The New Scientist has written an article about the Mashup panel I participated in at last month’s CHI 2006 conference. It’s not a premium article, so you can read it here if you don’t want to buy a copy of the magainze.
NS has decided to focus on the “security issues” associated with Mashups, which were raised part of the way through the panel by Hart Rossman, chief security technologist for Science Applications International of Vienna,
At this point I’d like to point out that both Bret Taylor (of Google) and myself were a little concerned about the participation of a security expert because neither of us feel security is (currently) a significant issue in the Mashup scene.
Don’t get me wrong, Hart was a really nice chap who definitely knew his stuff – but the issues he raised either missed the point of Mashups or applied to any-and-every-other data transactional website, be it Mashup or otherwise.
(you can read some of Hart’s concerns in the New Scientist article)
The thing about Mashups is that they are experimental. Many of Hart’s concerns stem from the fact that people might think they are “fully fledged services”, and I guess he has a point on that one. But the answer is to make people aware of what they’re using, not bog down the innovation with restrictions.
I was asked for a few quotes by the New Scientist journalist after the panel and unfortunately he decided to only include the one where I agreed that people having to log into third-party accounts via Mashups were an opportunity for spoofing.
My other point that much of this was about experimentation and innovation, and not the creation market-ready products, was sadly omitted.
JP Rangaswami of the excellent Confused of Calcutta blog was understandably disapointed with the article and in turn the panel. His take on it:
..the headline: “Mashup” websites are a hacker’s dream come true. Most mashups are derivative sites and could perhaps reflect the so-called security weaknesses of the originating sites. Sounds like someone trying to sell me more Information Security consulting.
And most interestingly of all he concludes his post with the following:
We need to ensure that the weeds of DRM are not allowed to choke the mashup flowers. Let a thousand mashup flowers bloom. We need new answers to identity and access, but we are not going to get them by constraining new ways of doing things with old ways of stopping things.
JP is spot on – and this let me tell you is coming from the CIO of investment bank DrWK (although he was writing in a personal capacity).
These guys are doing some amazing stuff in this area, and are very forward thinking (check out my previous post about some of their work).
I hear they are using wiki’s and RSS as part of their knowlege management and internal communication infrastructure. For an investment bank, that’s a pretty amazing stuff.