Implementing the Social Web
-
date post
19-Sep-2014 -
Category
Technology
-
view
21 -
download
8
description
Transcript of Implementing the Social Web
Implementing the
Social Webwith OpenID, OAuth, and All That Jazz!
David Recordon, Chris Messina, & Joseph Smarr Web 2.0 Expo
March 31, 2009San Francisco
Wednesday, April 1, 2009
- CHRIS
All of you?
Wednesday, April 1, 2009
- developers? designers? product peoples? <shout it out> - What questions/problems do you have?
Wednesday, April 1, 2009
- the social web is pretty repetitive today, the irony is that the web is a decentralized thing but so many social pieces are only centralized - Pain is being felt by early adopters and even mainstream users. - video by the group Data Portability last year which is one of the best summaries of this
http://dataportability.org/
Wednesday, April 1, 2009
Wednesday, April 1, 2009
- you fill out this long form time and time again - Digg has since simplified it, but really...12 fields all with an asterisk next to them!
http://flickr.com/photos/factoryjoe/2545757754/
Wednesday, April 1, 2009
- you’re then asked to “find your friends” by forking over your email password - hell, we’re guilty of this as well! The good news is that email providers are starting to add OAuth enabled APIs so that we don’t have to do this anymore. - but it isn’t just about asking for passwords (we do .CSV upload too), but that your email address book isn’t really the friends you want on every website
Wednesday, April 1, 2009
- then you create content yet it’s not shared outside of the site that you created it on
http://www.flickr.com/photos/jagelado/16631508/
Wednesday, April 1, 2009
- So, how’d we get here? - A few years ago this was the status quo, but even Microsoft has come a long way! - Open Source is everywhere (Wikia refuses to run software in their data center that isn’t Open Source)
http://www.illustratorworld.com/artwork/2238/
Wednesday, April 1, 2009
Browser Wars once people started really seeing the business value of getting stuff online - More interested in the "second browser war" - WHATWG (HTML 5, Google Gears) - Turned from open source to the data behind it
“Open Data is increasinglyimportant as servicesmove online.”
—Tim O'Reilly (OSCON '07)
Wednesday, April 1, 2009
- Hosted services change the "open" game. If I’m using Gmail I care less about running my own copy of Gmail and more about having access to all of my email offline or if I want to switch providers. - It used to be about source code, now it's about open data as applications are moving to the cloud
http://flickr.com/photos/sathishcj/1868113345/
“It’s like flying on an iPhone!”
data inside!
Wednesday, April 1, 2009
- and you need this data everywhere!
Wednesday, April 1, 2009
- A bunch of data formats were developed the past few years to try to shepherd all this stuff! - RSS and Atom for feeds, RDF for semantic data, Microformats for social data already in pages, OPML for lists of things, KML for geo data, etc
My 20+ Social Networks
Wednesday, April 1, 2009
- but, social networks are only more recently running into these problems. - wasn’t really until 2007 when Brad Fitzpatrick and I wrote a piece on the social graph that people really had a concerted effort around decentralizing social networks and their data
Wednesday, April 1, 2009
- Might have the FriendSter castle, or maybe the MySpace castle, or the Facebook one. All with big moats around them keeping them separate from one another.
Wednesday, April 1, 2009
- Then we got sites like Ning focused on making it easy to create your own castle. - With Ning in the middle connecting them.
Wednesday, April 1, 2009
Social Network Risk! (from Nov 2008) - Hi5 gains Cyprus from Facebook - MySpace gains Puerto Rico from Facebook - Facebook gains Libya from MySpace - Facebook regains Cyrpus from Hi5 - and it goes on...
Social Applications
• Each with a few great features(UNIX philosophy)
• Creating combined value
• Building blocks for new value
• No social graph of their own!
http://www.slideshare.net/stoweboyd/building-social-applicationsWednesday, April 1, 2009
- Around the same time... - Combined value as they don't compete to do everything, rather compete within their area of expertise - Exhaserbated the problem of finding friends - Let me restate that point, these guys *do not* want to have their own social graph...but to use ones that already exist
Wednesday, April 1, 2009
- Facebook Platform came about, meaning your source could run within their site and your data could interact with their social data - but then went down the path of world domination...
Wednesday, April 1, 2009
- look like anything you recognize? - people not happy with this. facebook was trying to dominate the world
Portable Contacts
AboutThe vision for Portable Contacts has been around for a long time. Sites large and
small share the goal of providing users a secure way to access their address books
and friends lists without having to take their credentials or scrape their data. But
only in recent weeks has it begun to feel that now is the right time to rally thecommunity and the industry to work together to make this vision real by
developing an open spec for exchange of contact info that everyone can embrace.
Why now?The momentum began building for 'data portability' last year, and we are now at a
point where there is strong support for the principle that users should be incontrol of their data and have the freedom to access it from across the web. And
the major players have all recognized that they and their users are better off with
secure contacts APIs (rather than having third-party services ask for users'
credentials in order to scrape their data). As a result, we're seeing major Internet
companies making contacts APIs available, such as Google's GData Contacts API,
Yahoo's Address Book API, and Microsoft's Live Contacts API (with more to come).
Not surprisingly though, each of these APIs is unique and proprietary. We believe
this creates the ideal conditions for developing a common, open spec that
everyone can benefit from. Just as OAuth has provided a standard to unify the
various proprietary schemes for delegated authorization, we believe we can do the
same thing for securely sharing address book and friends list data.
GoalsThe goal of Portable Contacts is to make it easier for developers to give their users
a secure way to access the address books and friends lists they have built up all
over the web. Specifically, we seek to create:
A common access pattern and contact schema that any site can provide
Well-specified authentication and access rules
Standard libraries that can work with any site
and absolutely minimal complexity, with the lightest possible toolchain
requirements for developers.
A measure of our success will be the elimination of the "password anti-pattern," by
making it far easier to implement Portable Contacts than to engage in scraping, as
well as a dramatic increase in the number of sites that both provide and consume
who-you-know data.
Our ApproachOur design is focused around ease of adoption, which means a few things. First,
our emphasis is on simplicity of design and targeted use cases. For example,
version 1 is simply about access, and defers for now on the more complex issues
around update and sync. Second, we're taking a modern approach to who-you-
know data by unifying traditional contact info and social network data, in order to
properly represent the current diversity of the social web ecosystem. Third, we're
using existing standards wherever possible, including vCard, OpenSocial, XRDS-
Simple, OAuth, etc. And lastly, we're designing something that should be easy for
current service providers to adopt. We started by reviewing all the major existing
contacts APIs and targeting the capabilities that they all share and provide. We
believe this pragmatic balance is the best and quickest way to achieve our shared
goal of widespread adoption.
Here is the current draft spec, the wiki, and the mailing list.
This project is being undertaken by Joseph Smarr, Chris Messina, and others.
a c tivity stre a .m s
D isc uss.
A n in itia tive fro m th e D iS o P ro je c t.
F irst d ra ft spe c s: A c tivitie s in A to m ; A c tivity S c h e m a .
Wednesday, April 1, 2009
- Lots of technologies coming out of this evolution to try and solve these pain points - all developed by communities - all building on existing technologies
Wednesday, April 1, 2009
- but more than just tech, starting to build with these individual blocks. - Action Streams for Movable Type was really the first self hosted consumer friendly version of things like Facebook Newsfeed
DiSo ProjectDiSo ProjectOpen, distributed, social.
About
Blog
Links
Chat
Silo free living.
Social networks are becoming more open, more interconnected, and more distributed. Many of us
in the web creation world are embracing and promoting web standards - both client-side and
server-side. Microformats, standard APIs, and open-source software are key building blocks of
these technologies. This model can be described as having three sides: Information, Identity, and
Interaction.
DiSoDiSo (dee • soh) is an initiative to facilitate the creation of open, non-proprietary and
interoperable building blocks for the decentralized social web.
Our first target is WordPress, bootstrapping on existing work and building out from there.
So what does that mean?
