Gaffney3.com

Image via Wikipedia

PHP has officially ended development of PHP 4 with the final release of 4.4.9 on August 7, 2008 nearly a year after the ideal was first floated by Derick Rethans.  Chris Schiflett does a nice job of pulling a few choice quotes out of the conversation that lead up to its demise.

“I am trying to gauge what people feel about dropping support for PHP 4 at the end of this year.”
Derick Rethans on the PHP Internals List (2007-07-06)

That is a phenomenally difficult question.  I’m glad to see the team decided to err on the side of moving forward giving the developers the ability to completely emerge their time and efforts in PHP 5/6.  They got it right.

Read the rest of this entry »

Even with the incidence of identity theft soaring year-over-year according to the Identity Theft Center in San Diego, governments enacting laws that explicitly hold corporations accountable for data losses deemed avoidable, and class-action suits seeing results for those victimized, users are giving up more than the usual to mashup services in exchange for convenience.Recently I blogged about OAuth releasing their final draft specs which allow users to access their private data across sites without sharing their username, password or identity in any capacity. The team appears to have really looked at the other authentication protocols currently employed and built upon them.

Denise Caruso of the New York Times highlights other ideas being developed to both protect our identity and leverage mashups.

The project that Denise finds the most intriguing is called the CloudTripper Project, which is devoted to portability of personal social data.

(CloudTripper empowers) individuals to “take their data with them” as they move across different websites and applications without having it locked into any particular silo. [cloudtripper]

The Identity Governance Framework, also mentioned, “aims to help organizations comply with national and international regulations, including the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act”.

(The IGF) specifications provide a common framework for defining usage policies, attribute requirements, and developer APIs pertaining to the use of identity related information. These enable businesses to ensure full documentation, control, and auditing regarding the use, storage, and propagation of identity-related data across systems and applications. [oracle]

The bottom line is that every day, whether through naivete, ignorance, or blatant disregard users are offering up their name, address, phone, Social Security and credit-card numbers online. And considering the PR nightmare that TJX has experienced, a standard needs to be adopted to protect both the individual and, in doing so, the liabilities of businesses.

As of October, Bloglines users can use their login to sign in at other sites that support the OpenID initiative. Although they may be second fiddle to Google Reader, they are still an market leader and a key innovator that aids in elevating the legitimacy of the framework. Although this is a great step forward in the adoption of a standard, its not enough. Marshall Patrick gets it right.

Big companies can announce all day long that they will now let you log in to other sites with their ID - it’s time for them to support OpenID login on their own site using credentials from other vendors. [redwriteweb.com]

The good news is that Bloglines GM Eric Engleman told Marshall that support would be coming in early November. He then also stated that other standards like OAuth and Attention Profiling Mark-up Language are being considered.

To see all the sites where OpenID is currently accepted, check out the OpenID Directory.

The team working on Open Authentication have released the final draft of the OAuth 1.0 spec.

If unfamiliar with OAuth, let me borrow their analogy. Think of them as a valet key to you car. Its a special key that offers limited access and control to the attendant, allowing him to fulfill his responsibilities, but protecting the vehicle. So too would this work for your online identity .

An open protocol to allow secure API authentication in a simple and standard method from desktop and web applications. [oauth.net]

Fidelity Investments offers a online service dubbed Full View powered by Yodlee, Inc. It allows you to view various assets and liabilities in a single place. Mint offers a dressed up version, but I feel it lacks the confidence-building familiarity and trust. To fully leverage either service however you need to provide usernames and passwords for all accounts listed. Truthfully, this service is read only, so why should it have write or execute privileges. That is where OAuth could come in.

Obviously, adoption is key in the success of this project. This could pave the way for a standardized means for applications to access services without needing to share a username and password with them.

With security concerns marginalized (never eliminated), mashups and APIs could allow a level of interaction as yet unseen.