19. Jaiku’s Jyri Engeström's 5 rules for social
networks: social objects
1. What is your object?
2. What are your verbs?
3. How can people share the objects?
4. What is the gift in the invitation?
5. Are you charging the publishers or the spectators?
http://tinyurl.com/yus8gw
20. How do we socialize objects
online
without having to create yet
another social network?
21. The social internet
A social website..
• rovides a feature that becomes more engaging as the number of users
P
grows.
• ses relationships between people to present users interesting information.
U
21
23. The social internet
A social website..
• as overhead to manage users and relationships.
H
• rows slowly because users must sign up to use the site.
G
What if we remove
the overhead?
• evelopers can focus
D
on providing
features, not
managing users.
23
24. The social internet
A social network..
• anages large numbers of users and relationships.
M
• s slow to add new features.
I
24
26. The social internet
How do we add new features to social networks?
• ake the social network a platform.
M
• ive creative developers the tools to add the features themselves.
G
26
27. The social internet
A social application...
• ets the social network manage users and relationships.
L
• dds new features to the social network.
A
• ets users “install” the application without signing up for new accounts.
L
• rows quickly because users are already communicating with each other.
G
27
42. Gadgets
A gadget spec:
• s an XML file.
I
• efines metadata about an OpenSocial app.
D
• s highly cacheable and does not need a high performance server.
I
Gadgets use existing web standards
• ML to define metadata.
X
• TML for markup.
H
• avaScript for interactivity.
J
• SS for presentation.
C
42
43. Gadgets
A gadget server:
• akes the gadget spec as input.
T
• erforms optimizations on the gadget spec.
P
• utputs HTML, JavaScript, and CSS as one document.
O
43
44. Gadgets
A container:
• isplays the social network’s user interface.
D
• pens an IFrame to the rendered gadget.
O
Containers and gadget
servers are both run by
the social network, but
do not need to be on
the same machine, or
even domain.
44
45. Gadgets
Example gadget XML spec:
• ses HTML to print “Hello World”.
U
• olors the text red with CSS.
C
• ynamically adjusts the height of the gadget with JavaScript.
D
<?xml version=quot;1.0quot; encoding=quot;UTF-8quot; ?><Module>
<ModulePrefs title=quot;Hello World!quot;> <Require
feature=quot;dynamic-heightquot; /> </ModulePrefs>
<Content type=quot;htmlquot;> <!
[CDATA[ <h1>Hello World</h1>
<style type=quot;text/cssquot;>
h1 { color: #dd0000; }
</style>
<script type=quot;text/javascriptquot;>
gadgets.window.adjustHeight();
</script> ]]> </Content></Module>
45
47. Gadgets
Requesting the gadget XML spec:
1. The client requests an app to be rendered.
2. The container fetches the gadget XML spec from its host.
47
48. Gadgets
Requesting the gadget XML spec:
1. The client requests an app to be rendered.
2. The container fetches the gadget XML spec from its host.
3. The container renders the gadget into HTML, which is displayed
to the client.
48
49. Gadgets
Requesting the gadget XML spec:
• ecause the gadget spec is simple, it can be cached easily.
B
• aching reduces the load on your server, great when you have millions of
C
users.
49
50. Gadgets
Requesting a cached gadget XML spec:
1. he client requests an app to be rendered. The container already
T
has a copy of the spec stored in its cache.
50
51. Gadgets
Requesting a cached gadget XML spec:
1. he client requests an app to be rendered. The container already
T
has a copy of the spec stored in its cache.
2. he container renders the gadget into HTML, which is displayed
T
to the client.
51
52. Gadgets
What kind of rewriting is done by the gadget server?
• ewrite links to use content proxies.
R
• ewrite relative links to full paths (some containers).
R
• eturn only content for the current view.
R
52
53. Gadgets
What are views?
• adgets can render in different locations on a container.
G
• endering area changes from small to large.
R
• ertain pages might be public, some are private.
C
• ontainers may have different policies depending on the page,
C
especially when the gadget displays ads.
• iews provide a way for gadgets to provide different functionality depending
V
on where it is rendered.
53
56. Gadgets
Working with views in the gadget XML:
• Content> sections are repeated for each view.
<
• dd a view=quot;view namequot; attribute to each section.
A
• ontent sections may support multiple views, for example
C
view=quot;home,canvasquot;
<?xml version=quot;1.0quot; encoding=quot;UTF-8quot; ?><Module>
<ModulePrefs title=quot;Hello World!quot;> <Require
feature=quot;dynamic-heightquot; /> </ModulePrefs>
<Content type=quot;htmlquot; view=quot;homequot;> <!