We’re building Wordpress plugins that implement or build on:
microformats like XFN, hCard, XOXO — wp-contactlist, wp-profiles
OpenID — wp-contactlist, wp-openid-server
OAuth
…and others
BlogrollChris Messina
Stephen Paul Weber
Steve Ivy
Will Norris
DiSo - DistributedDiso Code
DiSo on Flickr
DiSo on Ma.gnolia
DiSo on Twitter
DiSo Wiki
DiSo ProjectDiSo ProjectVisit this group
ArchivesJune 2008
May 2008
December 2007
MetaRegister
Log in
WordPress | Sandbox
Find
Wednesday, April 1, 2009
- getting to the point where you’re able to easily start hosting your own - DiSo starting with building social stuff on top of WordPress, we’ve been building similar things with Movable Type and working with the DiSo project in doing so - DiSo today is under taking more specification work than code work as they’re finding gaps with the wider community
Wednesday, April 1, 2009
- In the past year, not just underlying tech has emerged, but also developer toolkits - A few years ago developer tools talked about supporting AJAX or the latest version of CSS, now they’re talking about all these social technologies
“Connect”
Wednesday, April 1, 2009
- JOSEPH
- whether it be Facebook Connect, TypePad Connect, MySpace MyID, Google Friend Connect they’re all about connecting cloud service with distributed sites
Viewing
Sharing
Virtuous Cycle of Sharing
Wednesday, April 1, 2009
- facebook knows this very well and is probably doing it the best
New building blocks
Who I am
Who I know
What’s going on
Wednesday, April 1, 2009
New building blocks help to establish WHO I AM, WHO I KNOW and WHAT’S GOING ON in a reusable way.
• Profile (identity, accounts, profiles)
• Relationships (followers, friends, contacts)
• Content (posts, photos, videos, links)
• Activity (poked, bought, shared, blogged)
• Goal: Discovery of people and content
Anatomy of “Connect”
Wednesday, April 1, 2009
- If done right, OpenID, OAuth, Portable Contacts, Activity Streams are all pieces of connect applications
Wednesday, April 1, 2009
- but, where did this leave the social networks - this was how I ended in september, but we’re starting to move ahead
Mashups OpenSocial
Attributes OpenID/AX Contacts Portable Contacts
Authentication OpenID/Auth Access Control OAuth
Metadata Discovery YADIS, XRDS-Simple, XRD
Unique Identifiers URLs, email addresses
. . .
Evolving the Open Stack
As proposed by Johannes Ernst
Wednesday, April 1, 2009
lots of industry examples here making use of The Open Stack.
OpenSocial --> OpenID, OAuth, microformats... Facebook --> apps, moving offsite with connect... open sourcing components/platformFriend Connect --> answer to Facebook, implements opensocialMySpace DA --> way to get data in/out of MySpace; heavy on the TOSY!OS --> new Y! strategy to open up, including social APIs + lots of OAuth + OpenIDMT OS --> OpenID, OAuth, plugins make use of XRDS-SimpleDiSo --> facilitating plugins for WordPress, Drupal, MT... etc
also: android for mobile dev/capable browsers & rendering engines (webkit++)
Portable Contacts
AboutThe vision for Portable Contacts has been around for a long time. Sites large and
small share the goal of providing users a secure way to access their address books
and friends lists without having to take their credentials or scrape their data. But
only in recent weeks has it begun to feel that now is the right time to rally thecommunity and the industry to work together to make this vision real by
developing an open spec for exchange of contact info that everyone can embrace.
Why now?The momentum began building for 'data portability' last year, and we are now at a
point where there is strong support for the principle that users should be incontrol of their data and have the freedom to access it from across the web. And
the major players have all recognized that they and their users are better off with
secure contacts APIs (rather than having third-party services ask for users'
credentials in order to scrape their data). As a result, we're seeing major Internet
companies making contacts APIs available, such as Google's GData Contacts API,
Yahoo's Address Book API, and Microsoft's Live Contacts API (with more to come).
Not surprisingly though, each of these APIs is unique and proprietary. We believe
this creates the ideal conditions for developing a common, open spec that
everyone can benefit from. Just as OAuth has provided a standard to unify the
various proprietary schemes for delegated authorization, we believe we can do the
same thing for securely sharing address book and friends list data.
GoalsThe goal of Portable Contacts is to make it easier for developers to give their users
a secure way to access the address books and friends lists they have built up all
over the web. Specifically, we seek to create:
A common access pattern and contact schema that any site can provide
Well-specified authentication and access rules
Standard libraries that can work with any site
and absolutely minimal complexity, with the lightest possible toolchain
requirements for developers.
A measure of our success will be the elimination of the "password anti-pattern," by
making it far easier to implement Portable Contacts than to engage in scraping, as
well as a dramatic increase in the number of sites that both provide and consume
who-you-know data.
Our ApproachOur design is focused around ease of adoption, which means a few things. First,
our emphasis is on simplicity of design and targeted use cases. For example,
version 1 is simply about access, and defers for now on the more complex issues
around update and sync. Second, we're taking a modern approach to who-you-
know data by unifying traditional contact info and social network data, in order to
properly represent the current diversity of the social web ecosystem. Third, we're
using existing standards wherever possible, including vCard, OpenSocial, XRDS-
Simple, OAuth, etc. And lastly, we're designing something that should be easy for
current service providers to adopt. We started by reviewing all the major existing
contacts APIs and targeting the capabilities that they all share and provide. We
believe this pragmatic balance is the best and quickest way to achieve our shared
goal of widespread adoption.
Here is the current draft spec, the wiki, and the mailing list.
This project is being undertaken by Joseph Smarr, Chris Messina, and others.
a c tivity stre a .m s
D isc uss.
A n in itia tive fro m th e D iS o P ro je c t.
F irst d ra ft spe c s: A c tivitie s in A to m ; A c tivity S c h e m a .
Wednesday, April 1, 2009
- these technologies are actually taking root! - call it competitive pressure, call it facebook being on top and others being jealous, I don’t care what you call it - it is happening!
Why do people have to...
• create a new account on every service?
• re-create their profile?
• give away their passwords to every site that asks?
• re-discover their friends?
• re-friend their friends!
• learn new ways to share and communicate?
Wednesday, April 1, 2009
summary of problems... SNS routines
Why do developers have to...
• deal with [forgotten!] passwords?
• create yet another profile form?
• support every new service API that comes out?
• force members to invite everyone they know?
• implement an unsafe method for importing contacts?
• create widgets for incompatible social networks?
• manually interpret feeds for activity streams?
Wednesday, April 1, 2009
Industry Trends
User control of data
User-centric web services, real identity becoming the norm
Location-enhanced services
Real-time content delivery, ubiquitous connectivity
Interoperable application platforms
Content aggregation and syndication
Increasing quantities of data to work with
Democratization of digital media creation tools
Wednesday, April 1, 2009
let’s look at some industry trends...
Eventbox Preferences
Wednesday, April 1, 2009
take a look at this screenshot from eventbox’s preferences.
Why is this even an option?
Wednesday, April 1, 2009
why is this even an option? we’re in a transitional period moving from computer-based identifiers to human-friendly ones.
Source: http://blog.wired.com/business/2008/12/as-facebook-con.html
Wednesday, April 1, 2009
- DAVID
- MySpace is building the same stuff as Facebook using open standards; OpenID, OAuth and OpenSocial
Source: http://blog.wired.com/business/2008/12/as-facebook-con.html
...It's the same paradigm promised by OpenID and its companion open-source technologies being developed by Google, MySpace, Yahoo, Plaxo and other key players on the social web. But where Facebook Connect is heading towards mass adoption on mainstream sites like Digg, OpenID is currently bogged down by several issues, the largest of which is poor usability.
Wednesday, April 1, 2009
- MySpace is building the same stuff as Facebook using open standards; OpenID, OAuth and OpenSocial
••••••••
Wednesday, April 1, 2009
demo of 8bitmusic flow from http://8bitmusic.jdavid.net/
« PayPal joins OpenID Foundation Board as we enter 2009
Facebook joins OpenID Foundation Board with a commitment to betteruser experiencePosted February 5th, 2009 at 11:30 pm GMT by David Recordon and Chris Messina
Today we’re excited to join Facebook’s Mike Schroepfer in announcing
that they have joined the OpenID Foundation’s board as a sustaining
corporate member.
Luke Shepard, a key member of Facebook’s Platform and Connect
teams and a huge internal advocate for OpenID, has been selected as their representative and joins
the current board of seven community elected board members and six sustaining corporate members:
Google, IBM, Microsoft, PayPal (joined last week), VeriSign and Yahoo!. Additionally, to maintain the
ratio of community and corporate board members, Joseph Smarr will be joining the board as our
eighth community member.
As the OpenID community entered 2009 two key topics have become the focal points on the road to
mainstream adoption: user experience and security.
Given the popularity and positive user experience of Facebook Connect, we look forward to Facebook
working within the community to improve OpenID’s usability and reach. As a first step, Facebook will
be hosting a design summit next week at their campus in Palo Alto which follows a similar summit on
user experience hosted at Yahoo! last year. The summit will convene some of the top designers from
Facebook, the DiSo Project, Google, JanRain, MySpace, Six Apart and Yahoo!, focusing on how existing
OpenID implementations could support an experience similar to Facebook Connect.
