The document discusses the evolution of social web technologies towards more open and decentralized standards like OpenID, OAuth, and portable contacts. It describes the pain points that these standards aim to address, such as users having to repeatedly sign up and re-enter information across different social networks. It outlines how these standards are being adopted by major players and are helping to realize the vision of giving users control over their own social data and identity.
Report
Share
Report
Share
1 of 240
Download to read offline
More Related Content
Implementing the Social Web
1. Implementing the
Social Web
with OpenID, OAuth, and All That Jazz!
David Recordon, Chris Messina, & Joseph Smarr March 31, 2009
Web 2.0 Expo San Francisco
Wednesday, April 1, 2009
- CHRIS
2. About Us
chrismessina daveman692 jsmarr
Wednesday, April 1, 2009
3. All of you?
Wednesday, April 1, 2009
- developers? designers? product peoples? <shout it out>
- What questions/problems do you have?
5. Wednesday, April 1, 2009
- the social web is pretty repetitive today, the irony is that the web is a decentralized thing
but so many social pieces are only centralized
- Pain is being felt by early adopters and even mainstream users.
- video by the group Data Portability last year which is one of the best summaries of this
8. Wednesday, April 1, 2009
- you fill out this long form time and time again
- Digg has since simplified it, but really...12 fields all with an asterisk next to them!
9. http://flickr.com/photos/factoryjoe/2545757754/
Wednesday, April 1, 2009
- you’re then asked to “find your friends” by forking over your email password
- hell, we’re guilty of this as well! The good news is that email providers are starting to add
OAuth enabled APIs so that we don’t have to do this anymore.
- but it isn’t just about asking for passwords (we do .CSV upload too), but that your email
address book isn’t really the friends you want on every website
10. Wednesday, April 1, 2009
- then you create content yet it’s not shared outside of the site that you created it on
11. http://www.flickr.com/photos/jagelado/16631508/
Wednesday, April 1, 2009
- So, how’d we get here?
- A few years ago this was the status quo, but even Microsoft has come a long way!
- Open Source is everywhere (Wikia refuses to run software in their data center that isn’t
Open Source)
12. http://www.illustratorworld.com/artwork/2238/
Wednesday, April 1, 2009
Browser Wars once people started really seeing the business value of getting stu online
- More interested in the quot;second browser warquot;
- WHATWG (HTML 5, Google Gears)
- Turned from open source to the data behind it
13. “Open Data is increasingly
important as services
move online.”
—Tim O'Reilly (OSCON '07)
Wednesday, April 1, 2009
- Hosted services change the quot;openquot; game. If I’m using Gmail I care less about running my
own copy of Gmail and more about having access to all of my email ofline or if I want to
switch providers.
- It used to be about source code, now it's about open data as applications are moving to
the cloud
14. data inside!
“It’s like flying on an iPhone!”
http://flickr.com/photos/sathishcj/1868113345/
Wednesday, April 1, 2009
- and you need this data everywhere!
15. Wednesday, April 1, 2009
- A bunch of data formats were developed the past few years to try to shepherd all this stu!
- RSS and Atom for feeds, RDF for semantic data, Microformats for social data already in
pages, OPML for lists of things, KML for geo data, etc
16. My 20+ Social Networks
Wednesday, April 1, 2009
- but, social networks are only more recently running into these problems.
- wasn’t really until 2007 when Brad Fitzpatrick and I wrote a piece on the social graph that
people really had a concerted eort around decentralizing social networks and their data
17. My 20+ Social Networks
Wednesday, April 1, 2009
- but how did we get here?
18. Wednesday, April 1, 2009
- Might have the FriendSter castle, or maybe the MySpace castle, or the Facebook one. All
with big moats around them keeping them separate from one another.
19. Wednesday, April 1, 2009
- Then we got sites like Ning focused on making it easy to create your own castle.
- With Ning in the middle connecting them.
20. Wednesday, April 1, 2009
Social Network Risk! (from Nov 2008)
- Hi5 gains Cyprus from Facebook
- MySpace gains Puerto Rico from Facebook
- Facebook gains Libya from MySpace
- Facebook regains Cyrpus from Hi5
- and it goes on...
21. Social Applications
• Each with a few great features
(UNIX philosophy)
• Creating combined value
• Building blocks for new value
• No social graph of their own!
http://www.slideshare.net/stoweboyd/building-social-applications
Wednesday, April 1, 2009
- Around the same time...
- Combined value as they don't compete to do everything, rather compete within their area
of expertise
- Exhaserbated the problem of finding friends
- Let me restate that point, these guys *do not* want to have their own social graph...but to
use ones that already exist
22. Wednesday, April 1, 2009
- Facebook Platform came about, meaning your source could run within their site and your
data could interact with their social data
- but then went down the path of world domination...
24. Wednesday, April 1, 2009
- look like anything you recognize?
- people not happy with this. facebook was trying to dominate the world
25. Portable Contacts
About
The vision for Portable Contacts has been around for a long time. Sites large and
small share the goal of providing users a secure way to access their address books
and friends lists without having to take their credentials or scrape their data. But
only in recent weeks has it begun to feel that now is the right time to rally the
community and the industry to work together to make this vision real by
developing an open spec for exchange of contact info that everyone can embrace.
Why now?
