17. The social internet
A social website..
•Provides a feature that becomes more engaging as the number of users
grows.
•Uses relationships between people to present users interesting information.
17
19. The social internet
A social website..
•Has overhead to manage users and relationships.
•Grows slowly because users must sign up to use the site.
What if we remove
the overhead?
•Developers can focus
on providing
features, not
managing users.
19
20. The social internet
A social network..
•Manages large numbers of users and relationships.
•Is slow to add new features.
20
22. The social internet
How do we add new features to social networks?
•Make the social network a platform.
•Give creative developers the tools to add the features themselves.
22
23. The social internet
A social application...
•Lets the social network manage users and relationships.
•Adds new features to the social network.
•Lets users “install” the application without signing up for new accounts.
•Grows quickly because users are already communicating with each other.
23
38. OpenSocial is moving fast: bews from this week!
• LinkedIn launched to 100% of users, and has a REST endpoint
• Mail.ru launched to users
• 51.com (large Chinese network) launched
http://developers.51.com
• Yahoo! launch launched a sandbox --
• Tools:
• Announced the OpenSocial Dev App
• http://wiki.opensocial.org is live
• Community updates:
• OpenSocial is having a birthday event on November 13 in San Francisco
• OpenSocial Foundation community election: vote by Monday!
38
39. Popular OpenSocial apps on hi5 in Thailand
• Engrish
• Daily Pablo -- get a new Picasso painting on your profile every day
• Kitten Club & KittyPix -- pictures of kittens
• PuppyPix -- pictures of puppies
• BuddyPoke! -- Poke your friends, powered by Google App Engine
• Soccer
• Speed Racing! -- design your car and engine and race your friends.
39
41. Gadgets
A gadget spec:
•Is an XML file.
•Defines metadata about an OpenSocial app.
•Is highly cacheable and does not need a high performance server.
Gadgets use existing web standards
•XML to define metadata.
•HTML for markup.
•JavaScript for interactivity.
•CSS for presentation.
41
42. Gadgets
A gadget server:
•Takes the gadget spec as input.
•Performs optimizations on the gadget spec.
•Outputs HTML, JavaScript, and CSS as one document.
42
43. Gadgets
A container:
•Displays the social network’s user interface.
•Opens an IFrame to the rendered gadget.
Containers and gadget
servers are both run by
the social network, but
do not need to be on
the same machine, or
even domain.
43
44. Gadgets
Example gadget XML spec:
•Uses HTML to print “Hello World”.
•Colors the text red with CSS.
•Dynamically adjusts the height of the gadget with JavaScript.
<?xml version=quot;1.0quot; encoding=quot;UTF-8quot; ?><Module>
<ModulePrefs title=quot;Hello World!quot;> <Require feature=quot;dynamic-
heightquot; /> </ModulePrefs> <Content type=quot;htmlquot;> <![CDATA[
<h1>Hello World</h1>
<style type=quot;text/cssquot;>
h1 { color: #dd0000; }
</style>
<script type=quot;text/javascriptquot;>
gadgets.window.adjustHeight();
</script> ]]> </Content></Module>
44
46. Gadgets
Requesting the gadget XML spec:
1. The client requests an app to be rendered.
2. The container fetches the gadget XML spec from its host.
46
47. Gadgets
Requesting the gadget XML spec:
1. The client requests an app to be rendered.
2. The container fetches the gadget XML spec from its host.
3. The container renders the gadget into HTML, which is displayed
to the client.
47
48. Gadgets
Requesting the gadget XML spec:
•Because the gadget spec is simple, it can be cached easily.
•Caching reduces the load on your server, great when you have millions of
users.
48
49. Gadgets
Requesting a cached gadget XML spec:
1.The client requests an app to be rendered. The container already
has a copy of the spec stored in its cache.
49
50. Gadgets
Requesting a cached gadget XML spec:
1.The client requests an app to be rendered. The container already
has a copy of the spec stored in its cache.
2.The container renders the gadget into HTML, which is displayed
to the client.
50
51. Gadgets
What kind of rewriting is done by the gadget server?
•Rewrite links to use content proxies.
•Rewrite relative links to full paths (some containers).
•Return only content for the current view.
51
52. Gadgets
What are views?
•Gadgets can render in different locations on a container.
•Rendering area changes from small to large.
•Certain pages might be public, some are private.
•Containers may have different policies depending on the page,
especially when the gadget displays ads.
•Views provide a way for gadgets to provide different functionality depending
on where it is rendered.
52
55. Gadgets
Working with views in the gadget XML:
•<Content> sections are repeated for each view.
•Add a view=quot;view namequot; attribute to each section.