Facebook’s financial contribution along with its membership on the board signals the company’s
enthusiasm to work more closely with the OpenID community, building up momentum towards their
adoption of OpenID as a standard. Facebook furthering its commitment to openness couldn’t have
come at a better time to make 2009 an amazing year for OpenID and the wider social web.
For press contacts, please call OpenID Foundation board members David Recordon at 503.341.3009
or Chris Messina at 412.225.1051.
For Developers | Discuss | Demand | OpenID Foundation | Worldwide
Whatis OpenID?
Wherecan I use it?
Howdo I get one?
Wednesday, April 1, 2009
- CHRIS
And then two months ago this space changed with Facebook starting to embrace open standards and APIs by them now fitting into their strategy.
Documentation Community Resources Tools News
Developer Blog Press Platform Updates
Archived Posts
2009
February (3)
January (8)
2008
December (12)
November (8)
October (3)
September (6)
August (7)
July (15)
June (8)
May (11)
April (7)
March (7)
February (9)
January (11)
2007
December (5)
November (5)
October (10)
September (4)
August (5)
July (2)
June (1)
May (2)
April (1)
March (3)
February (3)
January (3)
2006
Opening Up Facebook Status, Notes, Links,
and Video to Facebook Platform
Share
4:54PM, Friday Feb 6th
Published by Chris Putnam
We're launching several new APIs for Facebook Platform today. These new
interfaces open up access to the content and methods for sharing through
several Facebook Applications -- including Facebook Status, Notes, Links (what
we used to call Posted Items), and Video -- to go along with the APIs already
available for uploading and viewing through Facebook Photos. We've seen
increasing engagement with over 15 million users updating their status each
day and sharing over 24 million links per month. We wanted to make sure this
content and the ability to share this content was available through our
standard APIs.
Specifically, your applications can now directly access all of a user's status,
links, and notes via new methods and FQL calls. Your application will have
access to any status, notes, or links from the active user or their friends that
are currently visible to the active user. In addition, we're opening new APIs for
you to post links, create notes, or upload videos for the current user, and
we've made setting a user's status easier.
We're pretty excited to see what kinds of ideas you can come up with to help
users create and share more content. For example, a travel application could
make it really easy for users to create and share notes and upload photos and
videos from a recent trip. Users could then display that content within a
profile tab for that app. Or a news website could use Facebook Connect to
allow users to easily post links from the site and feature all of the most recent
links that a user's friends have shared from that website.
Every user is subject to limits on the length and size of the video files they
can upload, just like they are when uploading through Facebook. Use
video.getUploadLimits to determine a specific user's limits. To increase video
Recent News
Opening Up Facebook Status, Notes,
Links, and Video to Facebook Platform
February 6, 2009
Next Steps in Openness
February 5, 2009
Postcards from January Garages
February 2, 2009
January Platform News
January 31, 2009
Try Out the New FBJS
January 30, 2009
Facebook Connect and Apple’s iPhoto
’09
January 29, 2009
Shalom from Facebook Developer
Garage Israel!
January 16, 2009
Changes in Facebook Platform
Leadership
January 16, 2009
Extending FBML with Custom Tags
January 13, 2009
Subscribe
News
Wednesday, April 1, 2009
And then they opened up APIs for status, notes, links and video. - Moving from just pulling data in, to being able to get data out as well
xkcd.com/256
Wednesday, April 1, 2009
but there are some problems with letting the data flow...
in the map of online social networks, things get tricky really fast when data moves from one “nation” to another.
“... You may remove your User Content from the Site at any time. If you choose to remove your User Content, the license granted above will automatically expire, however you acknowledge that the Company may retain archived copies of your User Content....”
— Facebook Terms of Service
Wednesday, April 1, 2009
Here’s what happened.
Sometime last month, Facebook made a change to their TOS, striking the passage here. Language was also clarified about ownership of user data... giving Facebook a “perpetual right to license and sublicense your content”... basically you give it to Facebook and they can do what they want with it.
At least that’s how people read it.
“... People want full ownership and control of their
information so they can turn off access to it at any time. At
the same time, people also want to be able to bring the information others have shared with them ... to other services and grant those services access to those
people's information. These two positions are at odds with each other. ”
— Mark Zuckerberg, Facebook
Wednesday, April 1, 2009
In response, they reverted the changes and Mark Zuckerberg said on the FB blog:
“Still, the interesting thing about this change in our terms is that it highlights the importance of these issues and their complexity. People want full ownership and control of their information so they can turn off access to it at any time. At the same time, people also want to be able to bring the information others have shared with them—like email addresses, phone numbers, photos and so on—to other services and grant those services access to those people's information. These two positions are at odds with each other. There is no system today that enables me to share my email address with you and then simultaneously lets me control who you share it with and also lets you control what services you share it with.”
In other words, people want their cake and to eat it too.
Wednesday, April 1, 2009
so facebook is attempting to reinvent democracy on its site.
this is an ongoing discussion and something that should be watched closely.
Client: OpenID Foundation Prepared by: Randy Reddig ShaderlabOpenID Logo - Revision 3 2007-11-26
Wednesday, April 1, 2009
Demo!
Wednesday, April 1, 2009
go over concepts: identity provider, relying partyLog in to Mapquest using DavidRecordon.com.
(aka places you can login with OpenID)
OpenID - As viewed by JanRain’s MyOpenID.com
Relying Parties
Wednesday, April 1, 2009
- 2007 was a huge year for OpenID!
Wednesday, April 1, 2009
not just blogs, but also big open source projectsnot just..., but also consumer servicesnot just..., but also large service providers and corporations - No where near a complete list!
<html><head>
<link rel="openid2.provider" href="http://factoryjoe.com/blog/openid/server" /><link rel="openid2.local_id" href="http://factoryjoe.com /blog/author/admin/" /><link rel="openid.server" href="http://factoryjoe.com/blog/openid/server" /><link rel="openid.delegate" href="http://factoryjoe.com /blog/author/admin/" />
</head></html>
As simple as...
Wednesday, April 1, 2009
OpenID User Interface
Wednesday, April 1, 2009
- probably the currently most discussed part of implementing OpenID
Wednesday, April 1, 2009
“Identifier driven sign-in”
WTF do I type in the box??
1. Heard of OpenID 2. Understand OpenID 3. Have an OpenID 4. Know what URL to type
Wednesday, April 1, 2009
maybe it’s because people have been trained to just “type anything in the box”
Wednesday, April 1, 2009
...but promising nonetheless.
problem: we have no idea who you are (vs fb connect)
Courtesy Balsamiq
http://boogle.com
Wednesday, April 1, 2009
so i visit my favorite search engine and decide that i want to sign in
Courtesy Balsamiq
http://boogle.com
http://boogle.com/signin
Wednesday, April 1, 2009
and a popup is launched where I pick my provider...
Courtesy Balsamiq
http://boogle.com
Wednesday, April 1, 2009
now i’m redirected to my openid provider where i can sign in...
Courtesy Balsamiq
http://boogle.com/#finish
Welcome back, Chris Sign out
Wednesday, April 1, 2009
upon successfully authenticating, i’ve signed in, without the original page refreshing
show existing providers
how many of your customers already have one of these accounts?
easier than going into inbox/spam
show janrain charts showing popular IDPs
UserVoice Identity ProvidersSource: Janrain - Why Websites Should Accept Multiple Third Party Identity Account Logins
Wednesday, April 1, 2009
NASCAR
Interscope Identity ProvidersSource: Janrain - Why Websites Should Accept Multiple Third Party Identity Account Logins
Wednesday, April 1, 2009
sulit.com.ph Identity ProvidersSource: Janrain - Why Websites Should Accept Multiple Third Party Identity Account Logins
Wednesday, April 1, 2009
BEGIN:VCARDSOURCE:http://factoryjoe.comNAME:FactoryCity (Chris Messina)VERSION:3.0N;LANGUAGE=en;CHARSET=UTF-8:Messina;Chris;;;ORG;CHARSET=UTF-8:VidoopFN;LANGUAGE=en;CHARSET=UTF-8:Chris MessinaADR;LANGUAGE=en;CHARSET=UTF-8:;;;San Francisco;;;PHOTO;VALUE=uri:http://factorycity.net/images/avatar.jpgURL:http://factoryjoe.comURL:http://factoryjoe.com/blogURL:http://twitter.com/chrismessinaURL:http://flickr.com/photos/factoryjoeURL:http://friendfeed.com/factoryjoeURL:http://brightkite.com/people/factoryjoe/URL:http://mento.info/factoryjoeURL:http://ma.gnolia.com/people/factoryjoeURL:http://factoryjoe.tumblr.comURL:http://facebook.com/chrismessinaEND:VCARD
Wednesday, April 1, 2009
Marshall Kirkpatrick - Add One Line To Your Blog or Twitter Could Become Your Primary Identity
Wednesday, April 1, 2009
Why is this cool?first: web page as APIsecond: support in opera, firefox, now IE8 (web slices) SEO
c:\
icons by Seedling Design and Fast Icon
Wednesday, April 1, 2009
so you need a way to refer to these cloud-based applications like you used to...
c:\
icons by Seedling Design, Fast Icon and original authors
Wednesday, April 1, 2009
meanwhile we have hybrid apps like these that are also being thrown into the mix with infinite storage but a native experience. and these all require identity of some sort.