[CDATA[ ... ]]> </Content> <Content
type=quot;htmlquot; view=quot;canvasquot;> <!
[CDATA[ ... ]]> </Content></Module>
56
57. Gadgets
JavaScript utility functions for gadgets:
• adgets.io.makeRequest()
g
Make cross-domain AJAX calls to remote servers.
• adgets.json.parse() and gadgets.json.stringify()
g
Native JSON support.
• adgets.util.escapeString()
g
Make text safe for display via innerHTML.
• adgets.util.registerOnLoadHandler()
g
Execute code when the page is finished loading.
57
58. Gadgets
gadgets.io.makeRequest():
• ake cross-domain AJAX calls to remote servers.
M
Remote content:
• ost interesting gadgets will need to
M
work with content stored on different
servers.
• JAX cannot cross domains, so you
A
cannot request content from your own
server.
• SONP is only really good for one-way
J
data transfer.
• adgets with millions of users can
G
overwhelm a remote site.
58
59. Gadgets
Requesting remote content:
1. he rendered app calls gadgets.io.makeRequest() to fetch
T
remote content. This call is sent to the container.
59
60. Gadgets
Requesting remote content:
1. he rendered app calls gadgets.io.makeRequest() to fetch
T
remote content. This call is sent to the container.
2. he container requests content from the specified URL.
T
60
61. Gadgets
Requesting remote content:
1. he rendered app calls gadgets.io.makeRequest() to fetch
T
remote content. This call is sent to the container.
2. he container requests content from the specified URL.
T
3. he container returns the response to the application, which renders
T
the data.
61
62. Gadgets
Add extra features to your gadget:
• ynamic-height - Change the size of your gadget in the container.
d
• iews - Navigate between different surfaces of the container.
v
• kins - Make your gadget change its styles to match the container.
s
• ontainers may offer custom features...
C
<?xml version=quot;1.0quot; encoding=quot;UTF-8quot; ?><Module>
<ModulePrefs title=quot;Hello World!quot;> <Require
feature=quot;dynamic-heightquot; /> </ModulePrefs>
<Content type=quot;htmlquot;> <!
[CDATA[ ... ]]> </Content></Module>
62
63. Gadgets
<?xml version=quot;1.0quot; encoding=quot;UTF-8quot; ?
><Module> <ModulePrefs title=quot;Hello
Social!quot;> <Require
feature=quot;opensocial-0.8quot; /> </
ModulePrefs> <Content type=quot;htmlquot;> <!
[CDATA[ ... ]]> </Content></
Module>
The OpenSocial JavaScript API is a gadget feature, too!
63
65. The OpenSocial JavaScript API
Representing users:
• lient-side, users must work with the VIEWER and the OWNER.
C
65
66. The OpenSocial JavaScript API
Multiple personalities:
• hen you visit your own profile, you are both the VIEWER and the OWNER.
W
66
67. The OpenSocial JavaScript API
OpenSocial requests:
• n OpenSocial DataRequest is created.
A
• equests are added to the DataRequest.
R
• he DataRequest is sent to the server asynchronously.
T
• hen the request finishes, the supplied callback will be called.
W
function request() { var req = opensocial.newDataRequest();
req.add(req.newFetchPersonRequest(quot;OWNERquot;), quot;get_ownerquot;);
req.add(req.newFetchPersonRequest(quot;VIEWERquot;), quot;get_viewerquot;);
req.add(req.newFetchActivitiesRequest(quot;VIEWERquot;), quot;vactivitiesquot;);
req.add(req.newFetchPersonAppDataRequest(quot;OWNERquot;, quot;*quot;), quot;odataquot;);
...
req.send(response);};
function response(data) { ... };
gadgets.util.registerOnLoadHandler(request);
67
68. The OpenSocial JavaScript API
OpenSocial responses:
• esponses are bundled according to the keys specified in the request.
R
• heck for an error at the global response level.
C
• heck for an error at the specific response level.
C
• se getData() to retrieve the actual information in a request.
U
function response(data) {
if (data.hadError()) {
if (data.get(quot;get_ownerquot;).hadError()) {
...
}
if (data.get(quot;get_viewerquot;).hadError()) {
...
}
...
}
var owner = data.get(quot;get_ownerquot;).getData();
var viewer = data.get(quot;get_viewerquot;).getData();
};
68
69. The OpenSocial JavaScript API
Working with people:
• opensocial.Person - JavaScript representation of a user.
69
70. The OpenSocial JavaScript API
Request one person:
req.add(req.newFetchPersonRequest(idspec, opt_params), quot;keyquot;);
• idspec can be either “VIEWER”, “OWNER” or an ID number.
