Implementing the
                           Social Web
                             with OpenID, OAuth, and All That Jazz!...
About Us




              chrismessina    daveman692   jsmarr



Wednesday, April 1, 2009
All of you?




Wednesday, April 1, 2009

 - developers? designers? product peoples? <shout it out>
 - What questions/prob...
What’s going on?




Wednesday, April 1, 2009

 - DAVID
Wednesday, April 1, 2009

 - the social web is pretty repetitive today, the irony is that the web is a decentralized thing...
http://dataportability.org/

Wednesday, April 1, 2009
Wednesday, April 1, 2009
Wednesday, April 1, 2009

 - you fill out this long form time and time again
 - Digg has since simplified it, but really...1...
http://flickr.com/photos/factoryjoe/2545757754/

Wednesday, April 1, 2009

 - you’re then asked to “find your friends” by fo...
Wednesday, April 1, 2009

 - then you create content yet it’s not shared outside of the site that you created it on
http://www.flickr.com/photos/jagelado/16631508/

Wednesday, April 1, 2009

- So, how’d we get here?
- A few years ago this...
http://www.illustratorworld.com/artwork/2238/
Wednesday, April 1, 2009

Browser Wars once people started really seeing the...
“Open Data is increasingly
   important as services
   move online.”

                                                —Tim...
data inside!




          “It’s like flying on an iPhone!”
                                                       http://f...
Wednesday, April 1, 2009

 - A bunch of data formats were developed the past few years to try to shepherd all this stu!
 -...
My 20+ Social Networks




Wednesday, April 1, 2009

 - but, social networks are only more recently running into these pro...
My 20+ Social Networks




Wednesday, April 1, 2009

 - but how did we get here?
Wednesday, April 1, 2009

- Might have the FriendSter castle, or maybe the MySpace castle, or the Facebook one. All
with b...
Wednesday, April 1, 2009

 - Then we got sites like Ning focused on making it easy to create your own castle.
 - With Ning...
Wednesday, April 1, 2009

Social Network Risk! (from Nov 2008)
 - Hi5 gains Cyprus from Facebook
 - MySpace gains Puerto R...
Social Applications

                • Each with a few great features
                  (UNIX philosophy)

               ...
Wednesday, April 1, 2009

 - Facebook Platform came about, meaning your source could run within their site and your
data c...
Wednesday, April 1, 2009
Wednesday, April 1, 2009

 - look like anything you recognize?
 - people not happy with this. facebook was trying to domin...
Portable Contacts

                                                   About
                                              ...
Wednesday, April 1, 2009

 - but more than just tech, starting to build with these individual blocks.
 - Action Streams fo...
About


                     DiSo Project
                                                                                ...
Wednesday, April 1, 2009

 - In the past year, not just underlying tech has emerged, but also developer toolkits
 - A few ...
“Connect”




Wednesday, April 1, 2009

 - JOSEPH

 - whether it be Facebook Connect, TypePad Connect, MySpace MyID, Googl...
Viewing




                                                          Virtuous Cycle of Sharing




                      ...
New building blocks

                             Who I am

                             Who I know

                     ...
Anatomy of “Connect”

                • Profile (identity, accounts, profiles)

                • Relationships (followers...
Wednesday, April 1, 2009

 - but, where did this leave the social networks
 - this was how I ended in september, but we’re...
Evolving the Open Stack
              Mashups      OpenSocial




                                                      .....
Portable Contacts

                                           About
                                           The vision ...
Why do people have to...

                • create a new account on every service?

                • re-create their prof...
Why do developers have to...
                • deal with [forgotten!] passwords?

                • create yet another pro...
So...
               How will our customers benefit?
                   How will developers?



Wednesday, April 1, 2009

...
Industry Trends
               User control of data
               User-centric web services, real identity becoming the n...
Eventbox Preferences
Wednesday, April 1, 2009

take a look at this screenshot from eventbox’s preferences.
Why is this even an option?
Wednesday, April 1, 2009

why is this even an option? we’re in a transitional period moving fr...
Wednesday, April 1, 2009

moving towards interfaces that support real names, and real identity
Source: http://blog.wired.com/business/2008/12/as-facebook-con.html

Wednesday, April 1, 2009

 - DAVID

- MySpace is buil...
...It's the same paradigm promised by OpenID and its
                   companion open-source technologies being developed...
Wednesday, April 1, 2009

demo of 8bitmusic flow from http://8bitmusic.jdavid.net/
chris@domain.com

                                       ••••••••




Wednesday, April 1, 2009

demo of 8bitmusic flow from...
Wednesday, April 1, 2009

demo of 8bitmusic flow from http://8bitmusic.jdavid.net/
Wednesday, April 1, 2009

demo of 8bitmusic flow from http://8bitmusic.jdavid.net/
For Developers | Discuss | Demand | OpenID Foundation | Worldwide



                                                     ...
Documentation      Community      Resources     Tools     News




    News

    Developer Blog         Press   Platform U...
xkcd.com/256

Wednesday, April 1, 2009

but there are some problems with letting the data flow...

in the map of online soc...
“... You may remove your User Content from the Site at any
              time. If you choose to remove your User Content, ...
“... People want full ownership and control of their
                 information so they can turn off access to it at any...
Wednesday, April 1, 2009

so facebook is attempting to reinvent democracy on its site.

this is an ongoing discussion and ...
Break
Wednesday, April 1, 2009
Through the Tech




Wednesday, April 1, 2009
Identity  Profiles




Wednesday, April 1, 2009
Wednesday, April 1, 2009
Demo!




Wednesday, April 1, 2009

go over concepts: identity provider, relying party
Log in to Mapquest using DavidRecor...
Relying Parties
                                  (aka places you can login with OpenID)




                             ...
Wednesday, April 1, 2009

not just blogs, but also big open source projects
not just..., but also consumer services
not ju...
OpenID-enabling
                           your own URL...



Wednesday, April 1, 2009
factoryjoe.com




Wednesday, April 1, 2009

start w/ url
As simple as...
                           html
                           head
                              link rel=quo...
Implementing OpenID




Wednesday, April 1, 2009

discuss
OpenID User Interface




Wednesday, April 1, 2009

 - probably the currently most discussed part of implementing OpenID
Wednesday, April 1, 2009

“Identifier driven sign-in”

WTF do I type in the box??

1. Heard of OpenID
2. Understand OpenID
...
factoryjoe




Wednesday, April 1, 2009

usernames
user@email.com




Wednesday, April 1, 2009

emails
friendster




Wednesday, April 1, 2009

names of social networks
Hotmail




Wednesday, April 1, 2009

email providers?
elderly




Wednesday, April 1, 2009

???
I HATE YOU!!!!!!!!!!!!!!!!!!!!!!!!LADY GAAAGGG




Wednesday, April 1, 2009

?????
Wednesday, April 1, 2009

or, they type nothing at all...
Wednesday, April 1, 2009

maybe it’s because people have been trained to just “type anything in the box”
Previous attempts




Wednesday, April 1, 2009
Wednesday, April 1, 2009

provide a pattern that the user can imitate (which one??).
Wednesday, April 1, 2009
Wednesday, April 1, 2009

mapquest
Wednesday, April 1, 2009
Wednesday, April 1, 2009

 - click button approach which is new in OpenID 2.0
Wednesday, April 1, 2009

...leading to, well, quite a few buttons.
Wednesday, April 1, 2009

...but promising nonetheless.

problem: we have no idea who you are (vs fb connect)
Pop-up flow




Wednesday, April 1, 2009
http://boogle.com




                                                                         Courtesy Balsamiq

Wednesda...
http://boogle.com




                                               Courtesy Balsamiq

Wednesday, April 1, 2009

i click ...
http://boogle.com




                                   http://boogle.com/signin




                                    ...
http://boogle.com




                                                                  Courtesy Balsamiq

Wednesday, Apri...
http://boogle.com/#finish



                                                           Welcome back, Chris   Sign out




...
show existing providers

                                                                                                 ...
Interscope Identity Providers
                                           Source: Janrain - Why Websites Should Accept Mult...
sulit.com.ph Identity Providers
                                            Source: Janrain - Why Websites Should Accept M...
benefits




Wednesday, April 1, 2009
Microformats




Wednesday, April 1, 2009
“Webpage as API”




Wednesday, April 1, 2009
vCard




Wednesday, April 1, 2009

universal standard for representing address book data...
BEGIN:VCARD
      SOURCE:http://factoryjoe.com
      NAME:FactoryCity (Chris Messina)
      VERSION:3.0
      N;LANGUAGE=e...
hCard




Wednesday, April 1, 2009
“vCard in HTML”




Wednesday, April 1, 2009
Wednesday, April 1, 2009
[
                                        .FN

                                                      .ADR
                ...
Marshall Kirkpatrick - Add One Line To Your Blog or Twitter Could Become Your Primary Identity

Wednesday, April 1, 2009

...
Discovery




Wednesday, April 1, 2009
c:

                                                                          icons by Seedling Design and Fast Icon

Wedn...
c:

                                                                 icons by Seedling Design, Fast Icon and original auth...
icon by Seedling Design

Wednesday, April 1, 2009
XRDS-Simple
                           (light-weight service discovery for the web)




Wednesday, April 1, 2009
OpenID in XRDS
     ?xml version=quot;1.0quot; encoding=quot;UTF-8quot;?
     xrds:XRDS
         xmlns:xrds=quot;xri://$xr...
Portable Contacts in XRDS
     ?xml version=quot;1.0quot; encoding=quot;UTF-8quot;?
     xrds:XRDS
         xmlns:xrds=quo...
How it works


                factoryjoe$ curl -H 'accept:application/xrds+xml' http://brian.myopenid.com/




Wednesday,...
How it works




Wednesday, April 1, 2009

Here’s what the response looks like (using Todd Ditchendorf’s HTTP Client) for ...
Wednesday, April 1, 2009

What about services?
oauth discovery -- auto-service discovery
(basically this is how you advert...
Emerging Work!