<?xml version="1.0" encoding="UTF-8"?><xrds:XRDS xmlns:xrds="xri://$xrds" xmlns:openid="http://openid.net/xmlns/1.0" xmlns="xri://$xrd*($v*2.0)"> <XRD> <Service priority="0"> <Type>http://specs.openid.net/auth/2.0/signon</Type> <Type>http://openid.net/sreg/1.0</Type> <Type>http://openid.net/extensions/sreg/1.1</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/phishing-resistant</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/multi-factor</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical</Type> <URI>https://pip.verisignlabs.com/server</URI> <LocalID>https://recordond.pip.verisignlabs.com/</LocalID> </Service> </XRD></xrds:XRDS>
OpenID in XRDS
Wednesday, April 1, 2009
<?xml version="1.0" encoding="UTF-8"?><xrds:XRDS xmlns:xrds="xri://$xrds" xmlns:openid="http://openid.net/xmlns/1.0" xmlns="xri://$xrd*($v*2.0)"> <XRD version="2.0"> <Type>xri://$xrds*simple</Type> <Service> <Type>http://portablecontacts.net/spec/1.0</Type> <URI>http://pulse.plaxo.com/pulse/pdata/contacts</URI> </Service> <Service priority="0"> <Type>http://specs.openid.net/auth/2.0/signon</Type> <Type>http://openid.net/sreg/1.0</Type> <Type>http://openid.net/extensions/sreg/1.1</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/phishing-resistant</Type> <Type>http://openid.net/srv/ax/1.0</Type> <URI>http://www.myopenid.com/server</URI> <LocalID>http://brian.myopenid.com/</LocalID> </Service> </XRD></xrds:XRDS>
Portable Contacts in XRDS
Wednesday, April 1, 2009
How it works
factoryjoe$ curl -H 'accept:application/xrds+xml' http://brian.myopenid.com/
Wednesday, April 1, 2009
Start simple: - curl -H 'accept:application/xrds+xml' http://brian.myopenid.com/
How it works
Wednesday, April 1, 2009
Here’s what the response looks like (using Todd Ditchendorf’s HTTP Client) for Brian Ellin (AN INDIVIDUAL)
- curl -H 'accept:application/xrds+xml' http://brian.myopenid.com/
Wednesday, April 1, 2009
What about services? oauth discovery --> auto-service discovery (basically this is how you advertise your APIs to be autodiscovered)this is from partuza.nl -- an implementation of OpenSocial
LRDDLink-based Resource Descriptor Discovery
http://tools.ietf.org/html/draft-hammer-discovery-03
Emerging Work!
Wednesday, April 1, 2009
emerging work
“your valet key for the web”
Wednesday, April 1, 2009
- Standardized existing duplicate protocols from Google, Yahoo!, AOL, and Microsoft - Remove the need to ask for email provider passwords - Seeing good adoption, so pay attention to this!
http://adactio.com/journal/1357Wednesday, April 1, 2009
- Another option is passwords - But it is a *horrible* idea - How many people use the same passwords?
Wednesday, April 1, 2009
boxee is also a problem. all these sites are going social and want to add value or reuse your data... but there’s been no good alternative.
each big site came up with its own BFS of an API which lead to a developer tax to reimplement code everytime, so they just went back to scraping.
San Francisco, CA
Wednesday, April 1, 2009
- You have *no* excuse to create APIs that only take passwords anymore - Google, Netflix, Yahoo!, MySpace, Twitter, etc and is being standardized in the IETF - Tell story of how OAuth was created
Wednesday, April 1, 2009
now this app syncs with your TripIt account. So here we are in the app, and we need to login to connect to our TripIt account. We click login...
••••••••
Wednesday, April 1, 2009
and we’re taken into Safari, where we sign in through the web browser.
Wednesday, April 1, 2009
we see that we can Grant Access here. Note that all the permissions are spelled out simply here.
Wednesday, April 1, 2009
- Few interesting things - Means easier to create a directory of Twitter apps - Access type of read-only
http://www.slideshare.net/kellan/advanced-oauth-wrangling
Advanced OAuth
Wrangling
Kellan Elliott-McCreaXTech 2008: The Web on the Move
Wednesday, April 1, 2009
Library Support
• C
• C#
• ColdFusion
• Java
• Javascript
• Jifty
• Maven
• .Net
• Objective-C
• OCaml
• Perl
• PHP
• Python
• Ruby
See http://oauth.net/code
Wednesday, April 1, 2009
Mobile retail software
designed for in-store retail tasks. E.g. stock
counting, receiving etc.www.handpoint.com
Dell Business Computers
Business Computer Powered By Intel®
Core™ 2 Duo On Sale Online, At Dellwww.nz.dell.com
New Zealand Site
Features 130,000 Members. Discover Why
It's So Popular!www.smilecity.co.nz
RECENT JOBS
POWERED BY JOBTHREAD
Mobile retail softwaredesigned for in-store
retail tasks. E.g. stock
counting, receiving etc.www.handpoint.com
Dell BusinessComputersBusiness Computer
Powered By Intel®
Core™ 2 Duo On Sale
Online, At Dellwww.nz.dell.com
New Zealand SiteFeatures 130,000
Members. Discover Why
It's So Popular!www.smilecity.co.nz
Original Thinking in ITIT Director Dennis
Stevenson takes on a
new blog series. Read it
here!Blogs.ITtoolbox.com
Rss 2.0RSS Readers for
Individuals & Businesses.
Get A Free RSS Reader.NewsGator.com/RSS_Readers
TEXT LINK ADS
InteractionDesignerSave people's livesand doctors' time.Design software thatimproves healthcare.careers.epicsystems.com
IBM Virtual Event,March 3–4IBM DynamicInfrastructure VirtualForum. Reduce costsand manage risk.ibm.com/virtualforum
RWW SPONSORS
Grab this swicki from eurekster.com
RWW READERS
Written by Marshall Kirkpatrick / February 10, 2009 2:33 PM / 22 Comments « Prior Post Next Post »
« Prior Post Next Post »
Dell Business Computers
Business Computer Powered By Intel® Core™ 2 Duo On
Sale Online, At Dellwww.nz.dell.com
How To Speed Up Your PC
Get A Free Download That Speeds Up Windows XP
Instantly. Your PC Will…www.PcErrorCleaner.com
New Zealand Site
Features 130,000 Members. Discover Why It's So Popular!www.smilecity.co.nz
Original Thinking in IT
IT Director Dennis Stevenson takes on a new blog series.
Read it here!Blogs.ITtoolbox.com
Comcast Property Sees 92% Success Rate With New
OpenID Method
The most-watched geek event of the day has to be the OpenID UX
(User Experience) Summit, hosted at the Facebook headquaters. The
most discussed moment of the day will surely be the presentation by
Comcast's Plaxo team.
Plaxo and Google have collaborated on an OpenID method that may
represent the solution to OpenID's biggest problems: it's too unknown,
it's too complicated and it's too arduous. Today at the User Experience
Summit, Plaxo announced that early tests of its new OpenID login
system had a 92% success rate - unheard of in the industry. OpenID's usability problems appear
closer than ever to being solved for good.
This experimental method refers to big, known brands where users were already logged in, it
requires zero typing - just two clicks - and it takes advantage of the OpenID authentication
opportunity to get quick permission to leverage the well established OAuth data swap to facilitate
immediate personalization - at the same time, with nothing but 2 clicks required of users.
Plaxo, primarily known for the noxious flood of spam emails it delivered in its early days, is now an
online user activity data stream aggregator owned by telecom giant Comcast. The Plaxo team has
been at the forefront of the new Open Web paradigm best known for the OpenID protocol.
The Flow
The method Plaxo has been testing is called an OpenID/OAuth combo, in collaboration with
Google. What does that mean, in regular terms? It means that Plaxo told users they could log in
with their Gmail accounts as OpenID by clicking a link to open a Gmail window, then Google
asked for permission to hand over user contact data using the OAuth standard protocol. Once
login was confirmed, whether contact data access was granted to Plaxo or not, the Gmail window
closed and users were returned to Plaxo all logged in. No new accounts, no disclosure of Gmail
passwords to Plaxo, no risky account scraping and no need to import or find friends on the new
service before immediate personalization could be offered.
