Google Points At WebFinger. Your Gmail Address Could Soon Be Your ID.

picture-1111There’s some excitement around the web today among a certain group of high profile techies. What are they so excited about? Something called WebFinger, and the fact that Google is apparently getting serious about supporting it. So what is it?

It’s an extension of something called the “finger protocol” that was used in the earlier days of the web to identify people by their email addresses. As the web expanded, the finger protocol faded out, but the idea of needing a unified way to identify yourself has not. That’s why you keep hearing about OpenID and the like all the time.

But those standards, while open, have failed to latch on in a meaningful way with the public at large. One of the holdups is that you have to set up a website or service you use to be your OpenID. It’s relatively easy to do, and you may already have one ready to go, but just not realize it. But it’s still kind of tricky to explain to a regular web user — wait, you login with your website?

But something everyone on the web knows is their email address. And they’re conditioned by services like Google and Facebook to use it as their identifier. The problem with it has been that it’s just a string of text, nothing more. You cannot attach information to it to let others know a bit more about you — something vital for true identification. Then idea behind WebFinger is that you should be able to attach any information you choose to your email address.

The excitement today is that a group of Googlers have apparently finally not only gotten Google’s support to pursue the project, but that they have started working the technical details. As Googler Brad Fitpatrick writes today:

In other words, we’ve eliminated both technical & political hurdles. We can now work on this spec, implement, push, try, rinse, repeat…. until we’re all reasonable happy.

Googler Brett Slatkin (incidentally, Fitzpatrick’s partner in making PubSubHubbub) explains to us that while it hasn’t been turned on yet, and that there’s still a lot of work to do on the spec, the idea is to go into testing mode soon. Fitzpatrick notes that there will be a small experiment going on internally with some Googlers’ Gmail accounts.

Without knowing much about the technical details behind it, the core idea behind WebFinger immediately strikes me as a good one. It’s taking something everyone knows on the web (your email address) and making it immensely more valuable as a way to identify yourself and information about you. Exactly what kind of information? Here are some of the ideas from the WebFinger Google Code page:

  • public profile data
  • pointer to identity provider (e.g. OpenID server)
  • a public key
  • other services used by that email address (e.g. Flickr, Picasa, Smugmug, Twitter, Facebook, and usernames for each)
  • a URL to an avatar
  • profile data (nickname, full name, etc)
  • whether the email address is also a JID, or explicitly declare that it’s NOT an email, and ONLY a JID, or any combination to disambiguate all the addresses that look like something@somewhere.com
  • or even a public declaration that the email address doesn’t have public metadata, but has a pointer to an endpoint that, provided authentication, will tell you some protected metadata, depending on who you authenticate as.

This is definitely something to watch for in the coming months.

[photo: flickr/chris owens]