Identity – Joss Winn

Open Education Project Blueprint

Joss Winn / April 22, 2009April 23, 2009 / Commons, Open Education, Projects

Each participant on the Mozilla Open Education Course, has been asked to develop a project blueprint. Here is the start of mine. It’s basically a ‘Personal Learning Environment’ (PLE) ((See Personal Learning Environments: Challenging the dominant design of educational systems))and I’m going to try to show how WordPress MU is a good technology platform for an institution to easily and effectively support a PLE. I’m going to place an emphasis on ‘identity’ because it’s something I want to learn more about.

Short description

University students are at least 18 years old and have spent many years unconsciously accumulating or deliberately developing a digital identity. When people enter university they are expected to accept a new digital identity, one which may rarely acknowledge and easily exploit their preceding experience and productivity. Students are given a new email address, a university ID, expected to submit course work using new, institutionally unique tools and develop a portfolio of work over three to four years which is set apart from their existing portfolio of work and often difficult to fully exploit after graduation.

I think this will be increasingly questioned and resisted by individuals paying to study at university. Both students and staff will suffer this disconnect caused by institutions not employing available online technologies and standards rapidly enough. There is a legacy of universities expecting and being expected to provide online tools to staff and students. This was useful and necessary several years ago, but it’s now quite possible for individuals in the UK to study, learn and work apart from any institutional technology provision. For example, Google provides many of these tools and will have a longer relationship with the individual than the university is likely to.

Many students and staff are relinquishing institutional technology ties and an indicator of this is the massive % of students who do not use their university email address (96% in one case study). In the UK, universities are keen to accept mature, work-based and part-time students. For these students, university is just a single part of their lives and should not require the development of a digital identity that mainly serves the institution, rather than the individual.

How would it work?

Students identify themselves with their OpenID, which authenticates against a Shibboleth Service Provider. ((See the JISC Review of OpenID.)) They create, publish and syndicate their course work, privately or publicly using the web services of their choice. Students don’t turn in work for assessment, but rather publish their work for assessment under a CC license of their choice.

It’s basically a PLE project blueprint with an emphasis on identity and data-portability. I’m pretty sure I’m not going to get a fully working model to demonstrate by the end of the course, but I will try to show how existing technologies could be stitched together to achieve what I’m aiming for. Of course, the technologies are not really the issue here, the challenge is showing how this might work in an institutional context.

I think it will be possible to show how it’s technically possible using a single platform such as WordPress which has Facebook Connnect, OAuth, OpenID, Shibboleth and RPX plugins. WordPress is also microformat friendly and profile information can be easily exported in the hCard format. hResume would be ideal for developing an academic profile. The Diso project are leading the way in this area.

Similar projects:

UMW Blogs?

Open Technology:

OpenID, OAuth, RPX, Shibboleth, RSS, Atom, Microformats, XMPP, OPML, AtomPub, XML-RPC + WordPress

Open Content / Licensing:

I’ll look at how Creative Commons licensing may be compatible with our staff and student IP policies.

Open Pedagogy

No idea. This is a new area for me. I’m hoping that the Mozilla/CC Open Education course can point me in the right direction for this. Maybe you have some suggestions, too?

A few notes on data portability

Joss Winn / April 20, 2009April 20, 2009 / Fun, Identity, Standards & Specs, Web

I had a bit of fun over the weekend looking at how I could both aggregate my online presence and make it portable, all under my own domain name. I ended up touching on a bunch of interesting initiatives revolving around web and data standards. The minor output of this is over on my personal ‘home page’ at http://josswinn.org

You’ll see that there’s an Attention Profile (APML), Friend of a Friend document (FOAF), hCard generated from my contact details, an OPML file of the significant feeds I have spotted around the web (Delicious, this blog, Twitter, Last.fm, etc), an aggregated feed of my OPML file, and a link to my LinkedIn profile, which I happily learned includes hResume microformat markup. My OPML, FOAF profile and RSS feed are all auto-discoverable.

All links on the page are marked up using the XFN markup rel=”me” tag, which should help consolidated my identity on the web. There’s an interesting discussion over on Marshall Kirkpatrick’s blog about how our Twitter profiles are starting to rank higher in search engines than our personal blogs or home pages because Twitter is using the rel=”me” tag. Marshall suggests that we start using rel=”me” somewhere on our own sites to counteract that.