This is a very different flow than most OpenID "relying parties" have followed before - but it won't
be for long.
The Success Rate
Plaxo reported today that it has seen a staggering 92% of users who clicked on the "log-in with
Gmail" button come back to Plaxo with permission to authenticate their identities via Gmail
granted. Of those who returned, another 92% also granted permission for Plaxo to access their
contacts list. Only 8% of the people who clicked to log in with a standards based 3rd party
authentication ended up deciding to bail instead. That's the kind of ease-of-use that people
presumed only Facebook Connect could provide.
When Plaxo engineers moved to turn off the short-term experiment, the business team said no
way.
We expect to see this basic flow get iterated on even further. We hope it will ensure that every
OpenID provider has some exposure and not just the big email providers, and we expect the pop-
up action to be made increasingly unobtrusive.
This could be the day when OpenID became a far more realistic prospect than it has seemed
before.
What an "RP" Wants
View more presentations from johnmccrea. (tags: josephsmarr #openidux)
Posted in Features, Identity, NYT, News and tagged with oauth, openID, usability
Comment Subscribe Print Digg Share
Leave a comment
Sign in to comment on this entry. (Optional)
Related Entries
What Are You Looking At? Google Details Results
of Eye Tracking Study
Google and Plaxo Combine OpenID and OAuth
for Improved Usability
Why Twitter's New Security Solution Could Pave
the Way to a Future Web of Mashups
Mozilla's Test Pilot: A Global Usability Lab for
Firefox
0 TrackBacks
TrackBack URL for this entry: http://www.readwriteweb.com/cgi-bin/mt/mt-tb.cgi/10211
Comments
Subscribe to comments for this post OR Subscribe to comments for all Read/WriteWeb posts
1. I don't really see the utility of OpenID. Lately everything with the "Open" prefix sounds cool,
even if there's no use for it =)
Managers Magazine
Posted by: Alberto López | February 10, 2009 3:40 PM
2. Very exciting demonstration of compelling benefits for end users, website operators, and
OpenID providers. Well done to Google and Plaxo.
Posted by: bkkissel.myopenid.com | February 10, 2009 3:52 PM
3. Maybe I don't entirely understand the innovation here, but isn't most of the simplicity in the
user interface being achieved by concentrating on a single OpenID provider? In other words,
isn't this just swapping Facebook for Google, rather than Facebook for OpenID?
Posted by: jeremiah | February 10, 2009 5:02 PM
4. jeremiah, if that's the case then the big news is just the oauth integration. I don't think this
has to be a case of "simple because choice is removed" - I think that multiple known brands
could be offered as choices with room for any provider. The innovation is in the simple
clicks to authorize information, the use of known entities, etc.
Posted by: Marshall Kirkpatrick | February 10, 2009 5:07 PM
5. This presentation -- and some of the comments left above -- feels much more like marketing
than research. Who cares what the protocols under the covers are? The demonstration
could've been done with LDAP.
There's nothing new here. Of course it's possible to improve the user experience by
requiring(or at least, making it exceptionally difficult not to use) a few major providers. That's
been done a thousand times over.
We're no closer to solving truly distributed federated identity than we were, and this if
anything pushes us actively further away. I want to see interface work can serve the world,
not the one or two big players in one sphere.
Posted by: ndk | February 10, 2009 5:20 PM
6. ndk - thanks for putting that out there. I'd like to see what some of the folks involved have to
say about your comment.
Posted by: Marshall Kirkpatrick | February 10, 2009 5:30 PM
7. @jeremiah, while this experiment was done specifically between Plaxo and Google, I agree
with Marshall that multiple known brands could be involved and that the real innovation was
simplifying and combining the steps of logging in and granting access to your data.
This experiment combines 1) creating a new account on Plaxo and entering profile data, 2)
verifying your email address and 3) granting Plaxo access to your address book. Before the
combination of OpenID and OAuth, you would be sent to Google two or three times: first to
login with your Google Account, second (if you didn't use OpenID) to Gmail to verify your
email address and third to grant Plaxo access to your Gmail address book.
Rather, this experiment with a hybrid of OpenID and OAuth combines these steps so that
the creation of a new account always includes the verification of your email address and
you're telling Google that you wish to provide Plaxo with access to your address book.
Posted by: David Recordon | February 10, 2009 5:40 PM
8. @ndk, I'd love to see an example of this being done with LDAP, including the granting
ongoing access to an API resource (the address book). I obviously strongly disagree with
your view that, "we're no closer to solving truly distributed federated identity than we were,"
but doubt that comments are going to be the best way to understand each other's
viewpoints.
Posted by: David Recordon | February 10, 2009 5:45 PM
9. I agree with ndk. Sure this could be done for other well-known brands... but note that caveat
carefully. Now tell me how having a few known brands be the ones that make OpenID easy
to use is a good thing.
OpenID is still a solution in search of a problem for most individuals. We use our browsers'
ability to remember credentials combined with cookies and a limited set of passwords to
address this. If I only have 1 or 2 username/password combinations to remember anyway...
what's the advantage of OpenID again?
Posted by: rick | February 10, 2009 5:49 PM
10. I think this is a really big deal. (But I'm biased, as I'm involved in it.)
This is the first time we're seeing OpenID that is driving our core business metrics. It's good
for users, good for Plaxo, good for Google, and implemented in a way that can be replicated
by any other sites of the web.
Posted by: John McCrea | February 10, 2009 5:51 PM
11. I obviously strongly disagree with your view that, "we're no closer to solving truly distributed
federated identity than we were," but doubt that comments are going to be the best way to
understand each other's viewpoints.
You're probably right, David, but I'll restate my point more fully for posterity here. Because:
1) It's extremely difficult to craft a good UX for N providers, making the button path -- used
by social bookmarks and the demonstration above alike -- very appealing;
2) The data necessary to build a value proposition, like a contact book, is not available
consistently from all providers;
3) There is no trust framework to support a diversity of providers.
Whatever the protocol under the seams, if the three above points are not comprehensively
addressed, I see an inexorable drift towards the "Top 4" that Joseph describes. Discovery is
the toughest and most important.
I'd love to see an example of this being done with LDAP, including the granting ongoing
access to an API resource (the address book).
This is tangential; I'm just pointing out that I'm not emotionally attached to protocols. They
grow, evolve, and die, but in the end aren't always that different from each other.
If you wanted to get imaginative with LDAP, perhaps one would provision a service DN for
each application, do LDAP auth of the user at the login page, change the user's contact list
ACL to permit reading by the service DN, transmit the username + timestamp to the service
in a query string encrypted using the service's public key, and then perform a simple LDAP
query(an API for retrieving data about a username, after all).
Obviously a dirty hack inferior to application of OAuth + OpenID, vulnerable to a few more
attacks by the service, and LDAP isn't viable for inter-realm use, but it'd work.
Posted by: ndk | February 10, 2009 6:26 PM
12. the username + timestamp
Brainfarted the slightly important "signed" word, sorry. :D But I'd rather not let that distract
from the core issue that rick articulated better than I: the UX being demonstrated here
naturally constricts the OP's to a select few, so I really don't think of it as progress.
Posted by: ndk | February 10, 2009 6:37 PM
13. Jeremiah and ndk what you're missing is that the bridge from identity to authorization to use
the contacts was done through a set of open protocols, Being able to go from an email
address to a known OpenID endpoint was a small part of the steps saved here.
If users can pick an identity provider from a list of obvious suspects or a known highly
correlated one for that site, as well as having a type-in box, this flow means that they will be
able to connect to a rich source of profile and contact information in one go, ratehr then the
multiple stage back and forth currently needed.
Posted by: Kevin Marks | February 10, 2009 11:34 PM
14. Oh sure, the meeting at Facebook as massive implications, our identities will finally be in our
control, the companies that attented will make billions more with that hybrid oauth/openid
thingy, yadda, yadda, yadda...
But without a doubt, the best thing to come from the meeting was this pic:
http://www.flickr.com/photos/wnorris/3270176733
Posted by: Todd | February 11, 2009 3:30 AM
15. ...oh yeah, and on the serious tip:
ndk said:
"...If you wanted to get imaginative with LDAP, perhaps one would provision a service DN
for each application, do LDAP auth of the user at the login page, change the user's contact
list ACL to permit reading by the service DN, transmit the username + timestamp to the
service in a query string encrypted using the service's public key, and then perform a simple
LDAP query(an API for retrieving data about a username, after all)."
