Nigel Robertson

oAuth: Putting users in control of service-to-service communications

I've been talking about oAuth a lot to colleagues recently; I'd had it vaguely on my radar for a while, but a conversation with David Recordon from SixApart at EduServ last year convinced me to take a more serious interest in the specification. oAuth is essentially a user-centric authorization mechanism for enabling services to talk to each other.

Currently some services enable interoperability by getting the user to delegate authority to the service to interact with another, essentially by enabling it to impersonate the user. For example, you give Flickr your LiveJournal account details so it can cross-post your photos.

With oAuth, the same functionality is enabled without the security, trust and privacy compromises: the user talks to both services and explicitly grants permission for the services to talk, but without revealing any account details.

There are a great many service-to-service contracts that could benefit from this user-centric approach: employers and universities, for example. Or between employers and applicant's portfolio services.

But is oAuth actually being adopted? Well, the evidence suggests it is, with Google announcing adoption, and discussing integration with its OpenSocial and Google Gadgets technology. For Google this replaces its proprietary AuthSub mechanism with one that can be shared across providers.

For eLearning, the oAuth spec is an important building block in developing distributed as well as federated elearning architecture. With oAuth, users can choose to connect together services that have no existing relationships using a common authorization method.

Even better, oAuth is completely agnostic with regard to identity and authentication protocols and models - it doesn't need single sign-on or any kind of shared identity or authentication model between service providers.

The bottom line - if you are developing an application that needs to talk to an external service API on behalf of the user, then you may need to start looking into oAuth.

Pachube: Connecting things that sense things

I'm not sure what I'd use this for, but its certainly cool and very cybernetic. Pachube is a service for tagging objects that share data from their sensors.

Services like Pachube could be useful for some kinds of very high-level business intelligence, particularly analyses that cross organisational or national boundaries.

At the moment, however, it does have the feel of a webcams site with graphs and XML, but as more objects, places and devices get wired (or wireless) then something like Pachube becomes an inevitable evolution.

Perhaps someone will find some interesting way of using some of these sensors in one of the many mashup competitions making the rounds currently.

Happy Birthday, XML!

It's been a wild ride...but XML is 10 years old.

"Ten years ago, on 10 February 1998, W3C published Extensible Markup Language (XML) 1.0 as a W3C Recommendation. W3C is marking the ten-year anniversary of XML by celebrating "XML10" and extending thanks to the dedicated communities -- including people who have participated in W3C's XML groups and mailing lists, the SGML community, and xml-dev -- whose efforts have created a successful family of technologies based on the solid XML 1.0 foundation. The success of XML is a strong indicator of how dedicated individuals, working within the W3C Process, can engage with a larger community to produce industry-changing results. "Today we celebrate the success of open standards in preserving Web data from proprietary ownership," said Jon Bosak, who led the W3C Working Group that produced XML 1.0. Read the press release and testimonials. Send W3C a greeting and learn more about XML at W3C. "

via W3C

OpenID continues to gather supporters

Following the addition of Flickr to the growing list of OpenID providers this month, TechCrunch reports that Google, IBM and Verisign may soon join OpenID.

If the story is substantiated (its still only a rumour from a "highly placed source") then this will be another big win for OpenID. While there are still a few challenges, especially in usability and user education, but I think its safe to say that user-centric identity is here to stay, and for low-risk web subscriptions, OpenID is in a pretty unbeatable position right now.

Ultimately, though, we're going to have to see a lot more adoption of CardSpace or something similar if user-centric identity is going to encompass the kinds of higher-risk transactions and trusted assertions that OpenID can't handle.

Beginning of the next memory S-curve?

How about an iPod that holds millions of songs. In fact, why not all of them? Want to replace that hard drive with a solid state one with 1000 times the capacity? Oh, and everything stays nice and stable when the power goes off, for far longer than today's flash memory. Like to guess how far away this is?

Technology development often exhibits an S-Curve pattern; first you get the slow buildup as it takes time to get an idea of the ground, then increasing growth, and finally a slowdown of diminishing returns. Then eventually you hit the start of the next "S" and you're soon back into exponential growth. Sometimes you're lucky enough to spot the next "S" starting, and I think recent developments are pointing to a new "S" in computer memory.

(S-Curve diagram by Laird Close, University of Arizona)

The last few weeks saw three major announcements on the development of memory and solid-state storage.

First of all, IBM Research announced it was close to cracking 'Racetrack' nano-magnetic memory. This proof-of-concept technology would eventually replace flash memory and hard drives, with vastly greater capacity.

Next up, researchers from Daresbury and Glasgow have announced developments that could increase memory capacity even further, to "hundreds of thousands of times more capacity" using innovative nanotechnology (Nature Nanotechnology, 3, 289 - 233 (2008) ).

Finally, HP Labs have added the "memristor" to the basic building blocks of electronics. Memristors are resitstors that store information even after losing power, and do so for longer than conventional flash memory. Whats more, memristors are in principle far simpler and easier to make than flash memory, which could also accelerate the trend towards ubiquitous solid-state memory.

Now, whats our plan for when students start turning up with something the size of today's Google sat in their pocket?