The momentum began building for 'data portability' last year, and we are now at a
point where there is strong support for the principle that users should be in
control of their data and have the freedom to access it from across the web. And
the major players have all recognized that they and their users are better off with
secure contacts APIs (rather than having third-party services ask for users'
credentials in order to scrape their data). As a result, we're seeing major Internet
companies making contacts APIs available, such as Google's GData Contacts API,
Yahoo's Address Book API, and Microsoft's Live Contacts API (with more to come).
Not surprisingly though, each of these APIs is unique and proprietary. We believe
this creates the ideal conditions for developing a common, open spec that
everyone can benefit from. Just as OAuth has provided a standard to unify the
various proprietary schemes for delegated authorization, we believe we can do the
same thing for securely sharing address book and friends list data.
Goals
The goal of Portable Contacts is to make it easier for developers to give their users
a secure way to access the address books and friends lists they have built up all
a c tivity stre a .m s
over the web. Specifically, we seek to create:
A common access pattern and contact schema that any site can provide
Well-specified authentication and access rules
D isc uss.
Standard libraries that can work with any site
and absolutely minimal complexity, with the lightest possible toolchain
A n in itia tive fro m th e D iS o P ro je c t.
requirements for developers.
F irst d ra ft spe c s: A c tivitie s in A to m ; A c tivity S c h e m a .
A measure of our success will be the elimination of the quot;password anti-pattern,quot; by
making it far easier to implement Portable Contacts than to engage in scraping, as
well as a dramatic increase in the number of sites that both provide and consume
who-you-know data.
Our Approach
Our design is focused around ease of adoption, which means a few things. First,
our emphasis is on simplicity of design and targeted use cases. For example,
version 1 is simply about access, and defers for now on the more complex issues
around update and sync. Second, we're taking a modern approach to who-you-
know data by unifying traditional contact info and social network data, in order to
properly represent the current diversity of the social web ecosystem. Third, we're
using existing standards wherever possible, including vCard, OpenSocial, XRDS-
Simple, OAuth, etc. And lastly, we're designing something that should be easy for
current service providers to adopt. We started by reviewing all the major existing
contacts APIs and targeting the capabilities that they all share and provide. We
believe this pragmatic balance is the best and quickest way to achieve our shared
goal of widespread adoption.
Here is the current draft spec, the wiki, and the mailing list.
This project is being undertaken by Joseph Smarr, Chris Messina, and others.
Wednesday, April 1, 2009
- Lots of technologies coming out of this evolution to try and solve these pain points
- all developed by communities
- all building on existing technologies
26. Wednesday, April 1, 2009
- but more than just tech, starting to build with these individual blocks.
- Action Streams for Movable Type was really the first self hosted consumer friendly version
of things like Facebook Newsfeed
27. About
DiSo Project
Blog
Links
Chat
Open, distributed, social.
Find
Blogroll
Silo free living.
Chris Messina
Stephen Paul Weber
Social networks are becoming more open, more interconnected, and more distributed. Many of us
Steve Ivy
in the web creation world are embracing and promoting web standards - both client-side and
Will Norris
server-side. Microformats, standard APIs, and open-source software are key building blocks of
these technologies. This model can be described as having three sides: Information, Identity, and
DiSo - Distributed
Interaction.
Diso Code
DiSo on Flickr
DiSo (dee • soh) is an initiative to facilitate the creation of open, non-proprietary and
DiSo on Ma.gnolia
interoperable building blocks for the decentralized social web.
DiSo on Twitter
DiSo Wiki
Our first target is WordPress, bootstrapping on existing work and building out from there.
So what does that mean?
DiSo Project
We’re building Wordpress plugins that implement or build on: Visit this group
microformats like XFN, hCard, XOXO — wp-contactlist, wp-profiles Archives
OpenID — wp-contactlist, wp-openid-server June 2008
OAuth May 2008
…and others December 2007
Meta
Register
Log in
WordPress | Sandbox
Wednesday, April 1, 2009
- getting to the point where you’re able to easily start hosting your own
- DiSo starting with building social stu on top of WordPress, we’ve been building similar
things with Movable Type and working with the DiSo project in doing so
- DiSo today is under taking more specification work than code work as they’re finding gaps
with the wider community
28. Wednesday, April 1, 2009
- In the past year, not just underlying tech has emerged, but also developer toolkits
- A few years ago developer tools talked about supporting AJAX or the latest version of CSS,
now they’re talking about all these social technologies
29. “Connect”
Wednesday, April 1, 2009
- JOSEPH
- whether it be Facebook Connect, TypePad Connect, MySpace MyID, Google Friend Connect
they’re all about connecting cloud service with distributed sites
30. Viewing
Virtuous Cycle of Sharing
Sharing
Wednesday, April 1, 2009
- facebook knows this very well and is probably doing it the best
31. New building blocks
Who I am
Who I know
What’s going on
Wednesday, April 1, 2009
New building blocks help to establish WHO I AM, WHO I KNOW and WHAT’S GOING ON in a
reusable way.
32. Anatomy of “Connect”
• Profile (identity, accounts, profiles)
• Relationships (followers, friends, contacts)
• Content (posts, photos, videos, links)
• Activity (poked, bought, shared, blogged)
• Goal: Discovery of people and content
Wednesday, April 1, 2009
- If done right, OpenID, OAuth, Portable Contacts, Activity Streams are all pieces of connect
applications
33. Wednesday, April 1, 2009
- but, where did this leave the social networks
- this was how I ended in september, but we’re starting to move ahead
34. Evolving the Open Stack
Mashups OpenSocial
...