Exactly! That's what I want to write an Oil Can script to do, for all Android phone's ( address
books in Android phones automatically sync'ed to Gmail BTW ). Decentralized and spread
out out, no single point of failure.
"...A distributed architecture for social networking? Existing social networks usually employ a
"hub and spoke" model, where the website is the hub of all activity within the network, and
where there is a "client" and a "server". Since all traffic must pass through the hub, that site
may become a bottleneck. Furthermore, each transaction must pass up one spoke to the
hub, and then down another spoke, when the people interacting may be much closer to
each other (in network terms) than either is to the hub site...
There is the opportunity to create an architecture that distributes the load to the devices
sitting in our coats and pockets, rather than solely on massively scalable Web sites. Such an
architecture would require better interoperability between social networking sites and mobile
devices than we have today, and should remove any dependence on an "always-on"
network connection."
http://www.w3.org/2008/09/msnws/papers/nokia-mobile-social-networking.html
Posted by: Todd | February 11, 2009 3:49 AM
16. thanks.
Posted by: söve | February 11, 2009 8:55 AM
17. For some reason I seem to get nervous when something is so wonderful that everyone buys
into it. Nothing is perfect. The real question is what are they not telling you about this new
system. We need enough information to decide if we want something or not. If all we get is
the good side, the other side could be worse than we can handle. This is the same mistake
that too many people made when investing with Madoff! Stop trying to hussle us and tell us
the real deal.
Posted by: Phil "Watching How This Goes" | February 11, 2009 8:57 AM
18. Prior to the work I'm currently doing with OpenID, OAuth, et al, I was deeply involved with
LDAP, SAML, and worked with ndk (commenter above) directly for a number of years. He
makes an excellent point based on this article. Unfortunately, this article covers only a small
facet of what was discussed at the UX Summit yesterday.
I think the thing to take away from the Plaxo numbers that Joseph presented is this: if we
can make the user experience as simple as two button clicks (that's really all it is), the ROI
for relying parties is incredible. The beauty of the Plaxo/Google demonstration was made
possible by open protocols (that really could have been anything, including LDAP), but more
importantly intelligent OP discovery. It demonstrated ONE way of doing intelligent discovery
-- that is, assuming that if the user used Google for their email, then there's a decent
chance that they would want to use Google as an authentication provider. As their numbers
show, this was a pretty accurate (although not 100% true) assumption.
The point is, if we can do intelligent discovery, the payback is huge. The true challenge, and
this is what was left out of the article, but was discussed during the rest of the UX Summit,
is how to do this discovery. No one is suggesting that the Plaxo/Google approach, or even
the "big four buttons" approach is the end-all, be-all solution to discovery. No one is saying
that. Plaxo's demonstration only underscores the importance of discovery, and it's problem
we have yet to solve.
Posted by: willnorris.com | February 11, 2009 2:03 PM
19. @willnorris said "if we can make the user experience as simple as two button clicks (that's
really all it is), the ROI for relying parties is incredible"
I think that's the key. Until yesterday, there had been little public discussion about
streamlining the OpenID login process for those not knowledgeable of what "OpenID" is. At
the end of the day, most users won't know that they're interacting with something that is
using the OpenID protocol, which is the way it should be.
Facebook Connect has proven that engagement rises and that there is a higher rate of new
registrations. The Plaxo example confirms this even more. This is great to see and I think
we are on the verge of a breakthrough which will make all registrations as simple as two-
clicks. This is awesome. OpenID ftw
Posted by: Nick O'Neill | February 11, 2009 2:23 PM
20. No one is suggesting that the Plaxo/Google approach, or even the "big four buttons"
approach is the end-all, be-all solution to discovery. No one is saying that. Plaxo's
demonstration only underscores the importance of discovery, and it's problem we have yet
to solve.
Thanks, Will. Your entire message is very much the right one to carry forward here, and
since I wasn't present, I'm glad to hear that more was present at the summit than just the
"Top 4" buttons.
It'd be great to get more earnest communication on innovative techniques being proposed to
prevent OpenID from falling further into the social bookmarking solution. No such details
have leaked out of the inner circles, and when all we see is presentations like this, the
discomfort of commentators not directly invested in the future of this technology is probably
understandable.
Posted by: ndk | February 11, 2009 2:28 PM
21.
Some really interesting comments.
I have long predicted that the next wave of social networking will be ALL sites offering social
elements so "friending" and commenting and the like is available everywhere.
This, to some degree, is already happening (I spend two hours every morning reading and
commenting all over the web) but it typically requires a separate identity on each site. And if
I wish to make my contacts aware of the article I need to drag their butts over to that
specific site first. This is all a pain.
So socialising the web will become a lot easier if a SINGLE existing identity can be used by
me across the whole web. OpenID offers this. What it doesn't do today, and what Facebook
Connect DOES do, is enable me to easily share what I am doing across the whole web with
my friends and contacts. Well, I say FBC does do it, no one is using it yet...
And a key reason is everyone would like to see something more "Open" allowing that so
they aren't tied into Facebook, which doesn't have a great reputation for protecting
investments for its third party developer partners.
What Plaxo and Google are showing is exciting, but is playing functional catch up with FBC
and will only geat REALLY exciting once they issue some code which you and I can
integrate into our sites to offer the same functionality.
By the way, I agree with the view that is arguably leading us down the wrong road
ultimately, as I would prefer to see a trusted, independent, non-profit body holding identity
and social graph information, which we then "lease" to sites we visit with a few clicks.
Although W3C is putting together a team to investigate this, encouragingly, it is still some
way off.
Ian Hendry
CEO, WeCanDo.BIZ
http://www.wecando.biz
Posted by: Ian Hendry | February 12, 2009 1:51 AM
22. Intereting article and exciting developments between Google and Plaxo. But ... I found the
comments more informative.
I agree with Ian Hendry, we need "a trusted, independent, non-profit body holding identity
and social graph information, which we then "lease" to sites we visit with a few clicks."
"The Plaxo/Google approach, or even the "big four buttons" approach" will become the "the
end-all, be-all solution to discovery." and I'll no longer be able to use my blog as a self-
provisioned OpenID.
Sicne the the user experience weill be "as simple as two button clicks (that's really all it is),
the ROI for relying parties is incredible." - @williamnorris
Posted by: Khürt | February 15, 2009 4:54 AM
Jr. Software Application
Analyst /...
Plano, TX
ASAP Staffing LLC
Applications
Programmer
Austin, TX
Team Int
Network Support
Engineer (706 - 38607)
Smyrna, GA
ASAP Staffing LLC
IT Administrator
McLean, VA
ROCS - Responsible
Outgoing College...
HP-UX System
Administrator (844 -
2131)
Chicago, IL
ASAP Staffing LLC
Travel Channel -
Supervising Producer,...
MD, MD
Cox Communications
Senior Front-
End/UI/AJAX Developer
New York, NY
Large Online Marketing
Firm
MORE JOBS >
POST A JOB >
Want to buy textlinks onReadWriteWeb?
Recent Visitors
You! Join Now.
發霉兔子
Inetgate
Adebuche
tempofeng
matthew s
See all 9,725 members...
Grab This! MyBlogLog
ReadWriteTalk Enterprise Jobwire About Subscribe Contact Advertise
RSS RWW Daily by Email
RSS RWW Weekly Wrap-up
Home Products Trends Best of RWW Archives
ReadWriteWeb
Yahoo! Buzz
advertise.php asp.net 2.0 web config best 10 mobile
contact.php Emerging Technologies Web 2.0 etherpad
fring g1 gender how image search Mediaset
Sues Google notebook Professional Widget Developers
semantic semantic google swicki vertical
search wordpress zoho
POPULAR TAGS
google facebook twitter iphone
microsoft search mobile yahoo
social media music video social
networking apple semantic web
myspace trends advertising rss
youtube friendfeed mobile web
amazon blogging enterprise firefox
data portability social networks
politics android digg lifestreaming
apps marketing adobe enterprise 2.0
security privacy app email startups
obama web apps api browsers cloud
computing news chrome open source
photos web office
Your email address
Your email address
Search ReadWriteWeb
Name
Email Address (required)
URL
Cc. this comment to FriendFeed
Remember personal info?