                                             LRDD
                                Link-based Resource Des...
Authorization




Wednesday, April 1, 2009
“your valet key for the web”

Wednesday, April 1, 2009

 - Standardized existing duplicate protocols from Google, Yahoo!, ...
Wednesday, April 1, 2009

 - Super secret URL
 - Until you share it...oops
http://adactio.com/journal/1357
Wednesday, April 1, 2009

 - Another option is passwords
 - But it is a *horrible* idea
  ...
Wednesday, April 1, 2009

twitter apps provide a very common example of this problem.
Wednesday, April 1, 2009

boxee is also a problem. all these sites are going social and want to add value or reuse your
da...
redo these slides




Wednesday, April 1, 2009

switch to dave
Wednesday, April 1, 2009
Wednesday, April 1, 2009
Wednesday, April 1, 2009
San Francisco, CA




Wednesday, April 1, 2009

 - You have *no* excuse to create APIs that only take passwords anymore
 -...
Mobile?




Wednesday, April 1, 2009

what about OAuth for mobile apps?
Wednesday, April 1, 2009

Start out with an iPhone app call FlightTrackPro.
Wednesday, April 1, 2009

now this app syncs with your TripIt account. So here we are in the app, and we need to login
to ...
chris@domain.com

                                          ••••••••




Wednesday, April 1, 2009

and we’re taken into Sa...
Wednesday, April 1, 2009

We see an access request... and scrolling down
Wednesday, April 1, 2009

we see that we can Grant Access here. Note that all the permissions are spelled out simply
here.
Wednesday, April 1, 2009

If we grant access, Safari fades out, bringing the app back into focus.
Wednesday, April 1, 2009

and voila, with OAuth, FlightTrackPro now has access to our trips.
A protocol for developing password-less APIs.




Wednesday, April 1, 2009
Wednesday, April 1, 2009

5 minute oauth python to twitter demo -- jsmarr demos oauth test client
Wednesday, April 1, 2009

 - Few interesting things
  - Means easier to create a directory of Twitter apps
  - Access type...
redo this




Wednesday, April 1, 2009
Advanced OAuth
                              Wrangling

                                              Kellan Elliott-McCre...
Library Support
                •C                             • .Net

                • C#                           • Ob...
ReadWriteWeb          ReadWriteTalk        Enterprise         Jobwire                                   About     Subscrib...
Demo: OpenID  OAuth Hybrid




Wednesday, April 1, 2009

Joseph’s Demo?
Relationships  Contacts




Wednesday, April 1, 2009
http://flickr.com/photos/factoryjoe/2545757754/

Wednesday, April 1, 2009

 - you’re then asked to “find your friends” by fo...
Wednesday, April 1, 2009

this can be useful for importing your friends
Wednesday, April 1, 2009
Wednesday, April 1, 2009

Wow! That was useful!
Portable Contacts API




Wednesday, April 1, 2009
Wednesday, April 1, 2009

 - JSON based RESTful API to query address books, update them, etc. Two-way sync.
 - Built into ...
Since September

                • Integrated with the OpenSocial REST People protocol

                • Google, MySpace,...
Portable Contacts Demo




Wednesday, April 1, 2009
The Microformat XFN
                if users want to link accounts, allow it... they may even link to your
               ...
Adding XFN




Wednesday, April 1, 2009
Wednesday, April 1, 2009

 - Note the action stream on the left, powered by MT, aggregating what I want it to (blogs are
e...
About Me




Wednesday, April 1, 2009

 - Could also do this to link to friend's profiles
About My Friends




Wednesday, April 1, 2009

 - quot;contactquot; instead of quot;mequot;
Google’s Social Graph API




Wednesday, April 1, 2009

so how does this play out? let’s take a look at google’s social gr...
Wednesday, April 1, 2009
Wednesday, April 1, 2009
Wednesday, April 1, 2009
Wednesday, April 1, 2009
http://code.google.com/apis/socialgraph




Wednesday, April 1, 2009
Wednesday, April 1, 2009

- anyone can play with this...
 - Demo http://www.davidrecordon.com/
 - Missing friends.js
 - Ex...
Wednesday, April 1, 2009
Wednesday, April 1, 2009
Periodically checking for new people.
Wednesday, April 1, 2009

Dopplr - before with scraping people were paranoid about s...
Friend Connect
Wednesday, April 1, 2009

open stack in a box... small site not wanting to do much programming...
Friend Connect
Wednesday, April 1, 2009

open stack in a box... small site not wanting to do much programming...
Friend Connect
Wednesday, April 1, 2009

open stack in a box... small site not wanting to do much programming...
Friend Connect
Wednesday, April 1, 2009

open stack in a box... small site not wanting to do much programming...
Emerging Work!



                           Activity Streams




Wednesday, April 1, 2009
“Lifestreaming”




Wednesday, April 1, 2009
Today

                • Last.fm

                • Jaiku

                • Facebook newsfeed

                • FriendFe...
The challenge


                • Develop a format for expressing activities

                • Compelling experiences fro...
FriendFeed Services
Wednesday, April 1, 2009
The Benefits

                • Staying in touch across the web

                • An open, emergent ecosystem of activiti...
Examples




Wednesday, April 1, 2009
social discovery




Wednesday, April 1, 2009
last.fm (as seen in Plaxo Pulse)
Wednesday, April 1, 2009
LinkedIn
Wednesday, April 1, 2009
Facebook
Wednesday, April 1, 2009
FriendFeed
Wednesday, April 1, 2009
messaging




Wednesday, April 1, 2009
Twitter
Wednesday, April 1, 2009
Yammer
Wednesday, April 1, 2009
Eventbox
Wednesday, April 1, 2009

desktop app
personal publishing




Wednesday, April 1, 2009
Wednesday, April 1, 2009

the original activity stream from jeremy keith
Movable Type Motion
Wednesday, April 1, 2009
brand/personal monitoring




Wednesday, April 1, 2009
GetSatisfaction Overheard
Wednesday, April 1, 2009
Twitter Search
Wednesday, April 1, 2009
Anatomy of an activity




Wednesday, April 1, 2009
Actor verb object [context]




Wednesday, April 1, 2009
factoryjoe tweeted Niches Bitches! [via SMS]




Wednesday, April 1, 2009
Actor verb object {indirect object} [context]




Wednesday, April 1, 2009
Chris bought Planet Earth {for Brynn} [at Amazon.com]




Wednesday, April 1, 2009
Activities on the Social Web




Wednesday, April 1, 2009
I visit davidrecordon.com




Wednesday, April 1, 2009
I decide I want to follow his activities

                                    Sign in to follow Dave!




Wednesday, April...
I sign in with my OpenID




Wednesday, April 1, 2009
Before I’m sent back, I’m asked
                            whether I want to follow Dave




Wednesday, April 1, 2009
I say yes, and am asked which
                                activity types Iʼm interested in...
                        ...
Should any of the selected types be protected,
                I will be asked whether I want to request access


        ...
If I say OK, an OAuth request will be sent which
                Dave will later be able to approve, deny or ignore




We...
...And Dave’s public activities will show up
                                   in my activities dashboard.




Wednesday,...
...And if Dave later approves my request,
                            his protected activities will show up too




Wednes...
Activities on the Open Web




Wednesday, April 1, 2009
I visit stammer.com




Wednesday, April 1, 2009
I decide I want to join this community

                                    Sign in to start posting!




Wednesday, April...
I sign in with my OpenID




Wednesday, April 1, 2009
Before I’m sent back, I’m asked whether I want to
                 authorize Stammer to postback my activities


         ...
If I say yes, I am returned to Stammer,
                   authenticated. As I use the site, my actions are
              ...
If I defer, I am returned to Stammer, authenticated.
                  As I use the site, my actions are posted to my
    ...
Sound familiar?