•Content sections may support multiple views, for example
view=quot;home,canvasquot;
<?xml version=quot;1.0quot; encoding=quot;UTF-8quot; ?><Module>
<ModulePrefs title=quot;Hello World!quot;> <Require feature=quot;dynamic-
heightquot; /> </ModulePrefs>
<Content type=quot;htmlquot; view=quot;homequot;> <![CDATA[ ... ]]>
</Content> <Content type=quot;htmlquot; view=quot;canvasquot;> <![CDATA[
... ]]> </Content></Module>
55
56. Gadgets
JavaScript utility functions for gadgets:
•gadgets.io.makeRequest()
Make cross-domain AJAX calls to remote servers.
•gadgets.json.parse() and gadgets.json.stringify()
Native JSON support.
•gadgets.util.escapeString()
Make text safe for display via innerHTML.
•gadgets.util.registerOnLoadHandler()
Execute code when the page is finished loading.
56
57. Gadgets
gadgets.io.makeRequest():
•Make cross-domain AJAX calls to remote servers.
Remote content:
•Most interesting gadgets will need to
work with content stored on different
servers.
•AJAX cannot cross domains, so you
cannot request content from your own
server.
•JSONP is only really good for one-way
data transfer.
•Gadgets with millions of users can
overwhelm a remote site.
57
59. Gadgets
Requesting remote content:
1.The rendered app calls gadgets.io.makeRequest() to fetch
remote content. This call is sent to the container.
2.The container requests content from the specified URL.
59
60. Gadgets
Requesting remote content:
1.The rendered app calls gadgets.io.makeRequest() to fetch
remote content. This call is sent to the container.
2.The container requests content from the specified URL.
3.The container returns the response to the application, which renders
the data.
60
61. Gadgets
Add extra features to your gadget:
•dynamic-height - Change the size of your gadget in the container.
•views - Navigate between different surfaces of the container.
•skins - Make your gadget change its styles to match the container.
•Containers may offer custom features...
<?xml version=quot;1.0quot; encoding=quot;UTF-8quot; ?><Module>
<ModulePrefs title=quot;Hello World!quot;> <Require feature=quot;dynamic-
heightquot; /> </ModulePrefs> <Content type=quot;htmlquot;> <![CDATA[
... ]]> </Content></Module>
61
62. Gadgets
<?xml version=quot;1.0quot; encoding=quot;UTF-8quot; ?><Module>
<ModulePrefs title=quot;Hello Social!quot;> <Require
feature=quot;opensocial-0.8quot; /> </ModulePrefs> <Content
type=quot;htmlquot;> <![CDATA[ ... ]]>
</Content></Module>
The OpenSocial JavaScript API is a gadget feature, too!
62
64. The OpenSocial JavaScript API
Representing users:
•Client-side, users must work with the VIEWER and the OWNER.
64
65. The OpenSocial JavaScript API
Multiple personalities:
•When you visit your own profile, you are both the VIEWER and the OWNER.
65
66. The OpenSocial JavaScript API
OpenSocial requests:
•An OpenSocial DataRequest is created.
•Requests are added to the DataRequest.
•The DataRequest is sent to the server asynchronously.
•When the request finishes, the supplied callback will be called.
function request() { var req = opensocial.newDataRequest();
req.add(req.newFetchPersonRequest(quot;OWNERquot;), quot;get_ownerquot;);
req.add(req.newFetchPersonRequest(quot;VIEWERquot;), quot;get_viewerquot;);
req.add(req.newFetchActivitiesRequest(quot;VIEWERquot;), quot;vactivitiesquot;);
req.add(req.newFetchPersonAppDataRequest(quot;OWNERquot;, quot;*quot;), quot;odataquot;);
...
req.send(response);};
function response(data) { ... };
gadgets.util.registerOnLoadHandler(request);
66
67. The OpenSocial JavaScript API
OpenSocial responses:
•Responses are bundled according to the keys specified in the request.
•Check for an error at the global response level.
•Check for an error at the specific response level.
•Use getData() to retrieve the actual information in a request.
function response(data) {
if (data.hadError()) {
if (data.get(quot;get_ownerquot;).hadError()) {
...
}
if (data.get(quot;get_viewerquot;).hadError()) {
...
}
...
}
var owner = data.get(quot;get_ownerquot;).getData();
var viewer = data.get(quot;get_viewerquot;).getData();
};
67
68. The OpenSocial JavaScript API
Working with people:
• opensocial.Person - JavaScript representation of a user.
68
69. The OpenSocial JavaScript API
Request one person:
req.add(req.newFetchPersonRequest(idspec, opt_params), quot;keyquot;);
• idspec can be either “VIEWER”, “OWNER” or an ID number.
• opt_params contains extra request parameters, such as which profile
fields to fetch.
newFetchPersonRequest responses:
var owner = data.get(quot;keyquot;).getData();
alert(owner.getDisplayName());
• Data contains a single opensocial.Person
object.
• Person objects can contain lots of information,
such as addresses, companies, phone numbers,
favorite movies, and thumbnail urls.