To add to the fun, I also tried to get the page to validate as HTML5, but in doing so, I had to remove the meta tag that provides OpenID Attribute Exchange via my OpenID Service Provider. I get the error:

Bad value X-XRDS-Location for attribute http-equiv on element meta.

Apparently the draft HTML5 spec currently disallows values for http–equiv. OpenID AX is a good thing if you want to consolidate your identity while at the same time ensure it is portable. It’s certainly more useful to me than validating as HTML5.

In addition to this, I added a Google Friend Connect (OpenSocial) widget and integrated Apture. I thought about adding the ability to leave comments via Disqus, the advantage being that comment authors could retain control over their own comments. But to be honest, I don’t think you or I need yet another method of communicating with each other. There are plenty of ways to do that already.

Other than providing a playground for fun, what this bit of tinkering on my home page has taught me is that microformats and the ethos of data portability is being embraced quite widely on the web and although I spent my time hand-crafting my new home page, there are opportunities to do much the same, quite easily, through the use of a WordPress blog and a bunch of third-party services. More on that later…

OAuth, OpenID, XMPP with WordPress

Joss Winn / March 12, 2009August 30, 2009 / Fun, Standards & Specs, Web

Automattic, the company behind WordPress, released an update to Prologue, their theme for group discussion, today. I read about this, minutes after reading about the new OAuth features in WordPress 2.8 and an hour or so after reading about a new Facebook Connect plugin for BuddyPress, the social networking layer for WordPress. All this stimulation proved a bit too much for me, so this post is an attempt to plot what’s happening here and what might be possible in just a few months from now…

So, I have the BuddyPress Facebook Connect plugin working on a my test installation…

Nothing fancy going on there. Basically, new users to the site can register using their Facebook credentials. The plugin doesn’t do anything for existing users on the site. They just login with their local account as usual. For a first release, the plugin is a good proof of concept and with a bit more integration work will make it easy for Facebook users to join BuddyPress sites.

The new Prologue theme, P2, is impressive, too…

It takes advantage of the new threaded comments feature in WordPress 2.7+ , has ‘realtime’ notifications (unless I’ve missed something, the use of the term ‘realtime’ is a stretch – see below) and has some nice keyboard shortcuts…

One thing that’s lacking is a Twitter-like realtime notification that a new post has been made and you should refresh your bowser. Twitter doesn’t use it for the user home page, but they do on their search page and I like it.

Moving on, OAuth functionality for WordPress is still in development but the latest code from the SVN trunks of both the DiSo plugin and WordPress does appear to work…

Be warned that it does not run on a server where PHP runs as a CGI. I tried to run it first on Dreamhost, but it gave an error showing that getallheaders() is an undefined function.

I need to spend more time with the OAuth plugin to see how it will actually work in practice. One of the first use-cases for it is to allow client applications like the iPhone app, to be able to post remotely without sending a password using XML-RPC. If anyone has any ideas and wants to test it with me, please leave a comment. As I understand from the announcement, it’s working but it’s still early days… For more information, see Will Norris’ presentation from last August.

Finally, there’s mnw, a new plugin for WordPress that provides support for the OpenMicroBlogging specification. With this, users from other sites using the specification, such as identi.ca and other Laconica-based services, can subscribe to your blog/omb site and receive updates whenever you publish a new post or page. So this…

…ends up here…

mnw is still a bit rough around the edges but it was only released as V0.1 a month ago, so that’s to be expected. Note that mnw only seems to work on single WP installations (WPMU produces a familiar error message which I think is wp_nonce related) and does not work on WP 2.8 trunk. Also, identi.ca complained of my avatar image being the wrong size. In the example above, I’d removed my avatar from the mnw settings, but I’ve since found that a .png of 96px seems to work OK.

What does it mean for me and you?

So, what does all this mean? In terms of wordpress.com, we might speculate that before too long, they will add the BuddyPress layer to their 4.5m blogs to create a sizeable social network. The P2 theme shows posts in realtime, they’re already offering an XMPP firehose of blog posts and there are plugins that offer XMPP functionality for WordPress, so remote real-time updates aren’t far away and realtime remote publishing already exist using XML-RPC. With the P2 theme, anyone can create a Twitter-like site that any number of registered users can post to and anyone can comment on. Add OpenID authentication and OAuth authorisation and you’ve got a large, mature and open social (micro)blogging service.