Attributes Contacts
OpenID/AX Portable Contacts
Authentication Access Control
OpenID/Auth OAuth
Metadata Discovery YADIS, XRDS-Simple, XRD
Unique Identifiers URLs, email addresses
As proposed by Johannes Ernst
Wednesday, April 1, 2009
lots of industry examples here making use of The Open Stack.
OpenSocial -- OpenID, OAuth, microformats...
Facebook -- apps, moving osite with connect... open sourcing components/platform
Friend Connect -- answer to Facebook, implements opensocial
MySpace DA -- way to get data in/out of MySpace; heavy on the TOS
Y!OS -- new Y! strategy to open up, including social APIs + lots of OAuth + OpenID
MT OS -- OpenID, OAuth, plugins make use of XRDS-Simple
DiSo -- facilitating plugins for WordPress, Drupal, MT... etc
also: android for mobile dev/capable browsers rendering engines (webkit++)
35. Portable Contacts
About
The vision for Portable Contacts has been around for a long time. Sites large and
small share the goal of providing users a secure way to access their address books
and friends lists without having to take their credentials or scrape their data. But
only in recent weeks has it begun to feel that now is the right time to rally the
community and the industry to work together to make this vision real by
developing an open spec for exchange of contact info that everyone can embrace.
Why now?
The momentum began building for 'data portability' last year, and we are now at a
point where there is strong support for the principle that users should be in
control of their data and have the freedom to access it from across the web. And
the major players have all recognized that they and their users are better off with
secure contacts APIs (rather than having third-party services ask for users'
credentials in order to scrape their data). As a result, we're seeing major Internet
companies making contacts APIs available, such as Google's GData Contacts API,
Yahoo's Address Book API, and Microsoft's Live Contacts API (with more to come).
Not surprisingly though, each of these APIs is unique and proprietary. We believe
this creates the ideal conditions for developing a common, open spec that
everyone can benefit from. Just as OAuth has provided a standard to unify the
various proprietary schemes for delegated authorization, we believe we can do the
same thing for securely sharing address book and friends list data.
Goals
The goal of Portable Contacts is to make it easier for developers to give their users
a secure way to access the address books and friends lists they have built up all
a c tivity stre a .m s
over the web. Specifically, we seek to create:
A common access pattern and contact schema that any site can provide
Well-specified authentication and access rules
D isc uss.
Standard libraries that can work with any site
and absolutely minimal complexity, with the lightest possible toolchain
A n in itia tive fro m th e D iS o P ro je c t.
requirements for developers.
F irst d ra ft spe c s: A c tivitie s in A to m ; A c tivity S c h e m a .
A measure of our success will be the elimination of the quot;password anti-pattern,quot; by
making it far easier to implement Portable Contacts than to engage in scraping, as
well as a dramatic increase in the number of sites that both provide and consume
who-you-know data.
Our Approach
Our design is focused around ease of adoption, which means a few things. First,
our emphasis is on simplicity of design and targeted use cases. For example,
version 1 is simply about access, and defers for now on the more complex issues
around update and sync. Second, we're taking a modern approach to who-you-
know data by unifying traditional contact info and social network data, in order to
properly represent the current diversity of the social web ecosystem. Third, we're
using existing standards wherever possible, including vCard, OpenSocial, XRDS-
Simple, OAuth, etc. And lastly, we're designing something that should be easy for
current service providers to adopt. We started by reviewing all the major existing
contacts APIs and targeting the capabilities that they all share and provide. We
believe this pragmatic balance is the best and quickest way to achieve our shared
goal of widespread adoption.
Here is the current draft spec, the wiki, and the mailing list.
This project is being undertaken by Joseph Smarr, Chris Messina, and others.
Wednesday, April 1, 2009
- these technologies are actually taking root!
- call it competitive pressure, call it facebook being on top and others being jealous, I don’t
care what you call it
- it is happening!
36. Why do people have to...
• create a new account on every service?
• re-create their profile?
• give away their passwords to every site that asks?
• re-discover their friends?
• re-friend their friends!
• learn new ways to share and communicate?
Wednesday, April 1, 2009
summary of problems... SNS routines
37. Why do developers have to...
• deal with [forgotten!] passwords?
• create yet another profile form?
• support every new service API that comes out?
• force members to invite everyone they know?
• implement an unsafe method for importing contacts?
• create widgets for incompatible social networks?
• manually interpret feeds for activity streams?
Wednesday, April 1, 2009
38. So...
How will our customers benefit?
How will developers?
Wednesday, April 1, 2009
- CHRIS
39. Industry Trends
User control of data
User-centric web services, real identity becoming the norm
Location-enhanced services
Real-time content delivery, ubiquitous connectivity
Interoperable application platforms
Content aggregation and syndication
Increasing quantities of data to work with
Democratization of digital media creation tools
Wednesday, April 1, 2009
let’s look at some industry trends...
41. Why is this even an option?
Wednesday, April 1, 2009
why is this even an option? we’re in a transitional period moving from computer-based
identifiers to human-friendly ones.
42. Wednesday, April 1, 2009
moving towards interfaces that support real names, and real identity
44. ...It's the same paradigm promised by OpenID and its
companion open-source technologies being developed by
Google, MySpace, Yahoo, Plaxo and other key players on the
social web. But where Facebook Connect is heading towards
mass adoption on mainstream sites like Digg, OpenID is
currently bogged down by several issues, the largest of
which is poor usability.