69
70. The OpenSocial JavaScript API
Methods available on an OpenSocial Person:
• getDisplayName()
Gets a text display name for this person; guaranteed to return a useful
string. getField(key, opt_params)
Gets data for this person that is associated with the specified key. getId()
Gets an ID that can be permanently associated with this person.
isOwner()
Returns true if this person object represents the owner
of the current page. isViewer()
Returns true if this person object represents the
currently logged in user.
70
71. The OpenSocial JavaScript API
An OpenSocial Person's fields:
• ABOUT_MEACTIVITIESADDRESSESAGEBODY_TYPEBOOKSCARSCHILDRENCURRENT_
• JOB_INTERESTSJOBSLANGUAGES_SPOKEN
• SEXUAL_ORIENTATION
• LIVING_ARRANGEMENTLOOKING_FORMOVIESMUSICNAMENETW
• SMOKER
LOCATIONDATE_OF_BIRTHDRINKEREMAILSETHNICITYFASHIONFOODGENDERHAPPIE
ST_WHENHAS_APPHEROESHUMORIDINTERESTS • SPORTSSTATUSTAGS
NAMEPETSPHONE_NUMBERSPOLITICAL_VIEWSPROFILE_SONG
• THUMBNAIL_URL
_VIDEOQUOTESRELATIONSHIP_STATUSRELIGIONROMANCESCA
• TIME_ZONETURN_OFFSTURN_ONSTV
71
72. The OpenSocial JavaScript API
Working with people:
• A Collection represents many opensocial.Person objects.
72
73. The OpenSocial JavaScript API
Request many people:
var idspec = opensocial.newIdSpec({
“userId” : “OWNER”,
“groupId” : “FRIENDS”
});
req.add(req.newFetchPeopleRequest(idspec, opt_params), quot;keyquot;);
• idspec is an object that can represent groups of people. “userId” can be
“VIEWER” or “OWNER” or an ID, and “groupId” can be “SELF”,
“FRIENDS”, or the name of a group.
• opt_params contains extra request parameters, such as which profile
fields to fetch, and how to order or filter the returned people.
newFetchPersonRequest responses:
var owner_friends = data.get(quot;keyquot;).getData();
owner_friends.each(function (person) {
alert(person.getDisplayName());
});
• Data contains a Collection of opensocial.Person
objects. Iterate over these by using the each() method.
73
74. The OpenSocial JavaScript API
Working with data:
• Persistent data gives apps key, value storage directly on the container.
• String only, but conversion to JSON allows for storage of complex objects.
• Storage per app per user - scales well with growth.
• Ideal for settings, customizations.
74
75. The OpenSocial JavaScript API
Set persistent data:
req.add(req.newUpdatePersonAppDataRequest(idspec, key, value));
• idspec can only be “VIEWER”.
• key is the name under which this data will be stored.
• value is a string representing the data to store.
75
76. The OpenSocial JavaScript API
Fetch persistent data:
var idspec = opensocial.newIdSpec({
quot;userIdquot; : quot;OWNERquot;,
quot;groupIdquot; : quot;SELFquot;
});
req.add(req.newFetchPersonAppDataRequest(idspec, keys),
quot;keyquot;);
req.add(req.newFetchPersonRequest(quot;OWNERquot;), quot;ownerkeyquot;);
• idspec is an object that can represent groups of people, the same as
newFetchPeopleRequest.
• keys is a list of persistent data keys to retrieve the data for.
• The owner is requested because the data returned is indexed by user ID
and we want the owner’s data.
newFetchPersonAppDataRequest responses:
var app_data = data.get(quot;keyquot;).getData();
var value = app_data[owner.getId()][key];
76
77. The OpenSocial JavaScript API
Fetch persistent data:
• Data is returned as an object indexed by ID number, then as an object
indexed by key name, even if there is only data returned for one user!
{ quot;1234567890quot; : { quot;key1quot; : quot;value1quot; } }
• One person, multiple keys:
{
quot;1234567890quot; : {
quot;key1quot; : quot;value1quot;,
quot;key2quot; : quot;value2quot;
}
}
• Multiple people:
{
quot;1234567890quot; : { quot;key1quot; : quot;value1quot; },
quot;2345678901quot; : { quot;key1quot; : quot;value2quot; }
}
77
78. The OpenSocial JavaScript API
Working with activities:
• API to post information about what users are doing with your app.
• Many containers have support for images and some HTML.
• Channel to grow your application.
orkut MySpace hi5
78
79. The OpenSocial JavaScript API
Post an activity:
function postActivity(text) {
var params = {};
params[opensocial.Activity.Field.TITLE] = text;
var activity = opensocial.newActivity(params);
opensocial.requestCreateActivity(activity,
opensocial.CreateActivityPriority.HIGH, callback);
};
• Assign the activity text to the TITLE field.
