The Open, Social Web Workshop

THE OPEN, SOCIAL WORKSHOP Chris Messina • David Recordon • Joseph Smarr • OSCON • July 20, 2009 • San Jose, CA

Who are we? chrismessina daveman692 jsmarr *Photo by termie

Who are you?

W E L C O M E TO TH E S OCIAL WEB

It begins with Web 2.0

“Web 2.0 is the network as platform, spanning all connected devices; Web 2.0 applications are those that make the most of the intrinsic advantages of that platform: delivering software as a continually-updated service that gets better the more people use it, consuming and remixing data from multiple sources, including individual users, while providing their own data and services in a form that allows remixing by others, creating network effects through an “architecture of participation,” and going beyond the page metaphor of Web 1.0 to deliver rich user experiences.” — Tim O’Reilly, Web 2.0: Compact Definition? Photo by Dan Farber

“Web 2.0 is the business revolution in the computer industry caused by the move to the internet as platform, and an attempt to understand the rules for success on that new platform. Chief among those rules is this: Build applications that harness network effects to get better the more people use them. (This is what I’ve elsewhere called ‘harnessing collective intelligence.’)” — Tim O’Reilly Photo by Dan Farber

Tim O’Reilly’s ﬁve rules The perpetual beta becomes a process for engaging customers. Share and share-alike data, reusing others’ and providing APIs to your own. Ignore the distinction between client and server. On the net, open APIs and standard protocols win. Lock-in comes from data accrual, owning a namespace or non-standard formats.

“So what’s the seminal development that’s ushering in the era of Web 3.0? It’s the real arrival, after years of false predictions, of the thin client, running clean, simple software, against cloud-based data and services. The poster children for this Bullshit. new era have been the Apple iPhone and iPod Touch, which have sold 37 million units in less than two years and attracted 35,000 apps and one billion app downloads in just nine months.” — Walt Mossberg and Kara Swisher, Welcome to Web 3.0

Bullshit.

“After all, Web 2.0 was not a new version of the web, but a name that tried to capture what distinguished the companies that survived the dotcom bust from those that survived, and point the way forward for new companies entering the market.” — Tim O’Reilly, responding to Mossberg and Swisher Photo by Dan Farber

Building blocks of the social web

Who I am Who I know What’s going on

Identity Relationships Activities

Identity

Relationships

Activities

Trends

The rise of social networking Photo by Mike Wooldridge

WWW

WWW icons by iconaholic.com

? ? ? ? WWW ? ? ? ? icons by iconaholic.com

The iPhone era

Everyware computing

DATA INSIDE! “It’s like ﬂying on an iPhone!” Photo by Sathish J

Growing comfort with real identity

Developer tools focusing on social

Tim O’Reilly’s ﬁve rules The perpetual beta becomes a process for engaging customers. Share and share-alike data, reusing others’ and providing APIs to your own. Ignore the distinction between client and server. On the net, open APIs and standard protocols win. Lock-in comes from data accrual, owning a namespace or non-standard formats. Photo by Dan Farber

• facebook.com/chrismessina • friendfeed.com/chrismessina • google.com/proﬁles/chrismessina • twitter.com/chrismessina

@chrismessina

/chrismessina

http://twitter.com/chrismessina

http://facebook.com/chrismessina

Etc.

Mazlow’s Hierarchy of Needs morality, creativity, spontaneity, problem solving, lack of prejudice, Self-actualization acceptance of facts self-esteem, confidence, achievement, respect of others, Esteem respect by others friendship, family, sexual intimacy Love/belonging security of: body, employment, resources, Safety morality, the family, health, property breathing, food, water, sex, sleep, homeostasis, excretion Physiological

People want to share and be connected “Of the 1.1 billion people age 15 and older worldwide who accessed the Internet from a home or work location in May 2009, 734.2 million visited at least one social networking site during the month, representing a penetration of 65 percent of the worldwide Internet audience. [...] “Social networking has become a popular online pastime not only in mature Internet markets like North America, but also in developing, high-growth Internet markets such as Russia,” said Mike Read, SVP & managing director, comScore Europe. “In a country as geographically large as Russia, social networking represents a way of connecting people from one corner of the country to the other. The highly engaged behavior of social networkers in Russia offers significant opportunity for marketers and advertisers seeking to reach these audiences.” — comScore, July 2, 2009 *Source: comScore

B UI L DI N G O N TH E S OCIAL WEB

How is building today different?