Wednesday, April 1, 2009
Wednesday, April 1, 2009

kind of like facebook beacon...
Wednesday, April 1, 2009
Current work: ATOM Extension




Wednesday, April 1, 2009
entry
                              idtag:photopanic.example.com,2008:activity01/id
                              titleGer...
entry
                              idtag:photopanic.example.com,2008:activity01/id
                              titleGer...
What can we observe?
Wednesday, April 1, 2009
MySpace already supports this




Wednesday, April 1, 2009
...we’d like to get this into OpenSocial




Wednesday, April 1, 2009
http://activitystrea.ms




Wednesday, April 1, 2009
Gadgets




Wednesday, April 1, 2009
jsmarr update




Wednesday, April 1, 2009
Wednesday, April 1, 2009
Wednesday, April 1, 2009
Builds on the Open Stack




Wednesday, April 1, 2009

 - Incorporates existing standards to do things like portable conta...
Three Main APIs
                 Combination of JavaScript, REST, templates, and proxied HTML


                • Activiti...
Wednesday, April 1, 2009

 - A write once, run anywhere social application platform
- boasting over 350 million potential ...
Containers




Wednesday, April 1, 2009

 - lots of social networks all over the world
 - most people only see the ones th...
Run like open source




Wednesday, April 1, 2009

 - Future roadmap isn’t run by [Google|MySpace], but by the community o...
Container Code




Wednesday, April 1, 2009

 - Production worthy reference implementation in Java
 - Java and PHP open so...
REST Libraries
                                    http://icanhaz.com/opensocialcode
                                     ...
Sign in




                    Home       News      Help


                  About:
                  This OpenSocial app...
web 2.0 Implementing the Social Web
web 2.0 Implementing the Social Web
web 2.0 Implementing the Social Web
web 2.0 Implementing the Social Web
web 2.0 Implementing the Social Web
web 2.0 Implementing the Social Web
Upcoming SlideShare
Loading in...5
×

web 2.0 Implementing the Social Web

2,321

Published on

Implementing the Social Web

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,321
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