Source: http://blog.wired.com/business/2008/12/as-facebook-con.html
Wednesday, April 1, 2009
- MySpace is building the same stu as Facebook using open standards; OpenID, OAuth and
OpenSocial
45. Wednesday, April 1, 2009
demo of 8bitmusic flow from http://8bitmusic.jdavid.net/
46. chris@domain.com
••••••••
Wednesday, April 1, 2009
demo of 8bitmusic flow from http://8bitmusic.jdavid.net/
47. Wednesday, April 1, 2009
demo of 8bitmusic flow from http://8bitmusic.jdavid.net/
48. Wednesday, April 1, 2009
demo of 8bitmusic flow from http://8bitmusic.jdavid.net/
49. For Developers | Discuss | Demand | OpenID Foundation | Worldwide
What Where How
is OpenID? can I use it? do I get one?
« PayPal joins OpenID Foundation Board as we enter 2009
Facebook joins OpenID Foundation Board with a commitment to better
user experience
Posted February 5th, 2009 at 11:30 pm GMT by David Recordon and Chris Messina
Today we’re excited to join Facebook’s Mike Schroepfer in announcing
that they have joined the OpenID Foundation’s board as a sustaining
corporate member.
Luke Shepard, a key member of Facebook’s Platform and Connect
teams and a huge internal advocate for OpenID, has been selected as their representative and joins
the current board of seven community elected board members and six sustaining corporate members:
Google, IBM, Microsoft, PayPal (joined last week), VeriSign and Yahoo!. Additionally, to maintain the
ratio of community and corporate board members, Joseph Smarr will be joining the board as our
eighth community member.
As the OpenID community entered 2009 two key topics have become the focal points on the road to
mainstream adoption: user experience and security.
Given the popularity and positive user experience of Facebook Connect, we look forward to Facebook
working within the community to improve OpenID’s usability and reach. As a first step, Facebook will
be hosting a design summit next week at their campus in Palo Alto which follows a similar summit on
user experience hosted at Yahoo! last year. The summit will convene some of the top designers from
Facebook, the DiSo Project, Google, JanRain, MySpace, Six Apart and Yahoo!, focusing on how existing
OpenID implementations could support an experience similar to Facebook Connect.
Facebook’s financial contribution along with its membership on the board signals the company’s
enthusiasm to work more closely with the OpenID community, building up momentum towards their
adoption of OpenID as a standard. Facebook furthering its commitment to openness couldn’t have
come at a better time to make 2009 an amazing year for OpenID and the wider social web.
For press contacts, please call OpenID Foundation board members David Recordon at 503.341.3009
or Chris Messina at 412.225.1051.
Wednesday, April 1, 2009
- CHRIS
And then two months ago this space changed with Facebook starting to embrace open
standards and APIs by them now fitting into their strategy.
50. Documentation Community Resources Tools News
News
Developer Blog Press Platform Updates
Opening Up Facebook Status, Notes, Links, Recent News
Share
Archived Posts
and Video to Facebook Platform Opening Up Facebook Status, Notes,
2009 4:54PM, Friday Feb 6th Links, and Video to Facebook Platform
February (3) Published by Chris Putnam February 6, 2009
January (8)
We're launching several new APIs for Facebook Platform today. These new
2008 Next Steps in Openness
interfaces open up access to the content and methods for sharing through
December (12) February 5, 2009
several Facebook Applications -- including Facebook Status, Notes, Links (what
November (8)
we used to call Posted Items), and Video -- to go along with the APIs already Postcards from January Garages
October (3)
available for uploading and viewing through Facebook Photos. We've seen February 2, 2009
September (6)
increasing engagement with over 15 million users updating their status each
August (7)
day and sharing over 24 million links per month. We wanted to make sure this January Platform News
July (15)
January 31, 2009
content and the ability to share this content was available through our
June (8)
standard APIs.
May (11) Try Out the New FBJS
April (7) January 30, 2009
Specifically, your applications can now directly access all of a user's status,
March (7)
links, and notes via new methods and FQL calls. Your application will have
February (9) Facebook Connect and Apple’s iPhoto
access to any status, notes, or links from the active user or their friends that
January (11) ’09
are currently visible to the active user. In addition, we're opening new APIs for
2007 January 29, 2009
you to post links, create notes, or upload videos for the current user, and
December (5)
we've made setting a user's status easier. Shalom from Facebook Developer
November (5)
Garage Israel!
October (10) We're pretty excited to see what kinds of ideas you can come up with to help
January 16, 2009
September (4) users create and share more content. For example, a travel application could
August (5) make it really easy for users to create and share notes and upload photos and Changes in Facebook Platform
July (2) videos from a recent trip. Users could then display that content within a Leadership
June (1) profile tab for that app. Or a news website could use Facebook Connect to January 16, 2009
May (2) allow users to easily post links from the site and feature all of the most recent
April (1) Extending FBML with Custom Tags
links that a user's friends have shared from that website.
March (3) January 13, 2009
February (3) Every user is subject to limits on the length and size of the video files they
Subscribe
January (3) can upload, just like they are when uploading through Facebook. Use
2006 video.getUploadLimits to determine a specific user's limits. To increase video
Wednesday, April 1, 2009
And then they opened up APIs for status, notes, links and video.