• opt_params contains extra request parameters, such as which profile
fields to fetch.
newFetchPersonRequest responses:
var owner = data.get(quot;keyquot;).getData();
alert(owner.getDisplayName());
• Data contains a single opensocial.Person
object.
• Person objects can contain lots of information,
such as addresses, companies, phone numbers,
favorite movies, and thumbnail urls.
70
71. The OpenSocial JavaScript API
Methods available on an OpenSocial Person:
• getDisplayName()
Gets a text display name for this person; guaranteed to return a useful
string. getField(key, opt_params)
Gets data for this person that is associated with the specified key. getId()
Gets an ID that can be permanently associated with this person.
isOwner()
Returns true if this person object represents the owner
of the current page. isViewer()
Returns true if this person object represents the
currently logged in user.
71
72. The OpenSocial JavaScript API
An OpenSocial Person's fields:
•
ABOUT_MEACTIVITIESADDRESSESAGEBODY_TYPEBOOKSCARSCHILDRENCURRENT_
LOCATIONDATE_OF_BIRTHDRINKEREMAILSETHNICITYFASHIONFOODGENDERHAPPIES
T_WHENHAS_APPHEROESHUMORIDINTERESTS
• SEXUAL_ORIENTATION
• SMOKER
• SPORTSSTATUSTAGS
• THUMBNAIL_URL
• TIME_ZONETURN_OFFSTURN_ONSTV_SHOWSURLS
• JOB_INTERESTSJOBSLANGUAGES_SPOKEN
•
LIVING_ARRANGEMENTLOOKING_FORMOVIESMUSICNAMENETWORK_PRESENCENICK
NAMEPETSPHONE_NUMBERSPOLITICAL_VIEWSPROFILE_SONGPROFILE_URLPROFILE
_VIDEOQUOTESRELATIONSHIP_STATUSRELIGIONROMANCESCARED_OFSCHOOLS
72
73. The OpenSocial JavaScript API
Working with people:
• A Collection represents many opensocial.Person objects.
73
74. The OpenSocial JavaScript API
Request many people:
var idspec = opensocial.newIdSpec({
“userId” : “OWNER”,
“groupId” : “FRIENDS”
});
req.add(req.newFetchPeopleRequest(idspec, opt_params), quot;keyquot;);
• idspec is an object that can represent groups of people. “userId” can be
“VIEWER” or “OWNER” or an ID, and “groupId” can be “SELF”,
“FRIENDS”, or the name of a group.
• opt_params contains extra request parameters, such as which profile
fields to fetch, and how to order or filter the returned people.
newFetchPersonRequest responses:
var owner_friends = data.get(quot;keyquot;).getData();
owner_friends.each(function (person) {
alert(person.getDisplayName());
});
• Data contains a Collection of opensocial.Person
objects. Iterate over these by using the each() method.
74
75. The OpenSocial JavaScript API
Working with data:
• Persistent data gives apps key, value storage directly on the container.
• String only, but conversion to JSON allows for storage of complex objects.
• Storage per app per user - scales well with growth.
• Ideal for settings, customizations.
75
76. The OpenSocial JavaScript API
Set persistent data:
req.add(req.newUpdatePersonAppDataRequest(idspec, key, value));
• idspec can only be “VIEWER”.
• key is the name under which this data will be stored.
• value is a string representing the data to store.
76
77. The OpenSocial JavaScript API
Fetch persistent data:
var idspec = opensocial.newIdSpec({
quot;userIdquot; : quot;OWNERquot;,
quot;groupIdquot; : quot;SELFquot;
});
req.add(req.newFetchPersonAppDataRequest(idspec, keys),
quot;keyquot;);
req.add(req.newFetchPersonRequest(quot;OWNERquot;), quot;ownerkeyquot;);
• idspec is an object that can represent groups of people, the same as
newFetchPeopleRequest.
• keys is a list of persistent data keys to retrieve the data for.
• The owner is requested because the data returned is indexed by user ID
and we want the owner’s data.
newFetchPersonAppDataRequest responses:
var app_data = data.get(quot;keyquot;).getData();
var value = app_data[owner.getId()][key];
77
78. The OpenSocial JavaScript API
Fetch persistent data:
• Data is returned as an object indexed by ID number, then as an object
indexed by key name, even if there is only data returned for one user!
{ quot;1234567890quot; : { quot;key1quot; : quot;value1quot; } }
• One person, multiple keys:
{
quot;1234567890quot; : {
quot;key1quot; : quot;value1quot;,
quot;key2quot; : quot;value2quot;
}
}
• Multiple people:
{
quot;1234567890quot; : { quot;key1quot; : quot;value1quot; },
quot;2345678901quot; : { quot;key1quot; : quot;value2quot; }
}
78
79. The OpenSocial JavaScript API
Working with activities:
• API to post information about what users are doing with your app.