web 2.0 Implementing the Social Web

  1. 1. Implementing the Social Web with OpenID, OAuth, and All That Jazz! David Recordon, Chris Messina, & Joseph Smarr March 31, 2009 Web 2.0 Expo San Francisco Wednesday, April 1, 2009 - CHRIS
  2. 2. About Us chrismessina daveman692 jsmarr Wednesday, April 1, 2009
  3. 3. All of you? Wednesday, April 1, 2009 - developers? designers? product peoples? <shout it out> - What questions/problems do you have?
  4. 4. What’s going on? Wednesday, April 1, 2009 - DAVID
  5. 5. Wednesday, April 1, 2009 - the social web is pretty repetitive today, the irony is that the web is a decentralized thing but so many social pieces are only centralized - Pain is being felt by early adopters and even mainstream users. - video by the group Data Portability last year which is one of the best summaries of this
  6. 6. http://dataportability.org/ Wednesday, April 1, 2009
  7. 7. Wednesday, April 1, 2009
  8. 8. Wednesday, April 1, 2009 - you fill out this long form time and time again - Digg has since simplified it, but really...12 fields all with an asterisk next to them!
  9. 9. http://flickr.com/photos/factoryjoe/2545757754/ Wednesday, April 1, 2009 - you’re then asked to “find your friends” by forking over your email password - hell, we’re guilty of this as well! The good news is that email providers are starting to add OAuth enabled APIs so that we don’t have to do this anymore. - but it isn’t just about asking for passwords (we do .CSV upload too), but that your email address book isn’t really the friends you want on every website
  10. 10. Wednesday, April 1, 2009 - then you create content yet it’s not shared outside of the site that you created it on
  11. 11. http://www.flickr.com/photos/jagelado/16631508/ Wednesday, April 1, 2009 - So, how’d we get here? - A few years ago this was the status quo, but even Microsoft has come a long way! - Open Source is everywhere (Wikia refuses to run software in their data center that isn’t Open Source)
  12. 12. http://www.illustratorworld.com/artwork/2238/ Wednesday, April 1, 2009 Browser Wars once people started really seeing the business value of getting stu online - More interested in the quot;second browser warquot; - WHATWG (HTML 5, Google Gears) - Turned from open source to the data behind it
  13. 13. “Open Data is increasingly important as services move online.” —Tim O'Reilly (OSCON '07) Wednesday, April 1, 2009 - Hosted services change the quot;openquot; game. If I’m using Gmail I care less about running my own copy of Gmail and more about having access to all of my email ofline or if I want to switch providers. - It used to be about source code, now it's about open data as applications are moving to the cloud
  14. 14. data inside! “It’s like flying on an iPhone!” http://flickr.com/photos/sathishcj/1868113345/ Wednesday, April 1, 2009 - and you need this data everywhere!
  15. 15. Wednesday, April 1, 2009 - A bunch of data formats were developed the past few years to try to shepherd all this stu! - RSS and Atom for feeds, RDF for semantic data, Microformats for social data already in pages, OPML for lists of things, KML for geo data, etc
  16. 16. My 20+ Social Networks Wednesday, April 1, 2009 - but, social networks are only more recently running into these problems. - wasn’t really until 2007 when Brad Fitzpatrick and I wrote a piece on the social graph that people really had a concerted eort around decentralizing social networks and their data
  17. 17. My 20+ Social Networks Wednesday, April 1, 2009 - but how did we get here?
  18. 18. Wednesday, April 1, 2009 - Might have the FriendSter castle, or maybe the MySpace castle, or the Facebook one. All with big moats around them keeping them separate from one another.
  19. 19. Wednesday, April 1, 2009 - Then we got sites like Ning focused on making it easy to create your own castle. - With Ning in the middle connecting them.
  20. 20. Wednesday, April 1, 2009 Social Network Risk! (from Nov 2008) - Hi5 gains Cyprus from Facebook - MySpace gains Puerto Rico from Facebook - Facebook gains Libya from MySpace - Facebook regains Cyrpus from Hi5 - and it goes on...
  21. 21. Social Applications • Each with a few great features (UNIX philosophy) • Creating combined value • Building blocks for new value • No social graph of their own! http://www.slideshare.net/stoweboyd/building-social-applications Wednesday, April 1, 2009 - Around the same time... - Combined value as they don't compete to do everything, rather compete within their area of expertise - Exhaserbated the problem of finding friends - Let me restate that point, these guys *do not* want to have their own social graph...but to use ones that already exist
  22. 22. Wednesday, April 1, 2009 - Facebook Platform came about, meaning your source could run within their site and your data could interact with their social data - but then went down the path of world domination...
  23. 23. Wednesday, April 1, 2009
  24. 24. Wednesday, April 1, 2009 - look like anything you recognize? - people not happy with this. facebook was trying to dominate the world
  25. 25. Portable Contacts About The vision for Portable Contacts has been around for a long time. Sites large and small share the goal of providing users a secure way to access their address books and friends lists without having to take their credentials or scrape their data. But only in recent weeks has it begun to feel that now is the right time to rally the community and the industry to work together to make this vision real by developing an open spec for exchange of contact info that everyone can embrace. Why now? The momentum began building for 'data portability' last year, and we are now at a point where there is strong support for the principle that users should be in control of their data and have the freedom to access it from across the web. And the major players have all recognized that they and their users are better off with secure contacts APIs (rather than having third-party services ask for users' credentials in order to scrape their data). As a result, we're seeing major Internet companies making contacts APIs available, such as Google's GData Contacts API, Yahoo's Address Book API, and Microsoft's Live Contacts API (with more to come). Not surprisingly though, each of these APIs is unique and proprietary. We believe this creates the ideal conditions for developing a common, open spec that everyone can benefit from. Just as OAuth has provided a standard to unify the various proprietary schemes for delegated authorization, we believe we can do the same thing for securely sharing address book and friends list data. Goals The goal of Portable Contacts is to make it easier for developers to give their users a secure way to access the address books and friends lists they have built up all a c tivity stre a .m s over the web. Specifically, we seek to create: A common access pattern and contact schema that any site can provide Well-specified authentication and access rules D isc uss. Standard libraries that can work with any site and absolutely minimal complexity, with the lightest possible toolchain A n in itia tive fro m th e D iS o P ro je c t. requirements for developers. F irst d ra ft spe c s: A c tivitie s in A to m ; A c tivity S c h e m a . A measure of our success will be the elimination of the quot;password anti-pattern,quot; by making it far easier to implement Portable Contacts than to engage in scraping, as well as a dramatic increase in the number of sites that both provide and consume who-you-know data. Our Approach Our design is focused around ease of adoption, which means a few things. First, our emphasis is on simplicity of design and targeted use cases. For example, version 1 is simply about access, and defers for now on the more complex issues around update and sync. Second, we're taking a modern approach to who-you- know data by unifying traditional contact info and social network data, in order to properly represent the current diversity of the social web ecosystem. Third, we're using existing standards wherever possible, including vCard, OpenSocial, XRDS- Simple, OAuth, etc. And lastly, we're designing something that should be easy for current service providers to adopt. We started by reviewing all the major existing contacts APIs and targeting the capabilities that they all share and provide. We believe this pragmatic balance is the best and quickest way to achieve our shared goal of widespread adoption. Here is the current draft spec, the wiki, and the mailing list. This project is being undertaken by Joseph Smarr, Chris Messina, and others. Wednesday, April 1, 2009 - Lots of technologies coming out of this evolution to try and solve these pain points - all developed by communities - all building on existing technologies
  26. 26. Wednesday, April 1, 2009 - but more than just tech, starting to build with these individual blocks. - Action Streams for Movable Type was really the first self hosted consumer friendly version of things like Facebook Newsfeed
  27. 27. About DiSo Project Blog Links Chat Open, distributed, social. Find Blogroll Silo free living. Chris Messina Stephen Paul Weber Social networks are becoming more open, more interconnected, and more distributed. Many of us Steve Ivy in the web creation world are embracing and promoting web standards - both client-side and Will Norris server-side. Microformats, standard APIs, and open-source software are key building blocks of these technologies. This model can be described as having three sides: Information, Identity, and DiSo - Distributed Interaction. Diso Code DiSo on Flickr DiSo (dee • soh) is an initiative to facilitate the creation of open, non-proprietary and DiSo on Ma.gnolia interoperable building blocks for the decentralized social web. DiSo on Twitter DiSo Wiki Our first target is WordPress, bootstrapping on existing work and building out from there. So what does that mean? DiSo Project We’re building Wordpress plugins that implement or build on: Visit this group microformats like XFN, hCard, XOXO — wp-contactlist, wp-profiles Archives OpenID — wp-contactlist, wp-openid-server June 2008 OAuth May 2008 …and others December 2007 Meta Register Log in WordPress | Sandbox Wednesday, April 1, 2009 - getting to the point where you’re able to easily start hosting your own - DiSo starting with building social stu on top of WordPress, we’ve been building similar things with Movable Type and working with the DiSo project in doing so - DiSo today is under taking more specification work than code work as they’re finding gaps with the wider community
  28. 28. Wednesday, April 1, 2009 - In the past year, not just underlying tech has emerged, but also developer toolkits - A few years ago developer tools talked about supporting AJAX or the latest version of CSS, now they’re talking about all these social technologies
  29. 29. “Connect” Wednesday, April 1, 2009 - JOSEPH - whether it be Facebook Connect, TypePad Connect, MySpace MyID, Google Friend Connect they’re all about connecting cloud service with distributed sites
  30. 30. Viewing Virtuous Cycle of Sharing Sharing Wednesday, April 1, 2009 - facebook knows this very well and is probably doing it the best
  31. 31. New building blocks Who I am Who I know What’s going on Wednesday, April 1, 2009 New building blocks help to establish WHO I AM, WHO I KNOW and WHAT’S GOING ON in a reusable way.
  32. 32. Anatomy of “Connect” • Profile (identity, accounts, profiles) • Relationships (followers, friends, contacts) • Content (posts, photos, videos, links) • Activity (poked, bought, shared, blogged) • Goal: Discovery of people and content Wednesday, April 1, 2009 - If done right, OpenID, OAuth, Portable Contacts, Activity Streams are all pieces of connect applications