- Moving from just pulling data in, to being able to get data out as well
51. xkcd.com/256
Wednesday, April 1, 2009
but there are some problems with letting the data flow...
in the map of online social networks, things get tricky really fast when data moves from one
“nation” to another.
52. “... You may remove your User Content from the Site at any
time. If you choose to remove your User Content, the license
granted above will automatically expire, however you
acknowledge that the Company may retain archived copies of
your User Content....”
— Facebook Terms of Service
Wednesday, April 1, 2009
Here’s what happened.
Sometime last month, Facebook made a change to their TOS, striking the passage here.
Language was also clarified about ownership of user data... giving Facebook a “perpetual
right to license and sublicense your content”... basically you give it to Facebook and they can
do what they want with it.
At least that’s how people read it.
53. “... People want full ownership and control of their
information so they can turn off access to it at any time. At
the same time, people also want to be able to bring the
information others have shared with them ... to other
services and grant those services access to those
people's information. These two positions are at odds with
each other. ”
— Mark Zuckerberg, Facebook
Wednesday, April 1, 2009
In response, they reverted the changes and Mark Zuckerberg said on the FB blog:
“Still, the interesting thing about this change in our terms is that it highlights the importance
of these issues and their complexity. People want full ownership and control of their
information so they can turn o access to it at any time. At the same time, people also want
to be able to bring the information others have shared with them—like email addresses,
phone numbers, photos and so on—to other services and grant those services access to
those people's information. These two positions are at odds with each other. There is no
system today that enables me to share my email address with you and then simultaneously
lets me control who you share it with and also lets you control what services you share it
with.”
In other words, people want their cake and to eat it too.
54. Wednesday, April 1, 2009
so facebook is attempting to reinvent democracy on its site.
this is an ongoing discussion and something that should be watched closely.
59. Demo!
Wednesday, April 1, 2009
go over concepts: identity provider, relying party
Log in to Mapquest using DavidRecordon.com.
60. Relying Parties
(aka places you can login with OpenID)
OpenID - As viewed by JanRain’s MyOpenID.com
Wednesday, April 1, 2009
- 2007 was a huge year for OpenID!
61. Wednesday, April 1, 2009
not just blogs, but also big open source projects
not just..., but also consumer services
not just..., but also large service providers and corporations
- No where near a complete list!
64. As simple as...
html
head
link rel=quot;openid2.providerquot; href=quot;http://factoryjoe.com/blog/openid/serverquot; /
link rel=quot;openid2.local_idquot; href=quot;http://factoryjoe.com /blog/author/admin/quot; /
link rel=quot;openid.serverquot; href=quot;http://factoryjoe.com/blog/openid/serverquot; /
link rel=quot;openid.delegatequot; href=quot;http://factoryjoe.com /blog/author/admin/quot; /
/head
/html
Wednesday, April 1, 2009
67. Wednesday, April 1, 2009
“Identifier driven sign-in”
WTF do I type in the box??
1. Heard of OpenID
2. Understand OpenID
3. Have an OpenID
4. Know what URL to type
85. http://boogle.com
Courtesy Balsamiq
Wednesday, April 1, 2009
so i visit my favorite search engine and decide that i want to sign in
86. http://boogle.com
Courtesy Balsamiq
Wednesday, April 1, 2009
i click sign in
87. http://boogle.com
http://boogle.com/signin
Courtesy Balsamiq
Wednesday, April 1, 2009
and a popup is launched where I pick my provider...
88. http://boogle.com
Courtesy Balsamiq
Wednesday, April 1, 2009
now i’m redirected to my openid provider where i can sign in...
89. http://boogle.com/#finish
Welcome back, Chris Sign out
Courtesy Balsamiq
Wednesday, April 1, 2009
upon successfully authenticating, i’ve signed in, without the original page refreshing
90. show existing providers
how many of your custom
already have one of these
accounts?
easier than going into inb
spam
show janrain charts show
popular IDPs
UserVoice Identity Providers
Source: Janrain - Why Websites Should Accept Multiple Third Party Identity Account Logins
Wednesday, April 1, 2009
NASCAR
91. Interscope Identity Providers
Source: Janrain - Why Websites Should Accept Multiple Third Party Identity Account Logins
Wednesday, April 1, 2009
92. sulit.com.ph Identity Providers
Source: Janrain - Why Websites Should Accept Multiple Third Party Identity Account Logins
Wednesday, April 1, 2009
102. Marshall Kirkpatrick - Add One Line To Your Blog or Twitter Could Become Your Primary Identity
Wednesday, April 1, 2009
Why is this cool?
first: web page as API
second: support in opera, firefox, now IE8 (web slices)
SEO
104. c:
icons by Seedling Design and Fast Icon
Wednesday, April 1, 2009
so you need a way to refer to these cloud-based applications like you used to...
105. c:
icons by Seedling Design, Fast Icon and original authors
Wednesday, April 1, 2009
meanwhile we have hybrid apps like these that are also being thrown into the mix with
infinite storage but a native experience. and these all require identity of some sort.