Patterns

On-ramps for new users

Photo by Bridget AMES

nID Logo - Revision 3 Client: OpenID Foundation 2007-11-26 Prepared by: Randy Reddig S

Demo!

Large US OpenID Providers • AOL • Google • Microsoft (in “developer preview”) • MySpace • Yahoo!

Creating your own OpenID Provider factoryjoe.com +

Using the WordPress OpenID plugin <html> <head> <link rel="openid2.provider" href="http://factoryjoe.com/openid/server" /> <link rel="openid2.local_id" href="http://factoryjoe.com /author/admin/" /> <link rel="openid.server" href="http://factoryjoe.com/openid/server" /> <link rel="openid.delegate" href="http://factoryjoe.com /author/admin/" /> </head> <body> ... </body> </html>

Delegating to MyOpenID <html> <head> <link rel="openid2.provider" href="https://www.myopenid.com/server" /> <link rel="openid2.local_id" href="https://factoryjoe.myopenid.com/" /> <link rel="openid.server" href="https://www.myopenid.com/server" /> <link rel="openid.delegate" href="https://factoryjoe.myopenid.com/" /> </head> <body> ... </body> </html>

OpenID Usability

factoryjoe

user@email.com

friendster

Hotmail

elderly

I HATE YOU!!!!!!!!!!!!!!!!!!!!!!!!LADY GAAAGGG

Previous attempts

Emerging work: pop-up flow (shipped by Facebook, Google and JanRain)

http://boogle.com Courtesy Balsamiq

http://boogle.com

http://boogle.com http://boogle.com/signin

http://boogle.com

http://boogle.com/#ﬁnish Welcome back, Chris Sign out

The NASCAR Problem Photo by Timothy Vogel

• What’s your address?

• What’s your address? • What’s your phone number?

• What’s your address? • What’s your phone number? • What’s your AOL screenname?

• What’s your address? • What’s your phone number? • What’s your AOL screenname? • What’s your email address?

• What’s your address? • What’s your phone number? • What’s your AOL screenname? • What’s your email address? • What’s your MySpace?

• What’s your address? • What’s your phone number? • What’s your AOL screenname? • What’s your email address? • What’s your MySpace? • Twitter?

• What’s your address? • What’s your phone number? • What’s your AOL screenname? • What’s your email address? • What’s your MySpace? • Twitter? • Are you on Facebook?

• What’s your address? • What’s your phone number? • What’s your AOL screenname? • What’s your email address? • What’s your MySpace? • Twitter? • Are you on Facebook? • What’s your OpenID?

Break

Adding teh social

The Password Anti-pattern

Stopping ReFriend Madness

As Simple as JavaScript

Increasing engagement by *connecting

Anatomy of “Connect” • Proﬁle (identity, accounts, profiles) • Relationships (followers, friends, contacts) • Content (posts, photos, videos, links) • Activity (poked, bought, shared, blogged) • Goal: Discovery of people and content

Viewing Virtuous Cycle of Sharing Sharing

Portable Contacts API • Simple JSON API for sharing, filtering and searching contacts between social web sites. • Implemented as a part of OpenSocial and thus deployed on large sites such as MySpace. • Integrated with OpenID and OAuth in Gmail.

{ "startIndex": 10, "itemsPerPage": 10, "totalResults": 12, { "id": "703887", "displayName": "Mark Hashimoto", "name": { "familyName": "Hashimoto", "givenName": "Mark" }, "birthday": "0000-01-16", "gender": "male", "drinker": "heavily", "tags": [ "plaxo guy" ], "emails": [ { "value": "mhashimoto-04@plaxo.com", "type": "work", "primary": "true" }, { "value": "mhashimoto@plaxo.com", "type": "home" } ],

"value": "http://sample.site.org/photos/12345.jpg", "type": "thumbnail" } ], "ims": [ { "value": "plaxodev8", "type": "aim" } ], "addresses": [ { "type": "home", "streetAddress": "742 Evergreen TerracenSuite 123", "locality": "Springfield", "region": "VT", "postalCode": "12345", "country": "USA", "formatted": "742 Evergreen TerracenSuite 123nSpringfield, VT 12345 USA" } ], "accounts": [ { "domain": "plaxo.com", "userid": "2706" } ] } ] }

{ "id": "1", "name": "Chris Messina", "urls": [ { "value": "http://factoryjoe.com/blog", "type": "blog" } ] }, { "id": "2", "name": "Joseph Smarr", "emails": [ { "value": "joseph@plaxo.com", "type": "work", "primary": "true" }, { "value": "jsmarr@gmail.com", "type": "home" } ], } } filterBy=name&filterOp=startswith&filterValue=Chr