  33. 33. Wednesday, April 1, 2009 - but, where did this leave the social networks - this was how I ended in september, but we’re starting to move ahead
  34. 34. Evolving the Open Stack Mashups OpenSocial ... Attributes Contacts OpenID/AX Portable Contacts Authentication Access Control OpenID/Auth OAuth Metadata Discovery YADIS, XRDS-Simple, XRD Unique Identifiers URLs, email addresses As proposed by Johannes Ernst Wednesday, April 1, 2009 lots of industry examples here making use of The Open Stack. OpenSocial -- OpenID, OAuth, microformats... Facebook -- apps, moving osite with connect... open sourcing components/platform Friend Connect -- answer to Facebook, implements opensocial MySpace DA -- way to get data in/out of MySpace; heavy on the TOS Y!OS -- new Y! strategy to open up, including social APIs + lots of OAuth + OpenID MT OS -- OpenID, OAuth, plugins make use of XRDS-Simple DiSo -- facilitating plugins for WordPress, Drupal, MT... etc also: android for mobile dev/capable browsers rendering engines (webkit++)
  35. 35. Portable Contacts About The vision for Portable Contacts has been around for a long time. Sites large and small share the goal of providing users a secure way to access their address books and friends lists without having to take their credentials or scrape their data. But only in recent weeks has it begun to feel that now is the right time to rally the community and the industry to work together to make this vision real by developing an open spec for exchange of contact info that everyone can embrace. Why now? The momentum began building for 'data portability' last year, and we are now at a point where there is strong support for the principle that users should be in control of their data and have the freedom to access it from across the web. And the major players have all recognized that they and their users are better off with secure contacts APIs (rather than having third-party services ask for users' credentials in order to scrape their data). As a result, we're seeing major Internet companies making contacts APIs available, such as Google's GData Contacts API, Yahoo's Address Book API, and Microsoft's Live Contacts API (with more to come). Not surprisingly though, each of these APIs is unique and proprietary. We believe this creates the ideal conditions for developing a common, open spec that everyone can benefit from. Just as OAuth has provided a standard to unify the various proprietary schemes for delegated authorization, we believe we can do the same thing for securely sharing address book and friends list data. Goals The goal of Portable Contacts is to make it easier for developers to give their users a secure way to access the address books and friends lists they have built up all a c tivity stre a .m s over the web. Specifically, we seek to create: A common access pattern and contact schema that any site can provide Well-specified authentication and access rules D isc uss. Standard libraries that can work with any site and absolutely minimal complexity, with the lightest possible toolchain A n in itia tive fro m th e D iS o P ro je c t. requirements for developers. F irst d ra ft spe c s: A c tivitie s in A to m ; A c tivity S c h e m a . A measure of our success will be the elimination of the quot;password anti-pattern,quot; by making it far easier to implement Portable Contacts than to engage in scraping, as well as a dramatic increase in the number of sites that both provide and consume who-you-know data. Our Approach Our design is focused around ease of adoption, which means a few things. First, our emphasis is on simplicity of design and targeted use cases. For example, version 1 is simply about access, and defers for now on the more complex issues around update and sync. Second, we're taking a modern approach to who-you- know data by unifying traditional contact info and social network data, in order to properly represent the current diversity of the social web ecosystem. Third, we're using existing standards wherever possible, including vCard, OpenSocial, XRDS- Simple, OAuth, etc. And lastly, we're designing something that should be easy for current service providers to adopt. We started by reviewing all the major existing contacts APIs and targeting the capabilities that they all share and provide. We believe this pragmatic balance is the best and quickest way to achieve our shared goal of widespread adoption. Here is the current draft spec, the wiki, and the mailing list. This project is being undertaken by Joseph Smarr, Chris Messina, and others. Wednesday, April 1, 2009 - these technologies are actually taking root! - call it competitive pressure, call it facebook being on top and others being jealous, I don’t care what you call it - it is happening!
  36. 36. Why do people have to... • create a new account on every service? • re-create their profile? • give away their passwords to every site that asks? • re-discover their friends? • re-friend their friends! • learn new ways to share and communicate? Wednesday, April 1, 2009 summary of problems... SNS routines
  37. 37. Why do developers have to... • deal with [forgotten!] passwords? • create yet another profile form? • support every new service API that comes out? • force members to invite everyone they know? • implement an unsafe method for importing contacts? • create widgets for incompatible social networks? • manually interpret feeds for activity streams? Wednesday, April 1, 2009
  38. 38. So... How will our customers benefit? How will developers? Wednesday, April 1, 2009 - CHRIS
  39. 39. Industry Trends User control of data User-centric web services, real identity becoming the norm Location-enhanced services Real-time content delivery, ubiquitous connectivity Interoperable application platforms Content aggregation and syndication Increasing quantities of data to work with Democratization of digital media creation tools Wednesday, April 1, 2009 let’s look at some industry trends...
  40. 40. Eventbox Preferences Wednesday, April 1, 2009 take a look at this screenshot from eventbox’s preferences.
  41. 41. Why is this even an option? Wednesday, April 1, 2009 why is this even an option? we’re in a transitional period moving from computer-based identifiers to human-friendly ones.
  42. 42. Wednesday, April 1, 2009 moving towards interfaces that support real names, and real identity
  43. 43. Source: http://blog.wired.com/business/2008/12/as-facebook-con.html Wednesday, April 1, 2009 - DAVID - MySpace is building the same stu as Facebook using open standards; OpenID, OAuth and OpenSocial
  44. 44. ...It's the same paradigm promised by OpenID and its companion open-source technologies being developed by Google, MySpace, Yahoo, Plaxo and other key players on the social web. But where Facebook Connect is heading towards mass adoption on mainstream sites like Digg, OpenID is currently bogged down by several issues, the largest of which is poor usability. Source: http://blog.wired.com/business/2008/12/as-facebook-con.html Wednesday, April 1, 2009 - MySpace is building the same stu as Facebook using open standards; OpenID, OAuth and OpenSocial
  45. 45. Wednesday, April 1, 2009 demo of 8bitmusic flow from http://8bitmusic.jdavid.net/
  46. 46. chris@domain.com •••••••• Wednesday, April 1, 2009 demo of 8bitmusic flow from http://8bitmusic.jdavid.net/
  47. 47. Wednesday, April 1, 2009 demo of 8bitmusic flow from http://8bitmusic.jdavid.net/
  48. 48. Wednesday, April 1, 2009 demo of 8bitmusic flow from http://8bitmusic.jdavid.net/
  49. 49. For Developers | Discuss | Demand | OpenID Foundation | Worldwide What Where How is OpenID? can I use it? do I get one? « PayPal joins OpenID Foundation Board as we enter 2009 Facebook joins OpenID Foundation Board with a commitment to better user experience Posted February 5th, 2009 at 11:30 pm GMT by David Recordon and Chris Messina Today we’re excited to join Facebook’s Mike Schroepfer in announcing that they have joined the OpenID Foundation’s board as a sustaining corporate member. Luke Shepard, a key member of Facebook’s Platform and Connect teams and a huge internal advocate for OpenID, has been selected as their representative and joins the current board of seven community elected board members and six sustaining corporate members: Google, IBM, Microsoft, PayPal (joined last week), VeriSign and Yahoo!. Additionally, to maintain the ratio of community and corporate board members, Joseph Smarr will be joining the board as our eighth community member. As the OpenID community entered 2009 two key topics have become the focal points on the road to mainstream adoption: user experience and security. Given the popularity and positive user experience of Facebook Connect, we look forward to Facebook working within the community to improve OpenID’s usability and reach. As a first step, Facebook will be hosting a design summit next week at their campus in Palo Alto which follows a similar summit on user experience hosted at Yahoo! last year. The summit will convene some of the top designers from Facebook, the DiSo Project, Google, JanRain, MySpace, Six Apart and Yahoo!, focusing on how existing OpenID implementations could support an experience similar to Facebook Connect. Facebook’s financial contribution along with its membership on the board signals the company’s enthusiasm to work more closely with the OpenID community, building up momentum towards their adoption of OpenID as a standard. Facebook furthering its commitment to openness couldn’t have come at a better time to make 2009 an amazing year for OpenID and the wider social web. For press contacts, please call OpenID Foundation board members David Recordon at 503.341.3009 or Chris Messina at 412.225.1051. Wednesday, April 1, 2009 - CHRIS And then two months ago this space changed with Facebook starting to embrace open standards and APIs by them now fitting into their strategy.
  50. 50. Documentation Community Resources Tools News News Developer Blog Press Platform Updates Opening Up Facebook Status, Notes, Links, Recent News Share Archived Posts and Video to Facebook Platform Opening Up Facebook Status, Notes, 2009 4:54PM, Friday Feb 6th Links, and Video to Facebook Platform February (3) Published by Chris Putnam February 6, 2009 January (8) We're launching several new APIs for Facebook Platform today. These new 2008 Next Steps in Openness interfaces open up access to the content and methods for sharing through December (12) February 5, 2009 several Facebook Applications -- including Facebook Status, Notes, Links (what November (8) we used to call Posted Items), and Video -- to go along with the APIs already Postcards from January Garages October (3) available for uploading and viewing through Facebook Photos. We've seen February 2, 2009 September (6) increasing engagement with over 15 million users updating their status each August (7) day and sharing over 24 million links per month. We wanted to make sure this January Platform News July (15) January 31, 2009 content and the ability to share this content was available through our June (8) standard APIs. May (11) Try Out the New FBJS April (7) January 30, 2009 Specifically, your applications can now directly access all of a user's status, March (7) links, and notes via new methods and FQL calls. Your application will have February (9) Facebook Connect and Apple’s iPhoto access to any status, notes, or links from the active user or their friends that January (11) ’09 are currently visible to the active user. In addition, we're opening new APIs for 2007 January 29, 2009 you to post links, create notes, or upload videos for the current user, and December (5) we've made setting a user's status easier. Shalom from Facebook Developer November (5) Garage Israel! October (10) We're pretty excited to see what kinds of ideas you can come up with to help January 16, 2009 September (4) users create and share more content. For example, a travel application could August (5) make it really easy for users to create and share notes and upload photos and Changes in Facebook Platform July (2) videos from a recent trip. Users could then display that content within a Leadership June (1) profile tab for that app. Or a news website could use Facebook Connect to January 16, 2009 May (2) allow users to easily post links from the site and feature all of the most recent April (1) Extending FBML with Custom Tags links that a user's friends have shared from that website. March (3) January 13, 2009 February (3) Every user is subject to limits on the length and size of the video files they Subscribe January (3) can upload, just like they are when uploading through Facebook. Use 2006 video.getUploadLimits to determine a specific user's limits. To increase video Wednesday, April 1, 2009 And then they opened up APIs for status, notes, links and video. - Moving from just pulling data in, to being able to get data out as well