107. XRDS-Simple
(light-weight service discovery for the web)
Wednesday, April 1, 2009
108. OpenID in XRDS
?xml version=quot;1.0quot; encoding=quot;UTF-8quot;?
xrds:XRDS
xmlns:xrds=quot;xri://$xrdsquot;
xmlns:openid=quot;http://openid.net/xmlns/1.0quot;
xmlns=quot;xri://$xrd*($v*2.0)quot;
XRD
Service priority=quot;0quot;
Typehttp://specs.openid.net/auth/2.0/signon/Type
Typehttp://openid.net/sreg/1.0/Type
Typehttp://openid.net/extensions/sreg/1.1/Type
Typehttp://schemas.openid.net/pape/policies/2007/06/phishing-resistant/Type
Typehttp://schemas.openid.net/pape/policies/2007/06/multi-factor/Type
Typehttp://schemas.openid.net/pape/policies/2007/06/multi-factor-physical/Type
URIhttps://pip.verisignlabs.com/server/URI
LocalIDhttps://recordond.pip.verisignlabs.com//LocalID
/Service
/XRD
/xrds:XRDS
Wednesday, April 1, 2009
109. Portable Contacts in XRDS
?xml version=quot;1.0quot; encoding=quot;UTF-8quot;?
xrds:XRDS
xmlns:xrds=quot;xri://$xrdsquot;
xmlns:openid=quot;http://openid.net/xmlns/1.0quot;
xmlns=quot;xri://$xrd*($v*2.0)quot;
XRD version=quot;2.0quot;
Typexri://$xrds*simple/Type
Service
Typehttp://portablecontacts.net/spec/1.0/Type
URIhttp://pulse.plaxo.com/pulse/pdata/contacts/URI
/Service
Service priority=quot;0quot;
Typehttp://specs.openid.net/auth/2.0/signon/Type
Typehttp://openid.net/sreg/1.0/Type
Typehttp://openid.net/extensions/sreg/1.1/Type
Typehttp://schemas.openid.net/pape/policies/2007/06/phishing-resistant/Type
Typehttp://openid.net/srv/ax/1.0/Type
URIhttp://www.myopenid.com/server/URI
LocalIDhttp://brian.myopenid.com//LocalID
/Service
/XRD
/xrds:XRDS
Wednesday, April 1, 2009
110. How it works
factoryjoe$ curl -H 'accept:application/xrds+xml' http://brian.myopenid.com/
Wednesday, April 1, 2009
Start simple:
- curl -H 'accept:application/xrds+xml' http://brian.myopenid.com/
111. How it works
Wednesday, April 1, 2009
Here’s what the response looks like (using Todd Ditchendorf’s HTTP Client) for Brian Ellin (AN
INDIVIDUAL)
- curl -H 'accept:application/xrds+xml' http://brian.myopenid.com/
112. Wednesday, April 1, 2009
What about services?
oauth discovery -- auto-service discovery
(basically this is how you advertise your APIs to be autodiscovered)
this is from partuza.nl -- an implementation of OpenSocial
113. Emerging Work!
LRDD
Link-based Resource Descriptor Discovery
http://tools.ietf.org/html/draft-hammer-discovery-03
Wednesday, April 1, 2009
emerging work
115. “your valet key for the web”
Wednesday, April 1, 2009
- Standardized existing duplicate protocols from Google, Yahoo!, AOL, and Microsoft
- Remove the need to ask for email provider passwords
- Seeing good adoption, so pay attention to this!
118. Wednesday, April 1, 2009
twitter apps provide a very common example of this problem.
119. Wednesday, April 1, 2009
boxee is also a problem. all these sites are going social and want to add value or reuse your
data... but there’s been no good alternative.
each big site came up with its own BFS of an API which lead to a developer tax to
reimplement code everytime, so they just went back to scraping.
124. San Francisco, CA
Wednesday, April 1, 2009
- You have *no* excuse to create APIs that only take passwords anymore
- Google, Netflix, Yahoo!, MySpace, Twitter, etc and is being standardized in the IETF
- Tell story of how OAuth was created
127. Wednesday, April 1, 2009
now this app syncs with your TripIt account. So here we are in the app, and we need to login
to connect to our TripIt account.
We click login...
128. chris@domain.com
••••••••
Wednesday, April 1, 2009
and we’re taken into Safari, where we sign in through the web browser.
137. Advanced OAuth
Wrangling
Kellan Elliott-McCrea
XTech 2008: The Web on the Move
http://www.slideshare.net/kellan/advanced-oauth-wrangling
Wednesday, April 1, 2009
139. ReadWriteWeb ReadWriteTalk Enterprise Jobwire About Subscribe Co
RSS RWW Da
Your em
RSS RWW W
Your em
Search ReadWriteWeb
Home Products Trends Best of RWW Archives
Comcast Property Sees 92% Success Rate With New Mobile retail software
designed for in-store ret
OpenID Method counting, receiving etc.
www.handpoint.com
Written by Marshall Kirkpatrick / February 10, 2009 2:33 PM / 22 Comments « Prior Post Next Post »
Dell Business Comput
The most-watched geek event of the day has to be the OpenID UX
Business Computer Pow
(User Experience) Summit, hosted at the Facebook headquaters. The Core™ 2 Duo On Sale
www.nz.dell.com
most discussed moment of the day will surely be the presentation by
Comcast's Plaxo team. New Zealand Site
Features 130,000 Memb
Plaxo and Google have collaborated on an OpenID method that may It's So Popular!
www.smilecity.co.nz
represent the solution to OpenID's biggest problems: it's too unknown,
it's too complicated and it's too arduous. Today at the User Experience
Summit, Plaxo announced that early tests of its new OpenID login
RWW SPONSORS
system had a 92% success rate - unheard of in the industry. OpenID's usability problems appear
closer than ever to being solved for good.