For self-hosted WordPress users, it’s even closer to being a reality. I’ve had a site running today that accepts new user registrations via the DiSo OpenID plugin and those users can then post updates to the Prologue themed site and join a threaded group discussion. If I enabled XML-RPC posting, users could post in ‘realtime’ to the group site from their iPhone or other other client app. With OAuth support, this would be possible from desktop and mobile applications as well as other sites such as Flickr, without exchanging protected user data such as a password. Those updates could also be broadcast via XMPP in realtime, which I’ve done on another blog I was testing.

Things are a bit different for WordPressMU/BuddyPress installations. As you’ve seen above, I’ve got a BuddyPress site running that accepts users joining via Facebook connect. Functionality is limited to social networking and it still has some issues that need working on before it’s ready for every-day use (I’ve noted them on the BP forum). WPMU blogs (by which I mean blogs not the overall site) don’t allow new-user registrations so the blog adminstrator needs to sign up new users. Users registered via Facebook don’t have an email address associated with their account, so blog admins can’t add these types of users as the process requires a username and email address of a new or existing user.

However, by activating the right plugins, registered WPMU users (I’m thinking university staff and students) could participate in a group microblog using the P2 theme, LDAP and/or OpenID for login and XML-RPC and XMPP for remote publishing and receiving posts. It won’t be too long before you can send and receive WordPress posts via your GMail or Jabber account (on your iPhone/iPod) in realtime (hopefully with support for tagging), and all of that data is simply WordPress data and has RSS feeds hanging off every tag and wrapped around every post.

Just a thought.

Outsourcing email and data storage case studies

Joss Winn / December 15, 2008April 9, 2009 / Identity, Web

The JISC published four case studies on Friday concerned with ‘outsourcing email and data storage’. They are quick reads and straight to the point. Pulling together all the ‘Lessons Learned’, we are told the following:

Handle the beta mentality – expect things to change, ask not how you can control change but how will you respond to it.
Web 2.0 is as much an attitude as any technical standard.
Ensure that your contractual and procurement processes allow for the provision of a free service. They may be designed for a traditional system of tendering with providers bidding to provide the service, and may not cope with a bidding system based on a ‘free’ service.
Ensure that students and staff are aware of the reasons behind the change.
Who is a student and who is a member of staff? If you have a high proportion of graduates who undertake various jobs and duties for the University, will they need a staff or a student email account, or both?
What emails and data do you need to keep private and confidential?
Are you aware of the jurisdiction that any external third party servers are under?

Useful observations. For me though, what the reports didn’t address was why each university was providing an email address to students in the first place. Isn’t the issue less about ’email and data storage’ and more about having a trusted and portable university identity? Providing a GMail or Windows Live hosted account still doesn’t guarantee that the majority of students would use that email address as their primary address (prior to outsourcing at the University of Westminster, “96% of students did not use the University email system”). I’m assuming that the new, third-party managed email addresses are still *.ac.uk accounts – this wasn’t clear to me from the reports. Having a *.ac.uk account is useful, primarily for online identification purposes.

Personally, I think that the benefit of having Google or Microsoft manage a trusted university identity for students, is not the email service itself (yet another address that students wouldn’t necessarily use for messaging), but the additional services that Google provide such as their online office apps, instant messaging, news reader (all accessible from mobiles) and, most importantly, the trusted identity that is used across and beyond those value-added services. Furthermore, as both Google and Microsoft embrace OpenID, that trusted identity will assume even greater ‘value’ beyond their own web services. Email addresses are well established forms of online identity and most people are happy to have that identity managed by a third-party.

I like the URI approach that OpenID currently uses although I think that adoption will be slow if users can’t alternatively use their email address (i.e. johnsmith@gmail.com, rather than http://johnsmith.id.google.com or whatever Google settles on). Some services do allow that option using Email Address to URL Translation, which highlights the value of having an email address, not for the communication of messages but for the communication of one’s identity.

Anyone with any thoughts on this? It’s pretty simple to get a message across these days but harder to manage our online identities.