  51. 51. xkcd.com/256 Wednesday, April 1, 2009 but there are some problems with letting the data flow... in the map of online social networks, things get tricky really fast when data moves from one “nation” to another.
  52. 52. “... You may remove your User Content from the Site at any time. If you choose to remove your User Content, the license granted above will automatically expire, however you acknowledge that the Company may retain archived copies of your User Content....” — Facebook Terms of Service Wednesday, April 1, 2009 Here’s what happened. Sometime last month, Facebook made a change to their TOS, striking the passage here. Language was also clarified about ownership of user data... giving Facebook a “perpetual right to license and sublicense your content”... basically you give it to Facebook and they can do what they want with it. At least that’s how people read it.
  53. 53. “... People want full ownership and control of their information so they can turn off access to it at any time. At the same time, people also want to be able to bring the information others have shared with them ... to other services and grant those services access to those people's information. These two positions are at odds with each other. ” — Mark Zuckerberg, Facebook Wednesday, April 1, 2009 In response, they reverted the changes and Mark Zuckerberg said on the FB blog: “Still, the interesting thing about this change in our terms is that it highlights the importance of these issues and their complexity. People want full ownership and control of their information so they can turn o access to it at any time. At the same time, people also want to be able to bring the information others have shared with them—like email addresses, phone numbers, photos and so on—to other services and grant those services access to those people's information. These two positions are at odds with each other. There is no system today that enables me to share my email address with you and then simultaneously lets me control who you share it with and also lets you control what services you share it with.” In other words, people want their cake and to eat it too.
  54. 54. Wednesday, April 1, 2009 so facebook is attempting to reinvent democracy on its site. this is an ongoing discussion and something that should be watched closely.
  55. 55. Break Wednesday, April 1, 2009
  56. 56. Through the Tech Wednesday, April 1, 2009
  57. 57. Identity Profiles Wednesday, April 1, 2009
  58. 58. Wednesday, April 1, 2009
  59. 59. Demo! Wednesday, April 1, 2009 go over concepts: identity provider, relying party Log in to Mapquest using DavidRecordon.com.
  60. 60. Relying Parties (aka places you can login with OpenID) OpenID - As viewed by JanRain’s MyOpenID.com Wednesday, April 1, 2009 - 2007 was a huge year for OpenID!
  61. 61. Wednesday, April 1, 2009 not just blogs, but also big open source projects not just..., but also consumer services not just..., but also large service providers and corporations - No where near a complete list!
  62. 62. OpenID-enabling your own URL... Wednesday, April 1, 2009
  63. 63. factoryjoe.com Wednesday, April 1, 2009 start w/ url
  64. 64. As simple as... html head link rel=quot;openid2.providerquot; href=quot;http://factoryjoe.com/blog/openid/serverquot; / link rel=quot;openid2.local_idquot; href=quot;http://factoryjoe.com /blog/author/admin/quot; / link rel=quot;openid.serverquot; href=quot;http://factoryjoe.com/blog/openid/serverquot; / link rel=quot;openid.delegatequot; href=quot;http://factoryjoe.com /blog/author/admin/quot; / /head /html Wednesday, April 1, 2009
  65. 65. Implementing OpenID Wednesday, April 1, 2009 discuss
  66. 66. OpenID User Interface Wednesday, April 1, 2009 - probably the currently most discussed part of implementing OpenID
  67. 67. Wednesday, April 1, 2009 “Identifier driven sign-in” WTF do I type in the box?? 1. Heard of OpenID 2. Understand OpenID 3. Have an OpenID 4. Know what URL to type
  68. 68. factoryjoe Wednesday, April 1, 2009 usernames
  69. 69. user@email.com Wednesday, April 1, 2009 emails
  70. 70. friendster Wednesday, April 1, 2009 names of social networks
  71. 71. Hotmail Wednesday, April 1, 2009 email providers?
  72. 72. elderly Wednesday, April 1, 2009 ???
  73. 73. I HATE YOU!!!!!!!!!!!!!!!!!!!!!!!!LADY GAAAGGG Wednesday, April 1, 2009 ?????
  74. 74. Wednesday, April 1, 2009 or, they type nothing at all...
  75. 75. Wednesday, April 1, 2009 maybe it’s because people have been trained to just “type anything in the box”
  76. 76. Previous attempts Wednesday, April 1, 2009
  77. 77. Wednesday, April 1, 2009 provide a pattern that the user can imitate (which one??).
  78. 78. Wednesday, April 1, 2009
  79. 79. Wednesday, April 1, 2009 mapquest
  80. 80. Wednesday, April 1, 2009
  81. 81. Wednesday, April 1, 2009 - click button approach which is new in OpenID 2.0
  82. 82. Wednesday, April 1, 2009 ...leading to, well, quite a few buttons.
  83. 83. Wednesday, April 1, 2009 ...but promising nonetheless. problem: we have no idea who you are (vs fb connect)
  84. 84. Pop-up flow Wednesday, April 1, 2009
  85. 85. http://boogle.com Courtesy Balsamiq Wednesday, April 1, 2009 so i visit my favorite search engine and decide that i want to sign in
  86. 86. http://boogle.com Courtesy Balsamiq Wednesday, April 1, 2009 i click sign in
  87. 87. http://boogle.com http://boogle.com/signin Courtesy Balsamiq Wednesday, April 1, 2009 and a popup is launched where I pick my provider...
  88. 88. http://boogle.com Courtesy Balsamiq Wednesday, April 1, 2009 now i’m redirected to my openid provider where i can sign in...
  89. 89. http://boogle.com/#finish Welcome back, Chris Sign out Courtesy Balsamiq Wednesday, April 1, 2009 upon successfully authenticating, i’ve signed in, without the original page refreshing
  90. 90. show existing providers how many of your custom already have one of these accounts? easier than going into inb spam show janrain charts show popular IDPs UserVoice Identity Providers Source: Janrain - Why Websites Should Accept Multiple Third Party Identity Account Logins Wednesday, April 1, 2009 NASCAR
  91. 91. Interscope Identity Providers Source: Janrain - Why Websites Should Accept Multiple Third Party Identity Account Logins Wednesday, April 1, 2009
  92. 92. sulit.com.ph Identity Providers Source: Janrain - Why Websites Should Accept Multiple Third Party Identity Account Logins Wednesday, April 1, 2009
  93. 93. benefits Wednesday, April 1, 2009
  94. 94. Microformats Wednesday, April 1, 2009
  95. 95. “Webpage as API” Wednesday, April 1, 2009
  96. 96. vCard Wednesday, April 1, 2009 universal standard for representing address book data...
  97. 97. BEGIN:VCARD SOURCE:http://factoryjoe.com NAME:FactoryCity (Chris Messina) VERSION:3.0 N;LANGUAGE=en;CHARSET=UTF-8:Messina;Chris;;; ORG;CHARSET=UTF-8:Vidoop FN;LANGUAGE=en;CHARSET=UTF-8:Chris Messina ADR;LANGUAGE=en;CHARSET=UTF-8:;;;San Francisco;;; PHOTO;VALUE=uri:http://factorycity.net/images/avatar.jpg URL:http://factoryjoe.com URL:http://factoryjoe.com/blog URL:http://twitter.com/chrismessina URL:http://flickr.com/photos/factoryjoe URL:http://friendfeed.com/factoryjoe URL:http://brightkite.com/people/factoryjoe/ URL:http://mento.info/factoryjoe URL:http://ma.gnolia.com/people/factoryjoe URL:http://factoryjoe.tumblr.com URL:http://facebook.com/chrismessina END:VCARD Wednesday, April 1, 2009
  98. 98. hCard Wednesday, April 1, 2009
  99. 99. “vCard in HTML” Wednesday, April 1, 2009
  100. 100. Wednesday, April 1, 2009
  101. 101. [ .FN .ADR .VCARD .URL + REL-ME Wednesday, April 1, 2009
  102. 102. Marshall Kirkpatrick - Add One Line To Your Blog or Twitter Could Become Your Primary Identity Wednesday, April 1, 2009 Why is this cool? first: web page as API second: support in opera, firefox, now IE8 (web slices) SEO
  103. 103. Discovery Wednesday, April 1, 2009
  104. 104. c: icons by Seedling Design and Fast Icon Wednesday, April 1, 2009 so you need a way to refer to these cloud-based applications like you used to...
  105. 105. c: icons by Seedling Design, Fast Icon and original authors Wednesday, April 1, 2009 meanwhile we have hybrid apps like these that are also being thrown into the mix with infinite storage but a native experience. and these all require identity of some sort.
  106. 106. icon by Seedling Design Wednesday, April 1, 2009
  107. 107. XRDS-Simple (light-weight service discovery for the web) Wednesday, April 1, 2009
  108. 108. OpenID in XRDS ?xml version=quot;1.0quot; encoding=quot;UTF-8quot;? xrds:XRDS xmlns:xrds=quot;xri://$xrdsquot; xmlns:openid=quot;http://openid.net/xmlns/1.0quot; xmlns=quot;xri://$xrd*($v*2.0)quot; XRD Service priority=quot;0quot; Typehttp://specs.openid.net/auth/2.0/signon/Type Typehttp://openid.net/sreg/1.0/Type Typehttp://openid.net/extensions/sreg/1.1/Type Typehttp://schemas.openid.net/pape/policies/2007/06/phishing-resistant/Type Typehttp://schemas.openid.net/pape/policies/2007/06/multi-factor/Type Typehttp://schemas.openid.net/pape/policies/2007/06/multi-factor-physical/Type URIhttps://pip.verisignlabs.com/server/URI LocalIDhttps://recordond.pip.verisignlabs.com//LocalID /Service /XRD /xrds:XRDS Wednesday, April 1, 2009
  109. 109. Portable Contacts in XRDS ?xml version=quot;1.0quot; encoding=quot;UTF-8quot;? xrds:XRDS xmlns:xrds=quot;xri://$xrdsquot; xmlns:openid=quot;http://openid.net/xmlns/1.0quot; xmlns=quot;xri://$xrd*($v*2.0)quot; XRD version=quot;2.0quot; Typexri://$xrds*simple/Type Service Typehttp://portablecontacts.net/spec/1.0/Type URIhttp://pulse.plaxo.com/pulse/pdata/contacts/URI /Service Service priority=quot;0quot; Typehttp://specs.openid.net/auth/2.0/signon/Type Typehttp://openid.net/sreg/1.0/Type Typehttp://openid.net/extensions/sreg/1.1/Type Typehttp://schemas.openid.net/pape/policies/2007/06/phishing-resistant/Type Typehttp://openid.net/srv/ax/1.0/Type URIhttp://www.myopenid.com/server/URI LocalIDhttp://brian.myopenid.com//LocalID /Service /XRD /xrds:XRDS Wednesday, April 1, 2009
  110. 110. How it works factoryjoe$ curl -H 'accept:application/xrds+xml' http://brian.myopenid.com/ Wednesday, April 1, 2009 Start simple: - curl -H 'accept:application/xrds+xml' http://brian.myopenid.com/