This experimental method refers to big, known brands where users were already logged in, it
requires zero typing - just two clicks - and it takes advantage of the OpenID authentication
opportunity to get quick permission to leverage the well established OAuth data swap to facilitate
immediate personalization - at the same time, with nothing but 2 clicks required of users.
Plaxo, primarily known for the noxious flood of spam emails it delivered in its early days, is now an
online user activity data stream aggregator owned by telecom giant Comcast. The Plaxo team has
been at the forefront of the new Open Web paradigm best known for the OpenID protocol.
The Flow
The method Plaxo has been testing is called an OpenID/OAuth combo, in collaboration with
Wednesday, April 1, 2009
- that said, there are somedoes that mean, in regular terms? It means that Plaxo told users they could log in
Google. What positive signs here.
with their Gmail accounts as OpenID by clicking a link to open a Gmail window, then Google
- 92% of the people thatpermission to hand over user contact data using the OAuth standard protocol. Once
they sent to login with OpenID came back successfully!
asked for
login was confirmed, whether contact data access was granted to Plaxo or not, the Gmail window
closed and users were returned to Plaxo all logged in. No new accounts, no disclosure of Gmail
passwords to Plaxo, no risky account scraping and no need to import or find friends on the new
service before immediate personalization could be offered.
This is a very different flow than most OpenID quot;relying partiesquot; have followed before - but it won't
be for long.
The Success Rate
Plaxo reported today that it has seen a staggering 92% of users who clicked on the quot;log-in with
Gmailquot; button come back to Plaxo with permission to authenticate their identities via Gmail
granted. Of those who returned, another 92% also granted permission for Plaxo to access their
contacts list. Only 8% of the people who clicked to log in with a standards based 3rd party
142. http://flickr.com/photos/factoryjoe/2545757754/
Wednesday, April 1, 2009
- you’re then asked to “find your friends” by forking over your email password
- hell, we’re guilty of this as well! The good news is that email providers are starting to add
OAuth enabled APIs so that we don’t have to do this anymore.
- but it isn’t just about asking for passwords (we do .CSV upload too), but that your email
address book isn’t really the friends you want on every website
147. Wednesday, April 1, 2009
- JSON based RESTful API to query address books, update them, etc. Two-way sync.
- Built into OpenSocial’s REST API and lots of vendors looking at supporting it.
- Think about vCard if it were modernized.
148. Since September
• Integrated with the OpenSocial REST People protocol
• Google, MySpace, hi5 and Plaxo are PoCo Providers
• Microsoft’s LiveFX Framework (sort of) supports PoCo
• Handful of PoCo consumers (including an Android app)
• Engaging the IETF around vCardDav compatibility
Wednesday, April 1, 2009
- Handful of
150. The Microformat XFN
if users want to link accounts, allow it... they may even link to your
service from another profile
Wednesday, April 1, 2009
- but what can we build atop OpenID?
161. Wednesday, April 1, 2009
- anyone can play with this...
- Demo http://www.davidrecordon.com/
- Missing friends.js
- Explore with attributes twitter.com/daveman692
164. Periodically checking for new people.
Wednesday, April 1, 2009
Dopplr - before with scraping people were paranoid about saving users’ passwords... so they
trashed them after using them... with oauth, you can get ongoing access and then introduce
people to their friends once they sign up
171. Today
• Last.fm
• Jaiku
• Facebook newsfeed
• FriendFeed
• etc.
Wednesday, April 1, 2009
172. The challenge
• Develop a format for expressing activities
• Compelling experiences from activity feeds
• The zero-knowledge test
• etc.
Wednesday, April 1, 2009
174. The Benefits
• Staying in touch across the web
• An open, emergent ecosystem of activities
• Filtering, search, automation stats
• Optimal, compelling, custom experiences
• Coalescing, merging, de-duping
• etc.
Wednesday, April 1, 2009
198. I decide I want to follow his activities
Sign in to follow Dave!
Wednesday, April 1, 2009
199. I sign in with my OpenID
Wednesday, April 1, 2009
200. Before I’m sent back, I’m asked
whether I want to follow Dave
Wednesday, April 1, 2009
201. I say yes, and am asked which
activity types Iʼm interested in...
Add contact
Dave Recordon Add subscriptions
Worst username evar. Contact details
San Francisco, CA Status updates
davidrecordon.com
Photos
Bookmarks
Your message (optional)
Blogs
Hi there! We met that conference
daveman692
last week. I’ve subscribed to your
updates on my site. Six Apart
Location
-Chris
Music
Movies
Slide presentations
Events
Travel
Local reviews
Books
Access requires permission from Dave
Inspired by Jyri Engeström
Wednesday, April 1, 2009
202. Should any of the selected types be protected,
I will be asked whether I want to request access
Dave’s contact details, photos and location are protected.
Would you like to request access to these items?
Please note that Dave may deny your request.
No thanks OK
Wednesday, April 1, 2009
203. If I say OK, an OAuth request will be sent which
Dave will later be able to approve, deny or ignore
Wednesday, April 1, 2009
204. ...And Dave’s public activities will show up
in my activities dashboard.
Wednesday, April 1, 2009
205. ...And if Dave later approves my request,
his protected activities will show up too
Wednesday, April 1, 2009
208. I decide I want to join this community
Sign in to start posting!
Wednesday, April 1, 2009
209. I sign in with my OpenID
Wednesday, April 1, 2009
210. Before I’m sent back, I’m asked whether I want to
authorize Stammer to postback my activities
Stammer can post the activities you take on their site to
your profile.
