Tag Archives: google

Microsoft Bing launches

Microsoft Bing launched today publicly, and color me impressed.image   I was always a fan of portions of Live Search, but the improvement they’ve made across the board with Bing is impressive. It’s nowhere near a Google knock-out punch, but it has marked improvement in key areas, that it’s going to be hard for people to ignore how well Bing performs. Perhaps John Battelle’s 2009 prediction of “at least a five point gain in [Microsoft] search share” will come true after all?

Searches to try to see some of the new functionality:

  1. Up” – will give you movie showtimes in your city
  2. “Up” video search will give thumbnails of videos, but the best part is when you hover over each with your mouse pointer.  Instant preview!
  3. flights from sea to nyc” shows you airfare predictions based on Farecast technology with one click access to 30-day outlook on fare prices.
  4. Medical searches like “swine flu” – see the left hand side for categories to help refine your search (Articles, symptoms, causes,…), related searches (who knew there was a  “1976 swine flu scare”?) and also returns credible results at the top from the Mayo Clinic.
  5. Using Bing Maps, simple food searches like “pizza” will auto detect your location and show you all matching nearby restaurants .

This obviously isn’t an exhaustive list, but are neat improvements I’ve noticed in my usage over the past couple of hours.  Anything cool I’m missing?

Myths about OpenID and digital identities

I’m really on a roll the past few days with blog posts on digital identity.  My new love is e-commerce with my work on Windows Marketplace, but it’s hard to ignore the recent waves in “big” news in the digital identity world.  Given my expertise in the area, I can’t help but give my 2 cents (or 4 cents :)).

After reading all the blogs entries and resulting comments on sites like TechCrunch, there is a lot of confusion on the significance, or lack thereof, of all these recent announcements (Google, Microsoft) around new OpenID providers.

First, let’s define a few terms:

Identity Provider: An Identity Provider is an entity that issues identities and resulting credentials used to authenticate as that identity.  These are almost always an email address and password combination.  Example of this is Microsoft issuing Windows Live IDs (e.g. [email protected] or [email protected]) with a password.

Relying Party: A Relying Party is a site or service that accepts assertions of a user’s identity from a specific Identity Provider. This term is always used in conjunction with the name of an identity provider.  For example, a site that is a “Windows Live ID relying party” accept identity assertions from Windows Live ID.

OpenID Provider: An OpenID Provider is an Identity Provider that interoperates with OpenID.  It enables users with identities it has issued to authenticate to services that accept OpenIDs.  It does this by authentication a user’s credentials, then issuing a proof of that authentication (commonly referred to as a service ticket) that the user can present to a service that accepts OpenIDs.

OpenID Relying Party: Refers to a site or service that accepts user identity assertions from an OpenID Provider.

Now that we’ve gotten terminology out of the way here are several myths that are prevalent in many online discussions about digital identities, and in particular, discussions about OpenID:

Myth: Becoming an OpenID provider makes you more “open”.

Fact: By becoming OpenID providers, an identity provider just allows all of its users to access OpenID sites. So technically, they aren’t more open in the traditional sense since they didn’t grant access to it’s services to any more users than it already had.  It just allowed their users to access the services outside of its control, namely, OpenID relying parties like Plaxo.  So in reality, becoming an OpenID provider is really a greedy strategy by (1) letting your users access more, and (2) jumping on the bandwagon to not only ride a good press wave, but also to hopefully encourage more users to use you as an identity provider.

Myth: Becoming a Relying Party disempowers a site’s native identity provider since it no longer hold it’s user information (think Gmail to Google, or Flickr to Yahoo).

Fact: This is not true. In fact, by becoming a relying party, there are very few risks and you still have the ability to hold all the user information accumulated on service usage.  Becoming an OpenID provider or relying party, does not imply that you need to share a user’s profile with any other service.  The only risk in becoming a relying party is if you accept assertions from an identity provider that doesn’t legitimately authenticate the user’s identity.  Imagine accepting identity assertions from an Identity Provider that didn’t use passwords, and all you did was enter an email address to be authenticated.  You wouldn’t be able to trust that the user really was [email protected] when the assertion was presented to you

Myth: All the recent OpenID news about these new OpenID providers will solve all the digital identity problems.

