Scott Blomquist

Kudos to Microsoft for announcing its intention to bring OpenID support to HealthVault, and congratulations to TrustBearer for being HealthVault’s first announced OpenID provider!

Assuming Microsoft isn’t just in this for the press release, and gets support for this turned on fairly quickly, this is the first public enterprise-grade OpenID Relying Party of which I’ve become aware. Very nice work to all involved!

The biggest problem I have with TrustBearer being the only announced OpenID provider for HealthVault is that users will be obligated to buy a $40 gizmo from TrustBearer. Or provide their own second-factor hardware from an obscure list of approved devices (which surprisingly doesn’t even include PayPal’s obnoxious “use-anywhere” Security Key).

No one should pay anybody a single cent for any of these things! Technology isn’t supposed to put extra junk into your pocket. With the decade-old promise of device convergence, technology has been faithfully shucking devices out of your pocket. As an example, you probably have a phone, a day planner, a music player, and a camera all in one device in your pocket right now. And if used correctly, that single device (your cell phone) also serves very effectively as a second authentication factor that can be just as strong as the stuff peddled by TrustBearer and other security hardware vendors.

With luck, the smart folks at Microsoft (George Scriban, Kim Cameron, Mike Jones) understand that if there’s only one approved OpenID provider for HealthVault (and an expensive one, at that), then they aren’t really supporting OpenID. They might just as well start charging users for hardware to use to secure Live ID. Remember, fellas, that there are some of us OpenID providers out here (such as myVidoop, that of my employer) that provide two-factor security at absolutely no cost to the end user.

[Update: fixed a couple of minor typos.]

Nathan Bell blogs about how he wishes OpenID would just go away, or at least fade into the background so that users don’t have to know quite so much to use it. I really like how he’s thinking over there, and will take some time to write up my thoughts on most of it sometime soon.

Meanwhile, I wanted to throw in my two cents on requirement #3 that he laid out in his post. I and some other Vidoopsters (Michael, Chris, Will) were working on one of our OpenID usability efforts and ended up convincing ourselves that the trust page doesn’t matter if no profile data is being handed off. The boolean value that represents the success or failure of an authentication attempt is certainly no more of a data leak than the claimed identifier that had already been submitted.

Or am I missing something?

I was at lunch today with Chris Messina and some others from Vidoop, and somehow as often happens with me, we got into a very interesting discussion about the way Microsoft does things. In particular, Chris indicated some frustration with a lack of traction that he’s gotten with Microsoft in the past regarding technologies that he and others advocate. He cited a long string of press releases and public appearances supporting the technologies that will make up the open web and an equally long string of failures to deliver any level of support in actual code. He’s definitely right–what gives?

Being the Microsoft fanboi devil’s advocate that I am, I claimed that the Microsoft that exists today isn’t the same Microsoft as we all know from 10 years ago (or even 5). I admit that there are a tremendous number of things that Microsoft doesn’t yet demonstrate a deep organizational understanding for, including Open Source, Open Standards, the consumer Internet, etc., but the one thing that I do know from my 7.5 years with the company is that they’re nothing if not self-critical, especially when they’re not winning the game.

I challenged Chris to name some things that he thinks he’s learned about Microsoft over the last few years and give me a chance to argue that some of them have changed. He threatened graciously offered to write up a blog post with at least 5 misguided things of which he would accuse Microsoft along with examples of how they could prove him wrong by speaking with code. I think that sounds like a great idea. I can’t wait for the conversation to begin!

The June 1 issue of the New York Times included the 11th installment of their twice-annual Op-ed Puzzle. Sort of a miniature paper-based puzzle hunt, you first solve several themed puzzles, and then roll all of their answers together in one final metapuzzle.

The series is produced by the trio of former Games Magazine editors who make up puzzle construction company “Puzzability“, Amy Goldstein, Mike Shenk and Robert Leighton.

Talk about it in the forums at: http://www.puzzlehunters.com/forum/viewtopic.php?f=29&t=16

I just upgraded to WordPress 2.5.1 from 2.3.3. It didn’t go nearly as smoothly as I wished. After my first upgrade according to the upgrade instructions, all the site would do is return completely empty pages. I reverted, exported my previous blog contents, created a completely empty new database, and reimported everything here. Now I have a whole lot of work to do to get my site themed and the config tweaked back to doing what it did before. Not to mention replacing all my previous plug-ins. I’m not amused. I’m also not motivated to switch to MovableType just yet.

I’m happy to see that the forums are still active after the first couple of weeks that this site is in existence. That’s a very good sign.

Go visit the forums now if you haven’t in a while: http://www.puzzlehunters.com/forum/

But there’s still a tremendous amount of work to do before we puzzle-people can sleep easy at night knowing that we know where to go on the Internet to interact with like-minded people!
The keys to building a vibrant community are attracting new people all the time, and keeping people who already know about the community coming back. Right now, it’s easy to visit the site once and never come back.

To that end, I’ve been thinking about where we should take Puzzle Hunters, and I have some ideas that I’d like to run by you.

First, I’d like to develop the blog on the front page into the best source of puzzle-related news that’s available on the entire web. In order to do this, I’d appreciate your help.

Here are some ideas to get you started:

• Send me leads on puzzle news stories.
• If you know of some places on the web that I should check out, post a comment here or start a thread in the forums.
• If you have an upcoming event, however distant, or a review of an existing event, post it (or at least a link to it) in the forums.
• Let me know if we’re missing a forum that we really need.
• Design a better skin for the site than the WordPress/phpbb deafults.
• Volunteer to be a contributing author on the blog.