{ "id": "1", "name": "Chris Messina", "urls": [ { "value": "http://factoryjoe.com/blog", "type": "blog" } ] } } filterBy=name&filterOp=startswith&filterValue=Chr

{ { "id": "2", "name": "Joseph Smarr", "emails": [ { "value": "joseph@plaxo.com", "type": "work", "primary": "true" }, { "value": "jsmarr@gmail.com", "type": "home" } ], } } filterBy=email&filterOp=contains&filterValue=plaxo.com

Google’s Social Graph API

Discovery in the cloud

c: icon by Seedling Design

http:// icon by Seedling Design

http:// icons by Seedling Design and Fast Icon

http:// icons by Seedling Design, etc

factoryjoe.com icons by Seedling Design

Emerging Work! XRD + LRDD

OpenID <?xml version="1.0" encoding="UTF-8"?> <xrds:XRDS xmlns:xrds="xri://$xrds" xmlns:openid="http://openid.net/xmlns/1.0" xmlns="xri://$xrd*($v*2.0)"> <XRD> <Service priority="0"> <Type>http://specs.openid.net/auth/2.0/signon</Type> <Type>http://openid.net/sreg/1.0</Type> <Type>http://openid.net/extensions/sreg/1.1</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/phishing-resistant</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/multi-factor</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical</Type> <URI>https://pip.verisignlabs.com/server</URI> <LocalID>https://recordond.pip.verisignlabs.com/</LocalID> </Service> </XRD> </xrds:XRDS>

Portable Contacts <?xml version="1.0" encoding="UTF-8"?> <xrds:XRDS xmlns:xrds="xri://$xrds" xmlns:openid="http://openid.net/xmlns/1.0" xmlns="xri://$xrd*($v*2.0)"> <XRD version="2.0"> <Type>xri://$xrds*simple</Type> <Service> <Type>http://portablecontacts.net/spec/1.0</Type> <URI>http://pulse.plaxo.com/pulse/pdata/contacts</URI> </Service> <Service priority="0"> <Type>http://specs.openid.net/auth/2.0/signon</Type> <Type>http://openid.net/sreg/1.0</Type> <Type>http://openid.net/extensions/sreg/1.1</Type> <Type>http://schemas.openid.net/pape/policies/2007/06/phishing-resistant</Type> <Type>http://openid.net/srv/ax/1.0</Type> <URI>http://www.myopenid.com/server</URI> <LocalID>http://brian.myopenid.com/</LocalID> </Service> </XRD> </xrds:XRDS>

How it works

Data access with OAuth

A protocol for developing password-less APIs. Your valet key for the web.

Advanced OAuth Wrangling Kellan Elliott-McCrea XTech 2008: The Web on the Move http://www.slideshare.net/kellan/advanced-oauth-wrangling

On the desktop

4D56

On the phone

chris@domain.com ••••••••

The OpenID/OAuth Hybrid

+

TOC 8. Requesting Authentication When requesting OpenID Authentication via the protocol mode "checkid_setup" or "checkid_immediate", this extension can be used to request that the end user authorize an OAuth access token at the same time as an OpenID authentication. This is done by sending the following parameters as part of the OpenID request. (Note that the use of "oauth" as part of the parameter names here and in subsequent sections is just an example. See Section 5 for details.) openid.ns.oauth REQUIRED. Value: "http://specs.openid.net/extensions/oauth/1.0". openid.oauth.consumer REQUIRED. Value: The consumer key agreed upon in Section 7 . openid.oauth.scope OPTIONAL. Value: A string that encodes, in a way possibly specific to the Combined Provider, one or more scopes for the OAuth token expected in the authentication response. TOC 9. Authorizing the OAuth Request If the OpenID OAuth Extension is present in the authentication request, the Combined Provider SHOULD verify that the consumer key passed in the request is authorized to be used for the realm passed in the request. If this verification succeeds, the Combined Provider SHOULD determine that delegation of access from a user to the Combined Consumer has been requested. The Combined Provider SHOULD NOT issue an approved request token unless it has user consent to perform such delegation. TOC 10. Responding to Authentication Requests If the OpenID authentication request cannot be fulfilled (either in failure mode "setup_needed" or "cancel" as in Sections 10.2.1 and 10.2.2 of [OpenID] ) then the OAuth request SHOULD be considered to fail and the Provider MUST NOT send any OpenID OAuth Extension values in the response. The remainder of this section specifies how to handle the OAuth request in cases when the OpenID authentication response is a positive assertion (Section 10.1 of [OpenID] ). If the end user does wish to delegate access to the Combined Consumer, the Combined Provider MUST include and MUST sign the following parameters. openid.ns.oauth REQUIRED. Identical value as defined in Section 8 . openid.oauth.request_token REQUIRED. A user-approved request token. openid.oauth.scope OPTIONAL. A string that encodes, in a way possibly specific to the Combined Provider, one or more scopes that the returned request token is valid for. This will typically indicate a subset of the scopes requested in Section 8 . To note that the OAuth Authorization was declined or not valid, the Combined Provider SHALL only respond with the parameter

