Archive for the ‘Case Studies’ Category
Posted at 8:35 am on March 9, 2010 by Nat Sakimura
The largest mobile operator in Japan, NTT docomo, which covers approximately 50% of Japanese population, started offering OpenID authentication on March 9.
Every docomo user has an identifier called i-modeID. Using this, users can single sign-on to mobile sites using docomo handsets, making one-click payment and other authenticated actions.
These kind of features fueled the great success of mobile commerce in Japan. However, this success has not been extended to the non-docomo handset world of the PC. For the PC, docomo offered a separate identifier called “docomo ID”. As it remained independent of “i-modeID”, it did not enjoy the same kind of popularity.
This situation was remedied today by linking the two different identity systems with OpenID.
As of today, a user can login to a site using “docomo ID” as an OpenID, then the site can obtain “i-mode ID” that is linked to the “docomo ID” transparently. It is expected that the payment on the PC sites through “i-mode payment service” would accelerate content sales through PC.
Some technical idiosyncrasies
NTT docomo published the docomoID Authentication Technical Specification on their web site. As an OP Identifier, one should specify “https://i.mydocomo.com/“. As a normal claimed identifier, one should specify “https://i.mydocomo.com/id/{user_unique_identifier}” where {user_unique_identifier}” is a random alpha-numeric string that is unique to the user-realm pair.
One peculiar feature of docomo’s implementation is that, to provide “i-mode ID” to the content providers, content providers should call a very simple GET API after they obtained the OpenID Assertion. The decision seems to have been made to avoid the transmission of i-mode ID through browsers, which may act as a man-in-the-middle attack point as users’ PC environment is not particularly safe. Using OAuth for this purpose seems to have been an option, but docomo seems to have decided that requiring it on top of OpenID to the content providers seemed to be a little too demanding. Thus, they devised this extremely simple API. Together with it, docomo also defined a kind of contact service API, which allows the content providers to send mail [*1] to the user’s mobile phone without sharing the mail address.
According to their official page, there are 55,692,500 docomo subscribers as of February, 2010. Japan’s population over 15 as of Feb. 1, 2010 is 110,470,000.
[*1] Currently, this “contact service” is currently limited to send a mobile site URL
Tags: adoption, japan, mobile, nttdocomo
This entry was posted
on Tuesday, March 9th, 2010 at 8:35 am and is filed under Case Studies, News.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 5:09 am on by Nat Sakimura
Ministry of Economy, Trade and Industry of Japan (METI) launched a site called “IdeaBox“, which solicits ideas for IT Policy widely.
At the site, people can propose, discuss, and vote on policies. METI positions it as a network-based committee which is open to public. A similar site was operated last year from October to November and attracted over 1700 policy idea.
This version of IdeaBox, launched Feb 23, accepts OpenID so that one can login with the account from mixi, Yahoo! Japan, Livedoor and Google. It has various other social components so that one can also tweet about it directly from the site, bookmark it on delicous and hatena bookmark, etc. This initiative will run through March 15.
Site Address: http://open-meti.go.jp/
Tags: japan
This entry was posted
on Tuesday, March 9th, 2010 at 5:09 am and is filed under Case Studies, government, News.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 8:19 pm on April 7, 2009 by Guest Author
About two weeks ago, MySpace released an update to MySpaceID taking advantage of OpenID combined with OAuth to provide a sign in and profile sharing with a user-experience at parity with Facebook Connect. Max Engel is MySpace’s Product Lead for their Open Platform and took the time to write this post, providing some more details about how MySpaceID works.
At MySpace, we recently released several critical new feature enhancements to MySpaceID, a product under the MySpace Open Platform. We delivered OpenID support, an OpenID/OAuth Hybrid experience, and support for syndicating “Friend Updates” via the emerging Activity Streams specification.
These new components to the MySpace Open Platform allow us to not only provide developers with new tools to create distributed applications that are built on top of our social platform, but also to deliver an identity solution that builds on top of the “Open Stack” to provide flexible an extensible options that embrace open standards.
OpenID aligned perfectly with MySpaceID as an authentication technology. As a social portal, we already embraced the notion of representing identity with a URL. An overwhelming number of our users have setup vanity URL’s (i.e. myspace.com/pixelelated) and so we knew that OpenID would align well with our users. In addition, we wanted to make sure that we were working with the flow of the web, and we strongly believe that collaborating on open standards is critical to this mission.
As we worked on our OpenID solution for MySpaceID, we knew that we had to rollout the technology in a way that emphasized a lightweight and simple interface design and user experience. OpenID has wrongly been maligned by a stigma that the technology can’t be easy to use. Our aim was to break that label and demonstrate with our MySpaceID product that OpenID and usability aren’t conflicting terms. Luckily, there was a community ready and willing to help. The progress made at two OpenID Usability Summits helped us refine our implementation and allowed us to leverage the collective knowledge of other OP’s. This is the strength of open standards: the ability to work together to forge ahead and work together to solve a problem.
When working on the MySpaceID design, we embraced a pop-up window for login to help make the user experience even easier, and to help the integrating relying party offer a clean hand-off. We support both directed identity as well as standard URL-based discovery, and ultimately feel that by offering modular options to developers we are creating the most value for our users. In addition, by rolling out the OAuth Hybrid extension with this, we can allow our users to provision web service access to their MySpace profile, friends, content, and activities in the same step.
Beyond our new enhancements around single-sign on with OpenID, and the rollout of the Hybrid protocol, we are supporting the new Activity Streams specification. A core part of the DNA of MySpaceID is empowering the user to take their data with them. By offering API’s for sharing activities, we’re enabling our users to take their own activities and share them through aggregation and lifestreaming services. In addition, developers can provide a user with a window into their life on MySpace by incorporating the API in Dashboard-style widgets, such as our implementation with the new Yahoo! homepage. With activity sharing, we wanted to go beyond just offering the functionality and ensure that we were working with the community to implement something that could be standardized. We embraced this philosophy when collaborating on the Portable Contacts spec and worked to align it with OpenSocial, and so we were quite comfortable with this model of development.
I hope that we have shown that our choice for the technological piping which powers MySpaceID (OpenID, OAuth, Portable Contacts, OpenSocial, and Activity Streams) didn’t negatively impact the experience we could provide. In fact, it was quite the opposite. Our choice to embrace these open standards has given us a more powerful and flexible platform. We’re excited to prove that a MySpace user can visit any site that has integrated MySpaceID and go from a button click to bringing their identity with them, all while doing it in a way that has a clean user experience and puts the user in control of their privacy, security, and data. As an OpenID community, we’ve all worked to make tremendous progress over the past year, and I think we’re only beginning to realize the real potential to empower users through open standards for the social web.
Tags: usability, user experience
This entry was posted
on Tuesday, April 7th, 2009 at 8:19 pm and is filed under Case Studies, News.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
