open ID Nascar and detecting the user’s provider.
I was pitching something like to Luke, Wei and Joseph Smarr at the Open ID UX summit (without all the Open ID details).
I think there are going to be about 10 providers which people actually want to sign in with; but you can't show 10 choices.
Sniff out the ones the user has ever signed into via a JSON request or an image size hack.
Then you could also surface the "why use this provider" in an iframe (i.e. if you are visiting the WSJ and it shows):
You think this is interesting?: should i document it a bit more?
Lets say you have 1 computer with 1 screen. You watch a ton of video content (like 24 on Hulu). You like to watch full screen but don't want to miss IM conversations or other stuff. Why not integrate the IM straight into the video player with a subtle glow. That is what Ed from SharpLogic has done.
---
Ed at SharpLogic is one of my heroes. He is a pleasure to work with and always goes the extra mile (debugging stuff at 4AM with you over email or IM!).
Chris (a PM for the Windows Live Messenger Web Toolkit) convinced Ed to write a guest post about how he built his rocking video/event system with IM capabilities.
Check out the post here and their site here.
Snipped from the post:
We’ve actually done this with Boost Events, a SharpLogic venture. Boost Events is a set of software and services designed to deliver great experiences for conferences. Our Silverlight UI integrates Windows Live Messenger so users can collaborate via IM while watching sessions, as well as being able to recommend sessions to each other. In the screenshots below, two users have logged into Messenger from http://events.boostweb20.com/Events/MIX09. To recommend a session to another user, the first user drags that session’s tile onto an IM conversation. The recommendation is serialized and sent over the Messenger channel as an “application message”, which is deserialized and treated specially by the application to expose its own functionality. Messenger provides the underlying channel for messages, so there is no impact on our servers. Application messages are treated like other messages in the system, except that they’re not surfaced as text IMs since they’re intended to be transparent to all clients except those that expect them.
We’ve actually done this with Boost Events, a SharpLogic venture. Boost Events is a set of software and services designed to deliver great experiences for conferences. Our Silverlight UI integrates Windows Live Messenger so users can collaborate via IM while watching sessions, as well as being able to recommend sessions to each other.
In the screenshots below, two users have logged into Messenger from http://events.boostweb20.com/Events/MIX09. To recommend a session to another user, the first user drags that session’s tile onto an IM conversation. The recommendation is serialized and sent over the Messenger channel as an “application message”, which is deserialized and treated specially by the application to expose its own functionality. Messenger provides the underlying channel for messages, so there is no impact on our servers. Application messages are treated like other messages in the system, except that they’re not surfaced as text IMs since they’re intended to be transparent to all clients except those that expect them.
TechCrunch just posted about a neat implementation by Fluid for using the Facebook network as an IM backend (I wasn’t aware of an IM API from Facebook).
Its a cool scenario, and it highlights one of the scenarios enabled by the Windows Live Messenger Web Toolkit we recently announced.
The one big difference I see is, even when Windows Live Messenger users aren’t on a web site they can be reached. The intersection of your friends who are on a specific website (I.e. Facebook) to chat with is always going to be low.
Luckily the Windows Live Messenger is installed on hundreds of millions of desktops, mobile devices, etc. so people can be reached anywhere.
Ever wonder what people are doing when they aren’t on your website? That’s right, they are in Windows Live Messenger.
Check out the Channel9 Interview with KeijiK where he outlines how you can plug into an audience of 320 million+ people in a unique way – via the Windows Live Messenger Web Toolkit.
Hey, Angus Logan here, I'm at Web 2.0 Expo in San Francisco - there is a great vibe and lots of action. I've been spending time with and learning a ton from some of the open stack crew, Joseph Smarr, David Recordon, and Chris Messina. We've been talking about the technology, adoption, and when Microsoft (we) will roll our preview Open ID and Portable Contacts endpoints into production (nothing to announce right now).
Microsoft is a proponent of open standards through our work in the Open ID foundation and the Open Web Foundation. As these open specifications continue to mature, services such as RPX are great because they provide a stepping stone for developers.
I’m excited to see the announcement that RPX now consumes Windows Live IDs.
RPX delivers both user experience for identity provider selection and a translation layer between many proprietary and standardized protocols used by identity/resource providers.
End-users can spend their time in so many places on the web. The battle for attention is harder than ever. The downside of having limitless choice is the tax of signing in and telling websites about yourself. RPX makes it possible to sign in using one of the many identities a person already has - this includes authentication and profile information (first name, last name, etc.)
Web site owners just need to go to www.rpxnow.com and create an account. As end user data is being shared you need to create a Windows Live App ID and you tell RPX the details of your app ID and specify a privacy statement. You can also use the authentication page co-branding to make the experience somewhat smoother for your end-users. After this you implement some UI on your website, and you should see higher end-user satisfaction and conversion for signing in and profile information.
The Live Services APIs used are Windows Live ID Web Authentication and the Windows Live Contact API. Web Authentication is one of the options third parties have for becoming a relying party of the Windows Live ID identity provider/Microsoft federation gateway. It is built using standard web technologies and techniques such as browser based redirects/form posts. The Windows Live Contact API in this case is being used as a profile API as it exposes the "owner record" of the Windows Live user. To gain permission to the profile & address book Windows Live ID Delegated Authentication (DelAuth) was used. DelAuth provides a few unique controls for users to select certain objects to be shared, and the duration of the access.
Below are some screenshots from www.ladygaga.com which uses RPX:
(Windows Live ID, sign in and delegation stuff you've all seen before)