• Call opensocial.newActivity() to create a new Activity instance.
• Call opensocial.requestCreateActivity() to post the activity to the
container.
79
81. RESTful and RPC protocols
Opens new development models
•Background processing.
•Easier Flash integration.
•Mobile applications.
81
82. RESTful and RPC protocols
Communication methods:
•RESTful (Representational State Transfer)
•RPC (Remote Procedure Call)
Formats:
•XML
•JSON
•AtomPub
82
83. RESTful and RPC protocols
REST:
•Resources are URLs.
Example - People:
• All people connected to the given user:
/people/{guid}/@all
• All friends of the given user:
/people/{guid}/@friends
• Profile of the given user:
/people/{guid}/@self
• Profile of the authenticated user:
/people/@me/@self
• Supported Person fields:
/people/@supportedFields
83
87. RESTful and RPC protocols
REST:
•Perform operations using different HTTP methods on each URL.
CRUD: HTTP:
•Create •POST
•Retrieve •GET
•Update •PUT
•Delete •DELETE
87
88. RESTful and RPC protocols
REST has some disadvantages:
•Batch support requires multiple HTTP requests, or a contrived URL
scheme.
•Specifying multiple users via querystring is difficult. Is
?uid=1234,5678 the same resource as ?uid=5678,1234 ?
88
90. RESTful and RPC protocols
Authentication:
•Both protocols use OAuth to identify users and apps.
•Depending on what the application needs to do, it can use two-legged
or three-legged OAuth.
Two-legged OAuth:
•The application authenticates directly with the container.
•Perform non-user specific operations:
• Update persistent data for app users.
• Can request information for users who have shared their profile
information with the app.
Three-legged OAuth:
•The user tells the container to give profile access to the application.
•Perform user specific operations:
• Post activities.
• Fetch friends of the current user.
90
91. RESTful and RPC protocols
Client libraries are being created for PHP, Java, and Python.
•Help you connect to OpenSocial containers, and work with social
data on your server.
Sample: log into a container:
91
92. RESTful and RPC protocols
RESTful and RPC use OAuth for authentication
•OAuth is an open standard.
•Client libraries will help make this process easier for developers.
Sample: use OAuth to get an access token for a user:
92
93. RESTful and RPC protocols
•Once OAuth is used, you can store a user token for later access.
Sample: use an existing token:
93
94. RESTful and RPC protocols
•Once authentication has happened, requests are easy:
Sample: Fetch the current user:
94
95. RESTful and RPC protocols
Sample: Fetch the current user’s friends:
95
98. Shindig
Writing a gadget server is difficult:
•Fast changing API - hard to keep up.
•Standardization is hard to get right.
•Costs ¥ / !
98
99. Shindig
Apache Shindig to the rescue!
•Open Source project.
•Available in Java and PHP.
•Run by itself and connect to an
existing social site to add
OpenSocial support.
•Goal: Launch a
new (simple)
container in under
an hour’s worth
of work
http://incubator.apache.org/shindig/
99
102. Caja
When JavaScript goes bad
•Gadgets can be a new vector for phishing, spam, malware.Social spread of
gadgets can spread bad gadgets too.Caja reduces threats with a JavaScript
sanitizer as an additional quot;sandboxquot;
on top of iFrame protection.
102
103. Caja
Caja is:
• A capability-based Javascript sanitizer.An Open Source project from
Google.Optional but recommended for
OpenSocial containers.Will eventually be secure enough
to run gadgets
inline instead of in iframes.
http://code.google.com/p/google-caja/
103
104. Templates
Need for a templating language:
•Developers need a simple way to convert OpenSocial data to HTML.
•DOM manipulation is slow and ugly.
•innerHTML is unsafe.
104
114. Challenges
This lumberjack will
thank anyone who
helps solve the
following problems...
David Glazer, Director of Engineering, Google
OpenSocial Foundation board member
114
115. Challenges
Cross container development is still tricky:
•Containers may not follow the standard.
•Containers may follow the standard but have different policies.
•Follow best practices:
http://tinyurl.com/4nuzll
115
116. Challenges
No central directory
•Hard for apps to spread to many containers.
•Apps need to work with different install processes.
•Directory approval requirements vary from container to container.
116
122. OpenSocial Gadget Contest for Southeast Asia
• To support the developer community and encourage
innovation on the OpenSocial platform in Southeast
Asia
• Countries: Malaysia, Philippines, Singapore, Thailand,
Vietnam
• 4 winners per country: Nintendo Wii, Apple iPod Touch
prizes
• Judging panel: Google, eXo Platform, Friendster,
Globant, hi5
• Dates:
Registration opens: Nov 15, 2008
Registration ends: Jan 10, 2009
Winners notified: Jan 23, 2009
122
Results announced: Feb 6, 2009