Until now it’s been understood in developing NoTube applications the common requirement to design, maintain and manage the user profile. Although the structure of it is subject to be quite different in the scope of the considered goal there’s a set of data which is somewhat common to any scenario including static personal details like name, sex, age as well as dynamic information evolving over time like user social activities and interests.
Beginning from this assumption TXT and Pronetics some months ago started to think about an object that could centralize these operations, from both the user and the developer perspective. We imagine that every person running a the NoTube application can benefit from a tool like this since it transparently provides a place that enables him/her to register as a NoTube User, edit personal details, enter preferences or interests, allow/deny the collection of personal activities across the chosen social networks, etc. On the other side, any application running on the NoTube platform could integrate this object without directly caring about stuff like authentication, profile management and, most important, where and how to store such data in order to ensure privacy preservation in light of the user’s will. The double benefit of this approach is the possibility to offer a concrete way of becoming part of the NoTube network by simply registering and then make use of the NoTube applications.
Of course it should be given the possibility to leverage on existing OpenID accounts, if any, in order not to re-invent the wheel but mostly to speed up the registration process keeping it easy by reusing information related to the social user identity. Again on the social side, we’re working on giving the users the possibility to connect the NoTube identity to the social networks the user is subscribed to, which act as the main source for collecting real user activities and then infer interests.
Without going deeply in technicalities, OpenID basically allows you to use an existing account to sign in to multiple websites, without needing to create new passwords. So there’s an identity provider which is responsible to confirm your identity basing on your credentials, hence you don’t need to worry about an unscrupulous or insecure website compromising your identity.
Its adoption on the Web is widespread, involving actors like Google, Facebook, Yahoo!, Microsoft, AOL, MySpace, Sears, Universal Music Group, France Telecom, Novell, Sun, Telecom Italia, and many more.
This de-facto standard was born in 2005 thanks to an open source community and today is still decentralized and not owned by anyone. This means that there’re many OpenID providers out there which adoption is secure and transparent to the whole paradigm. Moreover it’s free.
An extension of OpenID is OAUTH, however it does not depend on it. OAUTH attempts to provide a standard way for developers to offer their services via an interface without forcing their users to expose their passwords (and other credentials). If you are a Web developer you probably know that OAUTH is implemented by many social networks like Digg, Jaiku, Flickr, Ma.gnolia, Plaxo, Pownce, Twitter.
In a project like NoTube it appears to be an ideal mechanism to access social network contents through it without harming the privacy of the users but, instead, enforcing it by giving them the possibility to explicitly allow or deny such access for a specific subset of contents. Think about this scenario: many luxury cars today come with a valet key. It is a special key you give the parking attendant and unlike your regular key, will not allow the car to drive more than a mile or two. Some valet keys will not open the trunk, while others will block access to your onboard cell phone address book. Regardless of what restrictions the valet key imposes, the idea is very clever. You give someone limited access to your car with a special key, while using your regular key to unlock everything. And that’s exactly how OAUTH works.