Would you like to allow this?
If you’re not sure, you can decide later. These activities will not be made public
unless you want them to be. You can always revoke this permission later.
Decide later OK
Wednesday, April 1, 2009
211. If I say yes, I am returned to Stammer,
authenticated. As I use the site, my actions are
posted to my activity stream
Wednesday, April 1, 2009
212. If I defer, I am returned to Stammer, authenticated.
As I use the site, my actions are posted to my
activity dashboard, where I can choose to share
my activities later
Wednesday, April 1, 2009
227. Builds on the Open Stack
Wednesday, April 1, 2009
- Incorporates existing standards to do things like portable contacts
228. Three Main APIs
Combination of JavaScript, REST, templates, and proxied HTML
• Activities (what people are doing on a site)
• People and Profile information
• Persistent data storage (joined across friends)
• Containers are free to add their own APIs such as photos
Wednesday, April 1, 2009
- Containers do the heavy database lifting for you
- Core people is name, uid, photo and profile url
229. Wednesday, April 1, 2009
- A write once, run anywhere social application platform
- boasting over 350 million potential active user reach last year, up to over 500 million this
year with Facebook crossing 150 million monthly active users
230. Containers
Wednesday, April 1, 2009
- lots of social networks all over the world
- most people only see the ones that they belong to
231. Run like open source
Wednesday, April 1, 2009
- Future roadmap isn’t run by [Google|MySpace], but by the community on the mailing list
and what consensus there is
232. Container Code
Wednesday, April 1, 2009
- Production worthy reference implementation in Java
- Java and PHP open source libs
- Complaint with OpenSocial v0.8.1
233. REST Libraries
http://icanhaz.com/opensocialcode
Next Blog» Create Blog | Sign In
SEARCH BLOG FLAG BLOG
Search
powered by
Site Feed
OpenSocial now friends with PHP, Java, Ruby, and Python
Wednesday, December 17, 2008 at 11:49:00 AM
With more and more containers introducing server-to-server APIs based on the OpenSocial REST and
RPC protocols (think MySpace, LinkedIn, Plaxo, orkut, and iGoogle just for starters), it has never been a
better time to jump into OpenSocial development. These new protocols allow you to write engaging social Subscribe via email
applications for these containers using the language of your choice -- JavaScript is no longer the only
option.
Enter your email
To help you get started using the OpenSocial REST and RPC protocols, we have assembled a set of address:
client libraries for PHP, Java, Ruby and Python. Each library enables developers to retrieve profile
information and persistent data from supporting containers without having to concern themselves with
managing network connections, signing requests, or other lower-level details. To check out the code,
point your browsers to the Source tab linked from each project's home page:
Subscribe
OpenSocial PHP Client Library
OpenSocial Java Client Library Delivered by
OpenSocial Ruby Client Library FeedBurner
OpenSocial Python Client Library
These libraries are completely open sourced under the Apache 2.0 license, and contributions are not only
welcomed but encouraged. In addition to a wiki page explaining the patch submission process, each Archives
project hosts an issue tracker which have already been populated with known issues and requested
Archives
Wednesday, April 1, enhancements. These trackers are the best places to start if you're interested in contributing to a
2009
particular project. Please report any new bugs or incompatibilities you find along with any feature requests
using these trackers and be sure to star those reported by other developers which are significant to your
More Blogs from
own development also so they can be prioritized effectively.
Google
To help get you started, we have assembled a set of sample applications, linked from the project wiki Visit our directory for
pages, which you can run directly from the command line or your favorite IDE. As an added bonus, the
more information about
Ruby and Python libraries have accompanying full-featured sample applications which you can run inside
Google blogs.
containers supporting the OpenSocial REST protocol. These larger samples are checked in to the
Subversion repository under quot;Samplesquot; and include a bootstrap mechanism for securely retrieving the ID
of the current viewer before the core application loads, which you can use as a template for your own Labels
container-based applications.
adobe (1)
For general questions and commentary, we have set up a discussion group to help build the developer app. pixverse (1)
community around the libraries. The original engineers of each library are already members of the group,
appengine (1)
so feel free to ask the tough questions. :) We will also be hosting a special session of IRC office hours
next Monday, December 22 from 1:00 to 3:00 (PST) so you can share your feedback with us directly. argentina (1)
The official OpenSocial IRC channel is located at irc://irc.freenode.net/#opensocial.
brazil (1)
We're really excited to see the next generation of social applications that the OpenSocial server-to-server buenos aires (1)
APIs enable, and we hope the client libraries ease you along your development journey. Please give the
china (1)
libraries a spin, file any issues you see, and stop by the IRC channel next week to get your questions
answered. See you there! container (1)
234. Sign in
Home News Help
About:
This OpenSocial application provides the ability to write and save JavaScript
code samples to execute against OpenSocial containers. This helps rapidly
test sample OpenSocial code.
Code samples can be saved and loaded. You can give other developers links
to code samples for instructional or debugging purposes.
Available on the following containers (click to use):
Versions:
OpenSocial 0.7
This version is compatible with containers supporting version 0.7 of the OpenSocial API. [ View XML ]
OpenSocial 0.8
This version is compatible with containers supporting version 0.8 of the OpenSocial API. [ View XML ]
http://osda.appspot.com/
Wednesday, April 1, 2009