Benlog

security, privacy, transparency.
« Engaging Data Forum @ MIT in October
More on Google Wave Trust Model »

Google Wave – thoughts

Filed under: privacy,security,web — May 29, 2009 @ 1:22 pm

First impressions / predictions on Google Wave, Google’s new communication idea/product/protocol/service:

  • because it’s open-source, federated, and follows the same trust patterns as email, it will be successful
  • whatever authentication protocol Google Wave uses will be a significant (if not a crushing) player in the web authentication space, and that’s not a bad thing because it looks like identifiers are email addresses (I’ve made this point before.)
  • the brains of our kids are going to be very differently wired once they learn to use this kind of instant, multi-threaded, collaborative communication. I know I’m going to have a hard time getting used to it, and I can’t imagine my parents dealing with it.

Some questions and further thoughts:

  • Are waves going to have permanent URLs? I hope so. Right now it looks like domain + wave ID, which could be made (maybe already has been made) into a URL with a new wave: protocol. I hope they do a standardized mapping of sorts to http: URLs.
  • Will the authentication protocol allow for direct, unmediated authentication between me and a web service, so that my Wave server doesn’t need to take part in every login I do online? That would be nice for privacy.
  • Oh my goodness JavaScript sandboxing is a really big deal now. It’s really time to read up on OpenSocial.

View Comments

  1. Evan Prodromou:
    May 29th, 2009 @ 2:06 pm

    Ben, I can’t seem to find another mention that Google Wave will be Open Source. Can you provide a link for me?

  2. Steve Weis:
    May 29th, 2009 @ 2:23 pm

    Hey Ben. Thought you might be interested in the draft verification protocol: http://www.waveprotocol.org/whitepapers/wave-protocol-verification

  3. ben:
    May 29th, 2009 @ 5:30 pm

    Evan: the video says open-source. Given that it’s a federated architecture, I doubt that Google is going to get into the business of selling software, too.

    Steve: thanks I saw it, though I think that’s not user auth, that’s verifying message content as originating from a given server, right?

    On auth: I assumed that one has to authenticate to different domains… but actually that’s not the case, since my server can vouch for me. So sadly I don’t think this will be a web auth player anytime soon… But of course it should be!

RSS feed for comments on this post. TrackBack URI

Sorry, the comment form is closed at this time.

blog comments powered by Disqus