2 Clicks Demo!

What Plaxo found • Better for the user: higher success rate with no password anti-pattern • Better for the provider: Happy users and no automated data scraping • Better for the site: Higher conversion rate; more informed social graph

An Open Stack is emerging

Evolving the Open Stack Mashups OpenSocial Attributes OpenID/AX ... Contacts Portable Contacts Authentication OpenID/Auth Access Control OAuth Metadata Discovery YADIS, XRDS-Simple, XRD Unique Identiﬁers URLs, email addresses As proposed by Johannes Ernst

Success stories

“We launched OpenID in March 2008 with Highrise. About 15% of the logins are now using OpenID.” — David Heinemeier Hansson, 37Signals

“Deployments for their customers – Twitter and Songbird – are seeing OpenID utilization of 20% or more.” — Eirc Eldon, VentureBeat

ReadWriteWeb ReadWriteTalk Enterprise Jobwire About Subscribe Co RSS RWW Da Your em RSS RWW W Your em Search ReadWriteWeb Home Products Trends Best of RWW Archives Comcast Property Sees 92% Success Rate With New Mobile retail software designed for in-store ret OpenID Method counting, receiving etc. Written by Marshall Kirkpatrick / February 10, 2009 2:33 PM / 22 Comments « Prior Post Next Post » www.handpoint.com Dell Business Comput The most-watched geek event of the day has to be the OpenID UX Business Computer Pow (User Experience) Summit, hosted at the Facebook headquaters. The Core™ 2 Duo On Sale www.nz.dell.com most discussed moment of the day will surely be the presentation by Comcast's Plaxo team. New Zealand Site Features 130,000 Memb Plaxo and Google have collaborated on an OpenID method that may It's So Popular! www.smilecity.co.nz represent the solution to OpenID's biggest problems: it's too unknown, it's too complicated and it's too arduous. Today at the User Experience Summit, Plaxo announced that early tests of its new OpenID login system had a 92% success rate - unheard of in the industry. OpenID's usability problems appear RWW SPONSORS closer than ever to being solved for good. This experimental method refers to big, known brands where users were already logged in, it requires zero typing - just two clicks - and it takes advantage of the OpenID authentication opportunity to get quick permission to leverage the well established OAuth data swap to facilitate immediate personalization - at the same time, with nothing but 2 clicks required of users. Plaxo, primarily known for the noxious flood of spam emails it delivered in its early days, is now an online user activity data stream aggregator owned by telecom giant Comcast. The Plaxo team has been at the forefront of the new Open Web paradigm best known for the OpenID protocol.

*Source: Janrain OpenID adoption across the web continues to grow

UserVoice Identity Providers Source: Janrain - Why Websites Should Accept Multiple Third Party Identity Account Logins

Interscope Identity Providers Source: Janrain - Why Websites Should Accept Multiple Third Party Identity Account Logins

sulit.com.ph Identity Providers Source: Janrain - Why Websites Should Accept Multiple Third Party Identity Account Logins

G E T T I N G INVOLVED & C O N TR IBUT IN G

Open source in the cloud era

Yoism: the world’s ﬁrst open source religion

“The price of freedom is eternal vigilance.” —thomas jefferson

our ^ “The price of freedom is eternal vigilance.” —thomas jefferson

Patents, trademarks and copyright

Joining communities

• OpenID Foundation • Open Web Foundation • OpenSocial Foundation • Partuza Project/Shindig • Activity Streams • Microformats • Diso Project

Libraries, frameworks & resources

• Partuza.nl • Shindig • Diso Project • oauth.net/code • Pinax

C O N C L U SION

The open, social web is being built on standards that are free to implement and that encourage competition at the layer of service and user experience.

Q & A

The Open, Social Web Workshop

0 comments

Notes on slide 1

32 Favorites