Tags: xmpp


Dear Lazyweb. vCard IM addresses, as done by Apple and Microsoft.

The vCard standard does not currently have a standard way to express IM address (ICQ, AIM, YM, MSN, XMPP, etc). There are assorted discussions and proposals, but nothing solid. So I am reduced to looking at where the rubber meets the road.

How does Microsoft Outlook and the Apple Macintosh OSX contact manager do it?

If y'all export your personal vCard or interesting addresses from your own contact list, especially if you have IM addresses in them, and email them to me at me@mark.atwood.name, so I can pick them apart, I'd appreciate it.

Update: I was just sent a link to RFC4770, "vCard Extensions for Instant Messaging". Cool! Of course, do Apple and Microsoft actually honor it?

"Open", that isn't.

For assorted reasons, I've become mildly interested in AOL's "newly opened technology", such as AIMCC and X-Drive. So I've been browsing their online docs.

When they say their products and interfaces are "open", they mean "open" in their own typical AOL way.

Check this out:
Q: Are there any restrictions on what I can build?
A: We tried to make the Open AIM Program as restriction-free as possible, but in order to help protect our network and users, certain rules apply. We have highlighted some below, but please refer to the Developers License Agreement for details.
  • Developers are not permitted to build Custom Clients that are multi-headed or interoperable with any other IM network.
  • Custom Clients developed for use on a mobile device or via a wireless telecommunications carrier's network and/or wireless services require separate licensing and business agreements with AOL. Any inquiries regarding mobile applications should be sent to AIMCommercial@aol.com.

No "multiheaded" free clients. So they still want to freeze out Pidgin and Adium, and they are still terrified of competition.

And no free clients that run on smartphones, or other "mobile devices" on a "wireless telecommunications network". They dont want their existing clients that they license to the telcos (for a lot of poorly spent money) to have to compete. And what happens when someone is using a laptop or handheld, and slides in an EVDO card, thus turning it into a "mobile device on a wireless telecommunications network"?

As I look farther, signing a developer agreement with them still doesnt net you a copy of the actual wire protocols. They instead give you a license to an overweight interface library for a "supported platform", and permit you to link against that.

That's not "open".

I run Pidgin (formerly known as Gaim). I have it client for my ICQ, AIM, YM, and MSN accounts just because so many friends and family insist on using them.

But if you want to IM me, I really prefer you use XMPP/Jabber, that is, Google Talk or LJ chat.

More geeky muttering about OpenID, and a small epiphany

One of the people I met last weekend was Simon Willison. We spent some time talking about OpenID. Like me, he's been trying to convence various sites and projects to hire him to OpenID-enable them.

One objection was "we don't want to outsource the security of our users to some unknown OpenID provider". His response is: "Do you have a 'I forgot my password, email me a new one' link? Then you're outsourcing the security of your users to some unknown email provider."

Until he said that, I had not really seen it that way. But he's right. "Email me a new password" has exactly the same data flow and security model as OpenID, only with a crappy and slow user experience.

While browing the OpenID wiki a bit, I discovered that there is now an HTTP Auth mode for OpenID. I've added patching that feature into cURL on my todo list. Have to make user there is also a matching Apache module mod_auth_openid to test against.

Someone has hacked together a quick and dirty translator portal between OpenID and XMPP (aka Jabber aka GTalk). It would be nice if the various Jabber providers added this to their respective web presences.

SourceForge has a discussion going asking for community interest in adding support for OpenID. I, of course, weighed in that they should.

It's kind of ironic that the Mailman servers that the OpenID project uses, don't use OpenID. Mailman should be one of the primary targets in having people write and submit a patch to add the feature. (Next should be BugZilla.)

OAuth is a related technology to OpenID. It's just barely getting off the ground, but I think that it will get traction and acceptance much faster.

To get OpenID spread, we need to get lots of small site operators to start supporting it, and most of them are just running their site with a precanned CMS. Getting each one to change is a slow retail one-at-a-time slog.

But OAuth isnt for small sites. It's for bigger system that provide online APIs to their service. Right now, most of the web-service providers that realize that this is important, have their own hand-rolled solution. Flickr Client Service registration, AOL OpenAuth, etc. All the sorts of things were you have to get a an application key so that some client will work with some web service, or so that you can allow some web service A to do something with some other web service B on your behalf, without having to actually give web service A your password to B.

Many of the people who designed/wrote/support the existing per-service protocols were at the BOF, and everyone wants to stop supporting their own custom stuff. There is not likely to be much if any pushback from management or marketing depts either, because maintaining one's own client client auth protocol gives no competative advantage, no "customer lockin", and makes it less likely that people will write clients or foreign service interfaces to your own service.

I'm having a vision of a convergence of OpenID, OAuth, and Atom. Once you can say "This is who I am", "You are allowed to do this for me", and "Here is what I want you to to send/post/do", and nearly every browser, cellphone, PDA, and display client understand the protocols to do so...