Power your app with Live services

Play Power your app with Live services

The Discussion

  • User profile image

    Does supporting XMPP means I can add people which uses jabber accounts? 

    And when, if true, would it be available?

    PS: Nice work.

  • User profile image

    Adding XMPP means you should eventually be able to use a Jabber client to chat with your Windows Live Messenger friends. 

    The functionality is available as a Developer Preview which you can try out at http://connect.microsoft.com/site1226/SelfNomination.aspx?ProgramID=7291&pageType=1

  • User profile image

    thx for the fast answer. Smiley

  • User profile image

    I have a few very serious concerns:

    1. How would a user revoke a permission previously given to an application or most importantly a Web site for accessing his/her profile information or Skydrive, etc? Is the UI for doing this centralized? If yes, aren't there issues of discoverability? If no and the revoke UI is per application, isn't there the issue of consistency amongst implementations?

    For example, the permissions UI on the iPhone for managing push notifications has the above issue of discoverability as it is centralized.

    2. How do you ensure that permissions requested by applications and web sites are adequately described? For example, "Do you want to allow Facebook to access your Skydrive and read and write photos and documents?" A typical user reaction would then be "Access my Skydrive in what way exactly?" Meaning, "Do what exactly to my photos?" "Delete them, edit them, what exactly?" In other words, how do you ensure that applications and most importantly Web sites adequately describe fully to the user the reasons for requiring and what they intent to do to his/her profile information, photos, calendars or documents, etc, and then promise the user that they will access his/her information in the described way and no more? This is something that permission categories on their own cannot ensure as they just provide or refuse access to the information but do not describe how the information should be used. Applications and Web sites should be forced through the API to provide descriptive text making their intentions clear and Marketplace rules should be in place to force applications to honour their promises. Otherwise, Web sites and applications are going to blindly ask for access and users might blindly again grand all requested permissions, since they have no way of knowing if the requested information or access rights are going to be used for good or for evil. The descriptive text below each permission request is too generic to enable the user to make an informed choice for the specific application. This is especially true since the user will be initially trying out a new Web site or a new application for testing it to see if he/she likes it.

    3. How do you remove malitious applications. Most importantly, how to you deal with malitious sites. Since registering for Windows Live Connect is so easy, then what will prevent malicious people for registering phishing web sites on a massive scale under different URLs and pseudonyms, Since no official proof of identity seems to be required?

    4. How do you solve the multiple identity problem? I might have a work identity, a home identity, a family identity, a personal identity a semi-private identity and perhaps a secret identity for posting anonymously online. I might want to share all my settings between some of my identities but not with all of them. I might want to share specific applications and Web site information and settings with all my identities whilst keeping other applications and settings private to some of my identities. I might want to easily transfer settings, applications, etc, from identity to identity, i.e. I might want to change an identity without having to rebuild it from scratch. I might want to run multiple applications and Web sites using multiple of my identities in the same user session, without having to (A) create 5 accounts on my computer and (B) having to log on and log off all the time.

    The above are not only desirable and valid scenarios but are situations which are really common nowadays. Just think how you use your Web sites and applications on an everyday bases and compare with the above situations. You will find that you run into these scenarios continuously, especially if you have kids and a family.

    5. How do you solve the issue whereby I might want a friend to use my computer for a while or just use the Internet to browse on my PC without giving him access to all my online Web sites and applications at the same time? Is there a setting for example for keeping this automatic signing-in experience enabled, whilst always requiring me to re-enter my password on sensitive applications or Web sites, or better, on applications or Web sites that I designate as sensitive?

    6. How can I as a user or as administrator audit what exact data and at which time and in what way it was accessed by a specific site or application?

    7. I might want to visit a site without logging in just for the specific visit. Reasons for doing this are perhaps I might want to create a new account on that site for my friend or family member. Do you mean to tell me that (A) I will need to create a new Windows account first? What if I don't want my friend creating a new account on my computer just for him/her to be able to sign up to a new site. Or (B) Wait until I am signed in and possibly tracked by the site and then sign out in some site specific way in order to create a new account? And what if that specific site or application does not offer signing out? And what if I don't want the site to track that it is me who has helped my friend or family member to establish a new account in the first place?

    The above are valid concerns and what surprises me is that it seems that your company has not thought of them. These are not the times at which we find ourselves at the beginning of the discussions around identity management. There is at least a decade of research, political discourse, online debates and many many failed industry attempts such as Open ID perhaps?

    My computer is not my phone. My phone is not usually shared. It is more personal. Bringing the simplistic phone identity management to the PC needs thinking. And I am not sure if this thinking has been made. Has it?


  • User profile image
    Bernalda Nidoy


  • User profile image
    Bernalda Nidoy

    apply it immidiatly

  • User profile image

    I am happy

Add Your 2 Cents