Fact: As mentioned the other day, it doesn’t really matter how many OpenID providers there are. The real issue at hand is how many OpenID Relying Parties exist.  Right now, there are very few which makes the utility of OpenID very low and just makes for good PR talking points.  It will be monumental when you see all the Google, Yahoo and Microsoft services becoming OpenID Relying Parties.

Myth: OpenID is more secure than Windows Live ID (or any other identity provider).

Fact: First, this statement doesn’t make sense since OpenID is essentially just a set of protocols, and Windows Live ID is an identity provider.  If the real statement is that an OpenID provider is more secure than a non-OpenID provider, then unfortunately. that is also incorrect.

From the eyes of the consumer, the security of an identity provider really has nothing to do with the underlying protocols that are used.  They just know where to go to authentication and how to authentication. This is why fewer Identity Providers are good because we reduce the risk of phishing scams where users unknowingly give their credentials to a malicious party.

The security of an identity provider is really about the security of the credentials used to assert a user’s identity. The great thing about OpenID is that since it is an open system and since anyone can become an Identity Provider, it paves the way for there to be competition and natural selection to occur among Identity Providers.  With OpenID, we’ve seen the rise some fantastic security solutions that will make a real impact with customers when we have more OpenID relying parties.  For example, investments by VeriSign in 2-factor auth, gives me a lot of hope that other Identity Providers will follow suit.  This will force the entire industry to not only increase the level and expectation of security, but also make it easier to use for the everyday user.

OpenID takes a huge leap towards ubiquity with Google support

Today will be the day that we remember OpenID becoming the standard for web authentication and single sign-on.

Hot on the heels of Microsoft’s announcement, Google gave the final boost of credibility that OpenID needed by announcing their move to also become an OpenID provider.

Now the 3 big boys of the internet (Microsoft, Yahoo and now Google) are all OpenID providers, OpenID has taken a huge leap towards true convergence for digital identities.

While all these OpenID provider announcement are coming out, in order to make OpenID truly ubiquitous, all these identity providers that also have services (which they all do), need to also become OpenID relying parties. In other words, Yahoo, Google and Microsoft need to all start accepting OpenID authentications for their all services.

Once that happens, we’ll have true digital identity ubiquity all tied together by OpenID.  Here’s to praying that happens sooner than later, so I can cross-off a big pain point in my online world.

Sync Google Calendar and Outlook

Outlook and Exchange are the center of my universe due to the integration with my cell phone thanks to push-email and over-the-air sync.  If you’ve never had this capability (includes all you iPhone users!), then you don’t know what you’re missing.  There’s never a situation where there is out of sync information between my phone and Outlook, and since the master copy of my address book is in Exchange, losing or changing cell phones is easy schmeasy.  You’ll never see me send an email that says “Hey friends, I’ve changed cell phones and need all your phone numbers again“.  Sound familiar? Probably one of your friends that switched from their Motorola Razr to an iPhone 😉 

Due to my reliance on Exchange I’ve never jumped on the Google Calendar bandwagon despite using Gmail for my personal email.  Google Calendar is a great product, but the last thing I want to do is manage a manual sync between it and Exchange.  To say that would be a nightmare would be the understatement of the century.  The shunning of Google Calendar has proved problematic for my personal life since many of my friends use it to send me event invitations to my personal email address instead of my work email address.  To them that makes sense since it’s a personal event, but to me, I need everything to go through my Microsoft email address for Exchange.

Well now to solve my problem, it looks like Google has finally release two-way sync between Google Calendar and Outlook!  It’s a client side component so it has to be installed on my work machine to get sync’d to my Exchange server, but this is definitely the next best thing to have server-side support.  With this app, I won’t have to tell my friends anymore to re-send the invitations to my work email, manually enter the appointments in Outlook, or even set up email forwarding rules.

The initial reviews I’ve read of the app is great and seems to just work exactly as advertised.  I’m anxious to install this app when I get to work tomorrow!