Comments (You may use HTML tags for style)
Preview Submit
Home | Products | Trends | Company Index | Best of RWW | Archives
ReadWriteWeb | ReadWriteTalk | Enterprise | Jobwire
About | Subscribe | Contact | Advertise
© 2003-2008 ReadWriteWeb
Wednesday, April 1, 2009
- that said, there are some positive signs here.- 92% of the people that they sent to login with OpenID came back successfully!
http://flickr.com/photos/factoryjoe/2545757754/
Wednesday, April 1, 2009
- you’re then asked to “find your friends” by forking over your email password - hell, we’re guilty of this as well! The good news is that email providers are starting to add OAuth enabled APIs so that we don’t have to do this anymore. - but it isn’t just about asking for passwords (we do .CSV upload too), but that your email address book isn’t really the friends you want on every website
Wednesday, April 1, 2009
- JSON based RESTful API to query address books, update them, etc. Two-way sync. - Built into OpenSocial’s REST API and lots of vendors looking at supporting it. - Think about vCard if it were modernized.
Since September
• Integrated with the OpenSocial REST People protocol
• Google, MySpace, hi5 and Plaxo are PoCo Providers
• Microsoft’s LiveFX Framework (sort of) supports PoCo
• Handful of PoCo consumers (including an Android app)
• Engaging the IETF around vCardDav compatibility
Wednesday, April 1, 2009
- Handful of
The Microformat XFNif users want to link accounts, allow it... they may even link to your
service from another profile
Wednesday, April 1, 2009
- but what can we build atop OpenID?
Wednesday, April 1, 2009
- Note the action stream on the left, powered by MT, aggregating what I want it to (blogs are evolving too)
Google’s Social Graph API
Wednesday, April 1, 2009
so how does this play out? let’s take a look at google’s social graph API
http://code.google.com/apis/socialgraph
Wednesday, April 1, 2009
Wednesday, April 1, 2009
- anyone can play with this... - Demo http://www.davidrecordon.com/ - Missing friends.js - Explore with attributes twitter.com/daveman692
Wednesday, April 1, 2009
Periodically checking for new people.
Wednesday, April 1, 2009
Dopplr - before with scraping people were paranoid about saving users’ passwords... so they trashed them after using them... with oauth, you can get ongoing access and then introduce people to their friends once they sign up
Friend Connect
Wednesday, April 1, 2009
open stack in a box... small site not wanting to do much programming...
Friend Connect
Wednesday, April 1, 2009
open stack in a box... small site not wanting to do much programming...
Friend Connect
Wednesday, April 1, 2009
open stack in a box... small site not wanting to do much programming...
Friend Connect
Wednesday, April 1, 2009
open stack in a box... small site not wanting to do much programming...
The challenge
• Develop a format for expressing activities
• Compelling experiences from activity feeds
• The zero-knowledge test
• etc.
Wednesday, April 1, 2009
The Benefits
• Staying in touch across the web
• An open, emergent ecosystem of activities
• Filtering, search, automation & stats
• Optimal, compelling, custom experiences
• Coalescing, merging, de-duping
• etc.
Wednesday, April 1, 2009
Dave RecordonWorst username evar.San Francisco, CAdavidrecordon.com
Contact detailsStatus updatesPhotosBookmarksBlogs
daveman692Six Apart
LocationMusicMoviesSlide presentationsEventsTravelLocal reviewsBooks
Add subscriptions
Your message (optional)Hi there! We met that conference last week. I’ve subscribed to your updates on my site.
-Chris
Access requires permission from Dave
Add contact
Inspired by Jyri Engeström
I say yes, and am asked which activity types Iʼm interested in...
Wednesday, April 1, 2009
Should any of the selected types be protected,I will be asked whether I want to request access
OKNo thanks
Dave’s contact details, photos and location are protected.
Would you like to request access to these items?
Please note that Dave may deny your request.
Wednesday, April 1, 2009
If I say OK, an OAuth request will be sent which Dave will later be able to approve, deny or ignore
Wednesday, April 1, 2009
...And if Dave later approves my request, his protected activities will show up too
Wednesday, April 1, 2009
Before I’m sent back, I’m asked whether I want to authorize Stammer to postback my activities
OKDecide later
Stammer can post the activities you take on their site to your profile.
Would you like to allow this?
If you’re not sure, you can decide later. These activities will not be made public unless you want them to be. You can always revoke this permission later.
Wednesday, April 1, 2009
If I say yes, I am returned to Stammer, authenticated. As I use the site, my actions are
posted to my activity stream
Wednesday, April 1, 2009
If I defer, I am returned to Stammer, authenticated. As I use the site, my actions are posted to my
activity dashboard, where I can choose to share my activities later
Wednesday, April 1, 2009
<entry> <id>tag:photopanic.example.com,2008:activity01</id> <title>Geraldine posted a Photo on PhotoPanic</title> <published>2008-11-02T15:29:00Z</published> <link rel="alternate" type="text/html" href="/geraldine/activities/1" /> <activity:verb> http://activitystrea.ms/schema/1.0/post </activity:verb> <activity:object> <id>tag:photopanic.example.com,2008:photo01</id> <title>My Cat</title> <published>2008-11-02T15:29:00Z</published> <link rel="alternate" type="text/html" href="/geraldine/photos/1" /> <activity:object-type> tag:atomactivity.example.com,2008:photo </activity:object-type> <source> <title>Geraldine's Photos</title> <link rel="self" type="application/atom+xml" href="/geraldine/photofeed.xml" /> <link rel="alternate" type="text/html" href="/geraldine/" /> </source> </activity:object> <content type="html"> <p>Geraldine posted a Photo on PhotoPanic</p> <img src="/geraldine/photo1.jpg"> </content></entry>
Wednesday, April 1, 2009
<entry> <id>tag:photopanic.example.com,2008:activity01</id> <title>Geraldine posted a Photo on PhotoPanic</title> <published>2008-11-02T15:29:00Z</published> <link rel="alternate" type="text/html" href="/geraldine/activities/1" /> <activity:verb> http://activitystrea.ms/schema/1.0/post </activity:verb> <activity:object> <id>tag:photopanic.example.com,2008:photo01</id> <title>My Cat</title> <published>2008-11-02T15:29:00Z</published> <link rel="alternate" type="text/html" href="/geraldine/photos/1" /> <activity:object-type> tag:atomactivity.example.com,2008:photo </activity:object-type> <source> <title>Geraldine's Photos</title> <link rel="self" type="application/atom+xml" href="/geraldine/photofeed.xml" /> <link rel="alternate" type="text/html" href="/geraldine/" /> </source> </activity:object> <content type="html"> <p>Geraldine posted a Photo on PhotoPanic</p> <img src="/geraldine/photo1.jpg"> </content></entry>
updated?
Wednesday, April 1, 2009
Builds on the Open Stack
Wednesday, April 1, 2009
- Incorporates existing standards to do things like portable contacts
Three Main APIs
• Activities (what people are doing on a site)
• People and Profile information
• Persistent data storage (joined across friends)
• Containers are free to add their own APIs such as photos
Combination of JavaScript, REST, templates, and proxied HTML
Wednesday, April 1, 2009
- Containers do the heavy database lifting for you - Core people is name, uid, photo and profile url
Wednesday, April 1, 2009
- A write once, run anywhere social application platform- boasting over 350 million potential active user reach last year, up to over 500 million this year with Facebook crossing 150 million monthly active users
Containers
Wednesday, April 1, 2009
- lots of social networks all over the world - most people only see the ones that they belong to
Run like open source
Wednesday, April 1, 2009
- Future roadmap isn’t run by [Google|MySpace], but by the community on the mailing list and what consensus there is
Container Code
Wednesday, April 1, 2009
- Production worthy reference implementation in Java - Java and PHP open source libs - Complaint with OpenSocial v0.8.1
REST LibrariesNext Blog» Create Blog | Sign InSEARCH BLOG FLAG BLOG
Copyright © 2008 Google Inc. All rights reserved.Privacy Policy | Terms of Service
Newer Post Older Post
OpenSocial now friends with PHP, Java, Ruby, and PythonWednesday, December 17, 2008 at 11:49:00 AM
With more and more containers introducing server-to-server APIs based on the OpenSocial REST andRPC protocols (think MySpace, LinkedIn, Plaxo, orkut, and iGoogle just for starters), it has never been abetter time to jump into OpenSocial development. These new protocols allow you to write engaging socialapplications for these containers using the language of your choice -- JavaScript is no longer the onlyoption.
To help you get started using the OpenSocial REST and RPC protocols, we have assembled a set ofclient libraries for PHP, Java, Ruby and Python. Each library enables developers to retrieve profileinformation and persistent data from supporting containers without having to concern themselves withmanaging network connections, signing requests, or other lower-level details. To check out the code,point your browsers to the Source tab linked from each project's home page:
OpenSocial PHP Client LibraryOpenSocial Java Client LibraryOpenSocial Ruby Client LibraryOpenSocial Python Client Library
These libraries are completely open sourced under the Apache 2.0 license, and contributions are not onlywelcomed but encouraged. In addition to a wiki page explaining the patch submission process, eachproject hosts an issue tracker which have already been populated with known issues and requestedenhancements. These trackers are the best places to start if you're interested in contributing to aparticular project. Please report any new bugs or incompatibilities you find along with any feature requestsusing these trackers and be sure to star those reported by other developers which are significant to yourown development also so they can be prioritized effectively.