  111. 111. How it works Wednesday, April 1, 2009 Here’s what the response looks like (using Todd Ditchendorf’s HTTP Client) for Brian Ellin (AN INDIVIDUAL) - curl -H 'accept:application/xrds+xml' http://brian.myopenid.com/
  112. 112. Wednesday, April 1, 2009 What about services? oauth discovery -- auto-service discovery (basically this is how you advertise your APIs to be autodiscovered) this is from partuza.nl -- an implementation of OpenSocial
  113. 113. Emerging Work! LRDD Link-based Resource Descriptor Discovery http://tools.ietf.org/html/draft-hammer-discovery-03 Wednesday, April 1, 2009 emerging work
  114. 114. Authorization Wednesday, April 1, 2009
  115. 115. “your valet key for the web” Wednesday, April 1, 2009 - Standardized existing duplicate protocols from Google, Yahoo!, AOL, and Microsoft - Remove the need to ask for email provider passwords - Seeing good adoption, so pay attention to this!
  116. 116. Wednesday, April 1, 2009 - Super secret URL - Until you share it...oops
  117. 117. http://adactio.com/journal/1357 Wednesday, April 1, 2009 - Another option is passwords - But it is a *horrible* idea - How many people use the same passwords?
  118. 118. Wednesday, April 1, 2009 twitter apps provide a very common example of this problem.
  119. 119. Wednesday, April 1, 2009 boxee is also a problem. all these sites are going social and want to add value or reuse your data... but there’s been no good alternative. each big site came up with its own BFS of an API which lead to a developer tax to reimplement code everytime, so they just went back to scraping.
  120. 120. redo these slides Wednesday, April 1, 2009 switch to dave
  121. 121. Wednesday, April 1, 2009
  122. 122. Wednesday, April 1, 2009
  123. 123. Wednesday, April 1, 2009
  124. 124. San Francisco, CA Wednesday, April 1, 2009 - You have *no* excuse to create APIs that only take passwords anymore - Google, Netflix, Yahoo!, MySpace, Twitter, etc and is being standardized in the IETF - Tell story of how OAuth was created
  125. 125. Mobile? Wednesday, April 1, 2009 what about OAuth for mobile apps?
  126. 126. Wednesday, April 1, 2009 Start out with an iPhone app call FlightTrackPro.
  127. 127. Wednesday, April 1, 2009 now this app syncs with your TripIt account. So here we are in the app, and we need to login to connect to our TripIt account. We click login...
  128. 128. chris@domain.com •••••••• Wednesday, April 1, 2009 and we’re taken into Safari, where we sign in through the web browser.
  129. 129. Wednesday, April 1, 2009 We see an access request... and scrolling down
  130. 130. Wednesday, April 1, 2009 we see that we can Grant Access here. Note that all the permissions are spelled out simply here.
  131. 131. Wednesday, April 1, 2009 If we grant access, Safari fades out, bringing the app back into focus.
  132. 132. Wednesday, April 1, 2009 and voila, with OAuth, FlightTrackPro now has access to our trips.
  133. 133. A protocol for developing password-less APIs. Wednesday, April 1, 2009
  134. 134. Wednesday, April 1, 2009 5 minute oauth python to twitter demo -- jsmarr demos oauth test client
  135. 135. Wednesday, April 1, 2009 - Few interesting things - Means easier to create a directory of Twitter apps - Access type of read-only
  136. 136. redo this Wednesday, April 1, 2009
  137. 137. Advanced OAuth Wrangling Kellan Elliott-McCrea XTech 2008: The Web on the Move http://www.slideshare.net/kellan/advanced-oauth-wrangling Wednesday, April 1, 2009
  138. 138. Library Support •C • .Net • C# • Objective-C • ColdFusion • OCaml • Java • Perl • Javascript • PHP • Jifty • Python • Maven • Ruby See http://oauth.net/code Wednesday, April 1, 2009
  139. 139. ReadWriteWeb ReadWriteTalk Enterprise Jobwire About Subscribe Co RSS RWW Da Your em RSS RWW W Your em Search ReadWriteWeb Home Products Trends Best of RWW Archives Comcast Property Sees 92% Success Rate With New Mobile retail software designed for in-store ret OpenID Method counting, receiving etc. www.handpoint.com Written by Marshall Kirkpatrick / February 10, 2009 2:33 PM / 22 Comments « Prior Post Next Post » Dell Business Comput The most-watched geek event of the day has to be the OpenID UX Business Computer Pow (User Experience) Summit, hosted at the Facebook headquaters. The Core™ 2 Duo On Sale www.nz.dell.com most discussed moment of the day will surely be the presentation by Comcast's Plaxo team. New Zealand Site Features 130,000 Memb Plaxo and Google have collaborated on an OpenID method that may It's So Popular! www.smilecity.co.nz represent the solution to OpenID's biggest problems: it's too unknown, it's too complicated and it's too arduous. Today at the User Experience Summit, Plaxo announced that early tests of its new OpenID login RWW SPONSORS system had a 92% success rate - unheard of in the industry. OpenID's usability problems appear closer than ever to being solved for good. This experimental method refers to big, known brands where users were already logged in, it requires zero typing - just two clicks - and it takes advantage of the OpenID authentication opportunity to get quick permission to leverage the well established OAuth data swap to facilitate immediate personalization - at the same time, with nothing but 2 clicks required of users. Plaxo, primarily known for the noxious flood of spam emails it delivered in its early days, is now an online user activity data stream aggregator owned by telecom giant Comcast. The Plaxo team has been at the forefront of the new Open Web paradigm best known for the OpenID protocol. The Flow The method Plaxo has been testing is called an OpenID/OAuth combo, in collaboration with Wednesday, April 1, 2009 - that said, there are somedoes that mean, in regular terms? It means that Plaxo told users they could log in Google. What positive signs here. with their Gmail accounts as OpenID by clicking a link to open a Gmail window, then Google - 92% of the people thatpermission to hand over user contact data using the OAuth standard protocol. Once they sent to login with OpenID came back successfully! asked for login was confirmed, whether contact data access was granted to Plaxo or not, the Gmail window closed and users were returned to Plaxo all logged in. No new accounts, no disclosure of Gmail passwords to Plaxo, no risky account scraping and no need to import or find friends on the new service before immediate personalization could be offered. This is a very different flow than most OpenID quot;relying partiesquot; have followed before - but it won't be for long. The Success Rate Plaxo reported today that it has seen a staggering 92% of users who clicked on the quot;log-in with Gmailquot; button come back to Plaxo with permission to authenticate their identities via Gmail granted. Of those who returned, another 92% also granted permission for Plaxo to access their contacts list. Only 8% of the people who clicked to log in with a standards based 3rd party
  140. 140. Demo: OpenID OAuth Hybrid Wednesday, April 1, 2009 Joseph’s Demo?
  141. 141. Relationships Contacts Wednesday, April 1, 2009
  142. 142. http://flickr.com/photos/factoryjoe/2545757754/ Wednesday, April 1, 2009 - you’re then asked to “find your friends” by forking over your email password - hell, we’re guilty of this as well! The good news is that email providers are starting to add OAuth enabled APIs so that we don’t have to do this anymore. - but it isn’t just about asking for passwords (we do .CSV upload too), but that your email address book isn’t really the friends you want on every website
  143. 143. Wednesday, April 1, 2009 this can be useful for importing your friends
  144. 144. Wednesday, April 1, 2009
  145. 145. Wednesday, April 1, 2009 Wow! That was useful!
  146. 146. Portable Contacts API Wednesday, April 1, 2009
  147. 147. Wednesday, April 1, 2009 - JSON based RESTful API to query address books, update them, etc. Two-way sync. - Built into OpenSocial’s REST API and lots of vendors looking at supporting it. - Think about vCard if it were modernized.
  148. 148. Since September • Integrated with the OpenSocial REST People protocol • Google, MySpace, hi5 and Plaxo are PoCo Providers • Microsoft’s LiveFX Framework (sort of) supports PoCo • Handful of PoCo consumers (including an Android app) • Engaging the IETF around vCardDav compatibility Wednesday, April 1, 2009 - Handful of
  149. 149. Portable Contacts Demo Wednesday, April 1, 2009
  150. 150. The Microformat XFN if users want to link accounts, allow it... they may even link to your service from another profile Wednesday, April 1, 2009 - but what can we build atop OpenID?
  151. 151. Adding XFN Wednesday, April 1, 2009
  152. 152. Wednesday, April 1, 2009 - Note the action stream on the left, powered by MT, aggregating what I want it to (blogs are evolving too)
  153. 153. About Me Wednesday, April 1, 2009 - Could also do this to link to friend's profiles
  154. 154. About My Friends Wednesday, April 1, 2009 - quot;contactquot; instead of quot;mequot;
  155. 155. Google’s Social Graph API Wednesday, April 1, 2009 so how does this play out? let’s take a look at google’s social graph API
  156. 156. Wednesday, April 1, 2009
  157. 157. Wednesday, April 1, 2009
  158. 158. Wednesday, April 1, 2009
  159. 159. Wednesday, April 1, 2009
  160. 160. http://code.google.com/apis/socialgraph Wednesday, April 1, 2009
  161. 161. Wednesday, April 1, 2009 - anyone can play with this... - Demo http://www.davidrecordon.com/ - Missing friends.js - Explore with attributes twitter.com/daveman692
  162. 162. Wednesday, April 1, 2009
  163. 163. Wednesday, April 1, 2009
  164. 164. Periodically checking for new people. Wednesday, April 1, 2009 Dopplr - before with scraping people were paranoid about saving users’ passwords... so they trashed them after using them... with oauth, you can get ongoing access and then introduce people to their friends once they sign up
  165. 165. Friend Connect Wednesday, April 1, 2009 open stack in a box... small site not wanting to do much programming...
  166. 166. Friend Connect Wednesday, April 1, 2009 open stack in a box... small site not wanting to do much programming...
  167. 167. Friend Connect Wednesday, April 1, 2009 open stack in a box... small site not wanting to do much programming...
  168. 168. Friend Connect Wednesday, April 1, 2009 open stack in a box... small site not wanting to do much programming...
  169. 169. Emerging Work! Activity Streams Wednesday, April 1, 2009
  170. 170. “Lifestreaming” Wednesday, April 1, 2009
  171. 171. Today • Last.fm • Jaiku • Facebook newsfeed • FriendFeed • etc. Wednesday, April 1, 2009
  172. 172. The challenge • Develop a format for expressing activities • Compelling experiences from activity feeds • The zero-knowledge test • etc. Wednesday, April 1, 2009
  173. 173. FriendFeed Services Wednesday, April 1, 2009
  174. 174. The Benefits • Staying in touch across the web • An open, emergent ecosystem of activities • Filtering, search, automation stats • Optimal, compelling, custom experiences • Coalescing, merging, de-duping • etc. Wednesday, April 1, 2009
  175. 175. Examples Wednesday, April 1, 2009
  176. 176. social discovery Wednesday, April 1, 2009
  177. 177. last.fm (as seen in Plaxo Pulse) Wednesday, April 1, 2009
  178. 178. LinkedIn Wednesday, April 1, 2009
  179. 179. Facebook Wednesday, April 1, 2009
  180. 180. FriendFeed Wednesday, April 1, 2009
  181. 181. messaging Wednesday, April 1, 2009
  182. 182. Twitter Wednesday, April 1, 2009
  183. 183. Yammer Wednesday, April 1, 2009
  184. 184. Eventbox Wednesday, April 1, 2009 desktop app
  185. 185. personal publishing Wednesday, April 1, 2009
  186. 186. Wednesday, April 1, 2009 the original activity stream from jeremy keith
