Joseph Smarr - Tying it All Together: Implementing the Open Web
Joseph Smarr is the Chief Platform Architect at Plaxo.
Lots of open source building blocks for bringing things together. How do all these pieces sit together and what is the landscape going to look like when the dust settles?
The social web today is very broken. On each site you have to re-create an account, re-enter profile info, re-find friends, re-establish relationships. New social apps have limited options: create yet-another-silo and start from scratch or make a widget inside of an existing walled garden.
There's got to be a better way and there is. Help is on the way. It's coming in the form of new building blocks that establish: who I am, who I know, and what's going on. We're going to aim for the medium level of detail on each of the projects which fit into these building blocks.
Who I am: Creating a portable, durable online identity. OpenID is important in this space. OpenID lets you come to a new website and allows you to log-in with an account that exists on another site. You can sign up and sign in with your existing account. You can then link and share your profile data between sites. When you go through Plaxo's sign up you can sign in with any open ID. This takes you over to your identity provider and allows you to verify that you want to share your information with Plaxo. This is good for users and for Plaxo by reducing friction. Yahoo is OpenID, MySpace is on the way, AOL is signed up, some of Google's properties are supported, this has majorly caught on.
Consolidate your online identity with me-links for rel=me (XFN). The social graph API allows you to query Google using REST for the downstream me links. This makes it easy to find out more information about users by what exists on the web. Again great for both the consumer in not having to duplicate info and great for businesses in terms of getting data into your systems.
Who I know: You need to be able to build and maintain relationships. Until recently the only way you could get at this information was to scrape your webmail address books. It's kind of hacky and insecure. The good news is over the last year that this isn't going away, it's useful, and they've made it easy to practice safe portability. Google, Yahoo, and Microsoft have mechanisms for getting at the information without giving a new service your webmail password. OAuth is a means for sharing private data between trusted sites. A bunch of people came together and came up with a standard way of getting at data. OAuth is supported by Google, MySpace, it's a part of DataPortability. OAuth gives a third party site a token which is revocable. It can be scoped access. Friends-list portability allows for continuous discovery across multiple sites.
What's going on? Because the entire web is becoming social you're creating and doing interesting things on a lot of different sites. You can't walk each site to check and see who is doing what. OpenSocial is trying to define a standard language for social networking applications on the web. You can drop in widgets that work on all social networking sites. OpenSocial is going mainstream and has over 500 million users by the end of the year. Everyone is agreeing on standard APIs at the server-to-server level. RSS and Atom is another important piece which is often overlooked. It's an important standard for sharing "here's what going on right now." If you put RSS together with OAuth you can get private update feeds. Jabber XMPP is becoming more important, too, it started as an open standard for instant messaging. One of the things they built in as a result is that it is federated. It's a good set of open tools for different sites sending messages to each other.
This stuff is out there, it's real, and it fits into these standard blocks. What we'll do now is pull everything together.How does the friends list portability work?
- Tell the site your social graph provider: XRDS-Simple (discovery) + OAuth (access)
- Site fetches your data to find local friends: Site fetches your data to find your local friends ??? No standard way to do this yet. A project that's going on and in draft spec is still up and coming is PortableContacts.net.
- Site lets you connect to people you want: You can periodically look for new matches.
- User signs in with an OpenId: Site fetches OpenID URL -> looks for X-XRDS-Location, Site parses XRDS-Simple doc to discover available APIs
- Site tries to access contacts API -> gets a 401: WWW-Authenticate response header specifies OAuth, OAuth discovery (via XRDS) provides OAuth endpoints
- Site sends user through OAuth