To help get you started, we have assembled a set of sample applications, linked from the project wikipages, which you can run directly from the command line or your favorite IDE. As an added bonus, theRuby and Python libraries have accompanying full-featured sample applications which you can run insidecontainers supporting the OpenSocial REST protocol. These larger samples are checked in to theSubversion repository under "Samples" and include a bootstrap mechanism for securely retrieving the IDof the current viewer before the core application loads, which you can use as a template for your owncontainer-based applications.
For general questions and commentary, we have set up a discussion group to help build the developercommunity around the libraries. The original engineers of each library are already members of the group,so feel free to ask the tough questions. :) We will also be hosting a special session of IRC office hoursnext Monday, December 22 from 1:00 to 3:00 (PST) so you can share your feedback with us directly.The official OpenSocial IRC channel is located at irc://irc.freenode.net/#opensocial.
We're really excited to see the next generation of social applications that the OpenSocial server-to-serverAPIs enable, and we hope the client libraries ease you along your development journey. Please give thelibraries a spin, file any issues you see, and stop by the IRC channel next week to get your questionsanswered. See you there!
Posted by Jason Cooper, Developer Programs
Permalink
2 comments:
Uday Bhaskar said...
Great!
00:41
Wen Qi said...
Sounds Good!
00:36
Post a Comment
Links to this post
Best of this Week Summary 29 December - 11 January 2009
速攻で作る OpenSocialアプリ Daily Digest for 2008-12-29
OpenSocial en Java, PHP, Python y Ruby
OpenSocial Java, PHP, Python, and Ruby Libraries Released
REST and RPC protocols available on the sandbox
Google Gadgets’ URL content type: handy thing
OpenSocial now friends with PHP, Java, Ruby, and Python
Google released OpenSocial client libraries - REST and RPC support ...
REST and RPC support in the developer sandbox
Create a Link
Home
Search
powered by
Site Feed
Subscribe via email
Enter your email
address:
Subscribe
Delivered by
FeedBurner
Archives
Archives
More Blogs fromGoogle
Visit our directory for
more information about
Google blogs.
Labels
adobe (1)
app. pixverse (1)
appengine (1)
argentina (1)
brazil (1)
buenos aires (1)
china (1)
container (1)
developer (2)
events (5)
globant (1)
GSPEast08 (1)
hackathons (3)
hi5 (3)
interview (3)
joyent (1)
meetup (1)
mentez (2)
myspace (1)
opensocial (9)
orkut (4)
sao paulo (1)
sonico (1)
tutorials (1)
video (2)
vostu (1)
We Love Feedback
Do you want to respond
to a post or give us
feedback? The
discussion group awaits.
OpenSocialOverview
OpenSocial Home
Who's Using It?
Building Social Apps
Hosting OpenSocial
Apps
OpenSocial API
OpenSocial API Docs
JavaScript Developer's
Guide
JavaScript API Reference
Other Resources
Google Code
Build Apps for Orkut
Gadget API Docs
More Google DevBlog Posts
更新的中文版本的AdWords API!明文件最近"行了Google Developer Blog - China
谷歌中国开"者网站博客
OpenSocial App
Developer Mentez
Expanding into China
OpenSocial API Blog
Android Market update:
priced applications for
US users
Android Developers Blog
OpenStreetMap's New
API Database Server
Google Open Source Blog
¿Cómo contactar con
Google?
El Blog para Webmasters
Read more...
OpenSocial API blog is
powered by Blogger.
Start your own weblog.
http://icanhaz.com/opensocialcode
Wednesday, April 1, 2009
Home News Help
Sign in
About:
This OpenSocial application provides the ability to write and save JavaScriptcode samples to execute against OpenSocial containers. This helps rapidlytest sample OpenSocial code.
Code samples can be saved and loaded. You can give other developers linksto code samples for instructional or debugging purposes.
Available on the following containers (click to use):
Versions:
OpenSocial 0.7This version is compatible with containers supporting version 0.7 of the OpenSocial API. [ View XML ]
OpenSocial 0.8This version is compatible with containers supporting version 0.8 of the OpenSocial API. [ View XML ]
http://osda.appspot.com/Wednesday, April 1, 2009
navigation
Main Page
Containers
JS API Reference
Articles & Tutorials
Contributing
Recent changes
Random page
Help
toolbox
What links here
Related changes
Upload file
Special pages
Printable version
Permanent link
discussion view source history
Log in / create account
Building an OpenSocial App with Google App Engine
Lane LiaBraaten, Google Developer Programs\ September 2008
While you can write OpenSocial apps that run solely in JavaScript and use the Persistence API to store data on the container, many
OpenSocial apps communicate with a third-party server for data storage or application logic. Integrating with your own third-party server allows
you to add new dimensions to your app, like providing a data API, hosting static content, or allowing configuration through an admin console.
In this article, we'll build an app that is similar to the gift-giving application built in the OpenSocial tutorial . When a user views the app, they
see a drop-down menu of gifts (such as a peanut, or a red pistachio nut) and another drop-down menu containing a list of their friends. The
user can give any of these gifts to a friend and the gift transaction will be displayed. The app will also display any gifts that the user has
received. You can find all the source code used to run this application in the opensocial-gifts project on Google Code Project Hosting. You
can also install this app on the orkut sandbox.
The original gift-giving app is built using 100% client-side OpenSocial code and is therefore subject to a number of limitations imposed by the
container rendering the app, such as the amount of data the container will let you store, and the access controls related to when you can read
and write data. With Google App Engine, you can manage all this data on an external server, freeing your app from any constraints imposed by
the container. Viva la revolución!
Contents [hide]
1 Audience
2 Architecture
2.1 Google App Engine app (app.yaml and gifts.py)
2.2 Database model (db_model.py)
2.3 Admin interface (admin.py)
2.4 JSON data API (api.py)
2.5 OpenSocial application spec (gifts.xml)
3 Setting up a Google App Engine app
4 Using Google App Engine to store data
4.1 Defining the data model
4.2 Populating the datastore
4.3 Accessing the datastore
5 A simple Google App Engine web interface
5.1 Creating a request handler
5.2 Forwarding requests
5.3 Identifying the user
page
search
Go Search
http://bit.ly/osgaeWednesday, April 1, 2009
A Sample Gadget<?xml version="1.0" encoding="UTF-8"?><Module> <ModulePrefs title="Gifts part 1 - Friends"> <Require feature="opensocial-0.8"/> <Require feature="dynamic-height" /> </ModulePrefs> <Content type="html"> <![CDATA[ <script type="text/javascript">function loadFriends() { var req = opensocial.newDataRequest(); req.add(req.newFetchPersonRequest(opensocial.IdSpec.PersonId.VIEWER), 'viewer'); var viewerFriends = opensocial.newIdSpec({ "userId" : "VIEWER", "groupId" : "FRIENDS" }); var opt_params = {}; opt_params[opensocial.DataRequest.PeopleRequestFields.MAX] = 100; req.add(req.newFetchPeopleRequest(viewerFriends, opt_params), 'viewerFriends'); req.send(onLoadFriends);}
function onLoadFriends(data) { var viewer = data.get('viewer').getData(); var viewerFriends = data.get('viewerFriends').getData();
html = new Array(); html.push('<ul>'); viewerFriends.each(function(person) { if (person.getId()) { html.push('<li>', person.getDisplayName(), '</li>'); } }); html.push('</ul>'); document.getElementById('friends').innerHTML = html.join(''); gadgets.window.adjustHeight();}
function init() { loadFriends();}
gadgets.util.registerOnLoadHandler(init); </script> <div id='main'> Your friends: <div id='friends'></div> </div> ]]> </Content></Module>
Wednesday, April 1, 2009
Stop leaking passwords!2.
Markup existing public data.1.
Support OpenID & OAuth.3.
Wednesday, April 1, 2009
- three simple things you can do today - and #4 pay attention to this space by watching...
Wednesday, April 1, 2009
- nothing like pimping your weekly video podcast - we talk about a bunch of this stuff, have great guests explaining what they’re working on and how it fits in
thesocialweb.tv
Wednesday, April 1, 2009
- nothing like pimping your weekly video podcast - we talk about a bunch of this stuff, have great guests explaining what they’re working on and how it fits in