  187. 187. Movable Type Motion Wednesday, April 1, 2009
  188. 188. brand/personal monitoring Wednesday, April 1, 2009
  189. 189. GetSatisfaction Overheard Wednesday, April 1, 2009
  190. 190. Twitter Search Wednesday, April 1, 2009
  191. 191. Anatomy of an activity Wednesday, April 1, 2009
  192. 192. Actor verb object [context] Wednesday, April 1, 2009
  193. 193. factoryjoe tweeted Niches Bitches! [via SMS] Wednesday, April 1, 2009
  194. 194. Actor verb object {indirect object} [context] Wednesday, April 1, 2009
  195. 195. Chris bought Planet Earth {for Brynn} [at Amazon.com] Wednesday, April 1, 2009
  196. 196. Activities on the Social Web Wednesday, April 1, 2009
  197. 197. I visit davidrecordon.com Wednesday, April 1, 2009
  198. 198. I decide I want to follow his activities Sign in to follow Dave! Wednesday, April 1, 2009
  199. 199. I sign in with my OpenID Wednesday, April 1, 2009
  200. 200. Before I’m sent back, I’m asked whether I want to follow Dave Wednesday, April 1, 2009
  201. 201. I say yes, and am asked which activity types Iʼm interested in... Add contact Dave Recordon Add subscriptions Worst username evar. Contact details San Francisco, CA Status updates davidrecordon.com Photos Bookmarks Your message (optional) Blogs Hi there! We met that conference daveman692 last week. I’ve subscribed to your updates on my site. Six Apart Location -Chris Music Movies Slide presentations Events Travel Local reviews Books Access requires permission from Dave Inspired by Jyri Engeström Wednesday, April 1, 2009
  202. 202. Should any of the selected types be protected, I will be asked whether I want to request access Dave’s contact details, photos and location are protected. Would you like to request access to these items? Please note that Dave may deny your request. No thanks OK Wednesday, April 1, 2009
  203. 203. If I say OK, an OAuth request will be sent which Dave will later be able to approve, deny or ignore Wednesday, April 1, 2009
  204. 204. ...And Dave’s public activities will show up in my activities dashboard. Wednesday, April 1, 2009
  205. 205. ...And if Dave later approves my request, his protected activities will show up too Wednesday, April 1, 2009
  206. 206. Activities on the Open Web Wednesday, April 1, 2009
  207. 207. I visit stammer.com Wednesday, April 1, 2009
  208. 208. I decide I want to join this community Sign in to start posting! Wednesday, April 1, 2009
  209. 209. I sign in with my OpenID Wednesday, April 1, 2009
  210. 210. Before I’m sent back, I’m asked whether I want to authorize Stammer to postback my activities Stammer can post the activities you take on their site to your profile. Would you like to allow this? If you’re not sure, you can decide later. These activities will not be made public unless you want them to be. You can always revoke this permission later. Decide later OK Wednesday, April 1, 2009
  211. 211. If I say yes, I am returned to Stammer, authenticated. As I use the site, my actions are posted to my activity stream Wednesday, April 1, 2009
  212. 212. If I defer, I am returned to Stammer, authenticated. As I use the site, my actions are posted to my activity dashboard, where I can choose to share my activities later Wednesday, April 1, 2009
  213. 213. Sound familiar? Wednesday, April 1, 2009
  214. 214. Wednesday, April 1, 2009 kind of like facebook beacon...
  215. 215. Wednesday, April 1, 2009
  216. 216. Current work: ATOM Extension Wednesday, April 1, 2009
  217. 217. entry idtag:photopanic.example.com,2008:activity01/id titleGeraldine posted a Photo on PhotoPanic/title published2008-11-02T15:29:00Z/published link rel=quot;alternatequot; type=quot;text/htmlquot; href=quot;/geraldine/activities/1quot; / activity:verb http://activitystrea.ms/schema/1.0/post /activity:verb activity:object idtag:photopanic.example.com,2008:photo01/id titleMy Cat/title published2008-11-02T15:29:00Z/published link rel=quot;alternatequot; type=quot;text/htmlquot; href=quot;/geraldine/photos/1quot; / activity:object-type tag:atomactivity.example.com,2008:photo /activity:object-type source titleGeraldine's Photos/title link rel=quot;selfquot; type=quot;application/atom+xmlquot; href=quot;/geraldine/photofeed.xmlquot; / link rel=quot;alternatequot; type=quot;text/htmlquot; href=quot;/geraldine/quot; / /source /activity:object content type=quot;htmlquot; lt;pgt;Geraldine posted a Photo on PhotoPaniclt;/pgt; lt;img src=quot;/geraldine/photo1.jpgquot;gt; /content /entry Wednesday, April 1, 2009
  218. 218. entry idtag:photopanic.example.com,2008:activity01/id titleGeraldine posted a Photo on PhotoPanic/title published2008-11-02T15:29:00Z/published link rel=quot;alternatequot; type=quot;text/htmlquot; href=quot;/geraldine/activities/1quot; / activity:verb http://activitystrea.ms/schema/1.0/post /activity:verb activity:object idtag:photopanic.example.com,2008:photo01/id titleMy Cat/title updated? published2008-11-02T15:29:00Z/published link rel=quot;alternatequot; type=quot;text/htmlquot; href=quot;/geraldine/photos/1quot; / activity:object-type tag:atomactivity.example.com,2008:photo /activity:object-type source titleGeraldine's Photos/title link rel=quot;selfquot; type=quot;application/atom+xmlquot; href=quot;/geraldine/photofeed.xmlquot; / link rel=quot;alternatequot; type=quot;text/htmlquot; href=quot;/geraldine/quot; / /source /activity:object content type=quot;htmlquot; lt;pgt;Geraldine posted a Photo on PhotoPaniclt;/pgt; lt;img src=quot;/geraldine/photo1.jpgquot;gt; /content /entry Wednesday, April 1, 2009
  219. 219. What can we observe? Wednesday, April 1, 2009
  220. 220. MySpace already supports this Wednesday, April 1, 2009
  221. 221. ...we’d like to get this into OpenSocial Wednesday, April 1, 2009
  222. 222. http://activitystrea.ms Wednesday, April 1, 2009
  223. 223. Gadgets Wednesday, April 1, 2009
  224. 224. jsmarr update Wednesday, April 1, 2009
  225. 225. Wednesday, April 1, 2009
  226. 226. Wednesday, April 1, 2009
  227. 227. Builds on the Open Stack Wednesday, April 1, 2009 - Incorporates existing standards to do things like portable contacts
  228. 228. Three Main APIs Combination of JavaScript, REST, templates, and proxied HTML • Activities (what people are doing on a site) • People and Profile information • Persistent data storage (joined across friends) • Containers are free to add their own APIs such as photos Wednesday, April 1, 2009 - Containers do the heavy database lifting for you - Core people is name, uid, photo and profile url
  229. 229. Wednesday, April 1, 2009 - A write once, run anywhere social application platform - boasting over 350 million potential active user reach last year, up to over 500 million this year with Facebook crossing 150 million monthly active users
  230. 230. Containers Wednesday, April 1, 2009 - lots of social networks all over the world - most people only see the ones that they belong to
  231. 231. Run like open source Wednesday, April 1, 2009 - Future roadmap isn’t run by [Google|MySpace], but by the community on the mailing list and what consensus there is
  232. 232. Container Code Wednesday, April 1, 2009 - Production worthy reference implementation in Java - Java and PHP open source libs - Complaint with OpenSocial v0.8.1
  233. 233. REST Libraries http://icanhaz.com/opensocialcode Next Blog» Create Blog | Sign In SEARCH BLOG FLAG BLOG Search powered by Site Feed OpenSocial now friends with PHP, Java, Ruby, and Python Wednesday, December 17, 2008 at 11:49:00 AM With more and more containers introducing server-to-server APIs based on the OpenSocial REST and RPC protocols (think MySpace, LinkedIn, Plaxo, orkut, and iGoogle just for starters), it has never been a better time to jump into OpenSocial development. These new protocols allow you to write engaging social Subscribe via email applications for these containers using the language of your choice -- JavaScript is no longer the only option. Enter your email To help you get started using the OpenSocial REST and RPC protocols, we have assembled a set of address: client libraries for PHP, Java, Ruby and Python. Each library enables developers to retrieve profile information and persistent data from supporting containers without having to concern themselves with managing network connections, signing requests, or other lower-level details. To check out the code, point your browsers to the Source tab linked from each project's home page: Subscribe OpenSocial PHP Client Library OpenSocial Java Client Library Delivered by OpenSocial Ruby Client Library FeedBurner OpenSocial Python Client Library These libraries are completely open sourced under the Apache 2.0 license, and contributions are not only welcomed but encouraged. In addition to a wiki page explaining the patch submission process, each Archives project hosts an issue tracker which have already been populated with known issues and requested Archives Wednesday, April 1, enhancements. These trackers are the best places to start if you're interested in contributing to a 2009 particular project. Please report any new bugs or incompatibilities you find along with any feature requests using these trackers and be sure to star those reported by other developers which are significant to your More Blogs from own development also so they can be prioritized effectively. Google To help get you started, we have assembled a set of sample applications, linked from the project wiki Visit our directory for pages, which you can run directly from the command line or your favorite IDE. As an added bonus, the more information about Ruby and Python libraries have accompanying full-featured sample applications which you can run inside Google blogs. containers supporting the OpenSocial REST protocol. These larger samples are checked in to the Subversion repository under quot;Samplesquot; and include a bootstrap mechanism for securely retrieving the ID of the current viewer before the core application loads, which you can use as a template for your own Labels container-based applications. adobe (1) For general questions and commentary, we have set up a discussion group to help build the developer app. pixverse (1) community around the libraries. The original engineers of each library are already members of the group, appengine (1) so feel free to ask the tough questions. :) We will also be hosting a special session of IRC office hours next Monday, December 22 from 1:00 to 3:00 (PST) so you can share your feedback with us directly. argentina (1) The official OpenSocial IRC channel is located at irc://irc.freenode.net/#opensocial. brazil (1) We're really excited to see the next generation of social applications that the OpenSocial server-to-server buenos aires (1) APIs enable, and we hope the client libraries ease you along your development journey. Please give the china (1) libraries a spin, file any issues you see, and stop by the IRC channel next week to get your questions answered. See you there! container (1)
  234. 234. Sign in Home News Help About: This OpenSocial application provides the ability to write and save JavaScript code samples to execute against OpenSocial containers. This helps rapidly test sample OpenSocial code. Code samples can be saved and loaded. You can give other developers links to code samples for instructional or debugging purposes. Available on the following containers (click to use): Versions: OpenSocial 0.7 This version is compatible with containers supporting version 0.7 of the OpenSocial API. [ View XML ] OpenSocial 0.8 This version is compatible with containers supporting version 0.8 of the OpenSocial API. [ View XML ] http://osda.appspot.com/ Wednesday, April 1, 2009

×