Currently I'm using GMail as my contact list. I import into GMail all the contacts I can. eg Outlook, LinkedIn, Ecademy. Then when I sign up to a new Social Networking site I use the "Import from GMail" facility that they all seem to have now to find contacts who have already signed up. I'm very, very cautious about then using the "Invite my friends who have not yet joined" facility that always comes with it.
Are there some lessons here for the DP project to automate this?
-- Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173 Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433 Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat Never Exceed Vehicle Capacity Load
Julian Bond wrote: > Currently I'm using GMail as my contact list. I import into GMail all > the contacts I can. eg Outlook, LinkedIn, Ecademy. Then when I sign up > to a new Social Networking site I use the "Import from GMail" facility > that they all seem to have now to find contacts who have already signed > up. I'm very, very cautious about then using the "Invite my friends who > have not yet joined" facility that always comes with it.
> Are there some lessons here for the DP project to automate this?
This is exactly the anti-pattern we should be trying to discourage by using standards like OAuth. It separates authentication and authorization. As it is now, whatever service you give your credentials to becomes you - and you're trusting them not to store/forward your password and/or be malicious (delete your stuff). It's unnecessary and unsafe.
Please don't continue to put your password in forms that ask for it.
You can help this group more by complaining loudly that asking for your credentials is not the right way to do things.
Terrell Russell <terrellruss...@gmail.com> Wed, 6 Feb 2008 11:58:22
>This is exactly the anti-pattern we should be trying to discourage by >using standards like OAuth. It separates authentication and >authorization. As it is now, whatever service you give your credentials >to becomes you - and you're trusting them not to store/forward your >password and/or be malicious (delete your stuff). It's unnecessary and >unsafe.
>Please don't continue to put your password in forms that ask for it.
>You can help this group more by complaining loudly that asking for your >credentials is not the right way to do things.
Absolutely. Which is why GMail in particular (and the other webmail services) should support oAuth. And the people building and selling libraries to get that data should then support it.
So how exactly do you suggest getting people in GMail, Hotmail, AOL, Yahoo to hear that message?
-- Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173 Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433 Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat Never Exceed Vehicle Capacity Load
> Please don't continue to put your password in forms that ask for it.
> You can help this group more by complaining loudly that asking for your > credentials is not the right way to do things.
Whilst I am in vehement agreement with you, the reality is that most users (and thus service providers) are *currently* not bothered by such actions. Authentication credentials are handed over without a moment's thought.
Every day I get an invite for yet another social network and rarely do I see any support for standards by them. This long tail of niche social networks also need some DP loving -- perhaps by way of better libraries on the common platforms (php, python, ruby, &c.)?
In contrast, the long tail of instant messaging networks is seemingly rather nicely united/federated behind the Jabber/XMPP front. Not sure how they managed to pull that off? Perhaps it was a matter of timing?
I think it is important for us -- in terms of defining the technical plug-and-play architecture -- to also bear in mind to keep the whole thing really simple. So simple that developers should be able to start adopting it overnight. So simple that our evangelical arm can pitch with a singular message to both mainstream and technical audiences.
Can we manage that?
-- love, tav founder and ceo, esp metanational llp
Julian Bond wrote: > So how exactly do you suggest getting people in GMail, Hotmail, AOL, > Yahoo to hear that message?
Talk about it - make it a specific point - explain why it matters. Build use cases where what they're currently doing is bad. Build use cases where the flexibility of these new standards is obvious to people who don't think about this stuff all the time.
And please stop giving out your password other places. :)
And they ARE moving on these things. It just takes time when you have tons of users. It HAS to work when they flip the switch.
>> Please don't continue to put your password in forms that ask for it.
>> You can help this group more by complaining loudly that asking for your >> credentials is not the right way to do things.
>Whilst I am in vehement agreement with you, the reality is that most >users (and thus service providers) are *currently* not bothered by >such actions. Authentication credentials are handed over without a >moment's thought.
I'd better state my position. I'm horribly schizophrenic about this.
In my day job I'm programing a social network and use an invite library from Octazen to help new members find their friends already on the system and to invite others. It does exactly this, take an ID and password for all the major webmail systems and get a bunch of email addresses back. It works really well.
In my lunchtime and night job, I'm doing everything I can to help the DP cause. And demanding OpenID and oAuth on things like the OpenSocial mailing lists.
I guess that's realpolitik, for you. It probably makes me evil, as well ;)
This use case is pretty much core to DP.
-- Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173 Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433 Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat Never Exceed Vehicle Capacity Load
The whole issue of not having to put your password in for another
service to extract your details, ie Gmail to discover your friends for
a social network, seems like a good one to forward onto the Policy
group (this post is for them, so cc'ing them).
I like how Terrance puts it:
> This is exactly the anti-pattern we should be trying to discourage by
> using standards like OAuth. It separates authentication and
> authorization. As it is now, whatever service you give your credentials
> to becomes you - and you're trusting them not to store/forward your
> password and/or be malicious (delete your stuff). It's unnecessary and
> unsafe.
People should have the right to not compromising their security and
identity, when porting their data.
> >> Please don't continue to put your password in forms that ask for it.
> >> You can help this group more by complaining loudly that asking for your
> >> credentials is not the right way to do things.
> >Whilst I am in vehement agreement with you, the reality is that most
> >users (and thus service providers) are *currently* not bothered by
> >such actions. Authentication credentials are handed over without a
> >moment's thought.
> I'd better state my position. I'm horribly schizophrenic about this.
> In my day job I'm programing a social network and use an invite library
> fromOctazento help new members find their friends already on the
> system and to invite others. It does exactly this, take an ID and
> password for all the major webmail systems and get a bunch of email
> addresses back. It works really well.
> In my lunchtime and night job, I'm doing everything I can to help the DP
> cause. And demanding OpenID and oAuth on things like the OpenSocial
> mailing lists.
> I guess that's realpolitik, for you. It probably makes me evil, as well
> ;)
> This use case is pretty much core to DP.
> --
> Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173
> Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433
> Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat
> Never Exceed Vehicle Capacity Load
Craig <craig.c...@gmail.com> Mon, 18 Feb 2008 13:49:09
>Does anyone know if Octazen retrieves postal addresses and phone >numbers in addition to email addresses or are email addresses only >retrieved?
Only email addresses.
-- Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173 Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433 Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat Keep Dry And Away from Children
Craig <craig.c...@gmail.com> Mon, 18 Feb 2008 13:49:09
>Does anyone know if Octazen retrieves postal addresses and phone >numbers in addition to email addresses or are email addresses only >retrieved?
Sorry, my other post was not the whole truth. You get name+email but that's it.
Outlook CSV obviously has a lot more. Some of the services that export Outlook CSV export some other fields. but what you get varies widely between services.
-- Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173 Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433 Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat Keep Dry And Away from Children