• Many containers have support for images and some HTML.
• Channel to grow your application.
orkut MySpace hi5
79
80. The OpenSocial JavaScript API
Post an activity:
function postActivity(text) {
var params = {};
params[opensocial.Activity.Field.TITLE] = text;
var activity = opensocial.newActivity(params);
opensocial.requestCreateActivity(activity,
opensocial.CreateActivityPriority.HIGH, callback);
};
• Assign the activity text to the TITLE field.
• Call opensocial.newActivity() to create a new Activity instance.
• Call opensocial.requestCreateActivity() to post the activity to the
container.
80
82. RESTful and RPC protocols
Opens new development models
• ackground processing.
B
• asier Flash integration.
E
• obile applications.
M
82
83. RESTful and RPC protocols
Communication methods:
• ESTful (Representational State Transfer)
R
• PC (Remote Procedure Call)
R
Formats:
• ML
X
• SON
J
• tomPub
A
83
84. RESTful and RPC protocols
REST:
• esources are URLs.
R
Example - People:
• All people connected to the given user:
/people/{guid}/@all
• All friends of the given user:
/people/{guid}/@friends
• Profile of the given user:
/people/{guid}/@self
• Profile of the authenticated user:
/people/@me/@self
• Supported Person fields:
/people/@supportedFields
84
88. RESTful and RPC protocols
REST:
• erform operations using different HTTP methods on each URL.
P
CRUD: HTTP:
• reate • OST
C P
• etrieve • ET
R G
• pdate • UT
U P
• elete • ELETE
D D
88
89. RESTful and RPC protocols
REST has some disadvantages:
• atch support requires multiple HTTP requests, or a contrived URL
B
scheme.
• pecifying multiple users via querystring is difficult. Is
S
?uid=1234,5678 the same resource as ?uid=5678,1234 ?
89
90. RESTful and RPC protocols
RPC:
• ne endpoint - parameters specify methods to call.
O
• atch support.
B
• pecify collections of users through passed arguments, not URLs.
S
Example - Fetch current user:
• Request • Response
POST /rpc HTTP/1.1Host: HTTP/1.x 207 Multi-StatusContent-Type:
api.example.orgAuthorization: application/json{ quot;idquot; : quot;myselfquot; quot;resultquot; :
<Auth token>Content-Type: { quot;idquot; : quot;example.org:34KJDCSKJN2HHF0DW20394quot;,
application/json{ quot;methodquot; : quot;namequot; : { quot;unstructuredquot; : quot;Jane Doequot;},
quot;people.getquot;, quot;idquot; : quot;myselfquot; quot;genderquot; : quot;femalequot; }}
quot;paramsquot; : { quot;useridquot; :
quot;@mequot;, quot;groupidquot; :
quot;@selfquot; }}
90
91. RESTful and RPC protocols
Authentication:
• oth protocols use OAuth to identify users and apps.
B
• epending on what the application needs to do, it can use two-legged
D
or three-legged OAuth.
Two-legged OAuth:
• he application authenticates directly with the container.
T
• erform non-user specific operations:
P
• Update persistent data for app users.
• Can request information for users who have shared their profile
information with the app.
Three-legged OAuth:
• he user tells the container to give profile access to the application.
T
• erform user specific operations:
P
• Post activities.
• Fetch friends of the current user.
91
92. RESTful and RPC protocols
Client libraries are being created for PHP, Java, and Python.
• elp you connect to OpenSocial containers, and work with social
H
data on your server.
Sample: log into a container:
92
93. RESTful and RPC protocols
RESTful and RPC use OAuth for authentication
• Auth is an open standard.
O
• lient libraries will help make this process easier for developers.
C
Sample: use OAuth to get an access token for a user:
93
94. RESTful and RPC protocols
• nce OAuth is used, you can store a user token for later access.
O
Sample: use an existing token:
94
95. RESTful and RPC protocols
• nce authentication has happened, requests are easy:
O
Sample: Fetch the current user:
95
96. RESTful and RPC protocols
Sample: Fetch the current user’s friends:
96
99. Shindig
Writing a gadget server is difficult:
• ast changing API - hard to keep up.
F
• tandardization is hard to get right.
S
• osts ¥ / !
C
99
100. Shindig
Apache Shindig to the rescue!
• pen Source project.
O
• vailable in Java and PHP.
A
• un by itself and connect to an
R
existing social site to add
OpenSocial support.
• oal: Launch a
G
new (simple)
container in under
an hour’s worth
of work
http://incubator.apache.org/shindig/
100
103. Caja
When JavaScript goes bad
• adgets can be a new vector for phishing, spam, malware.Social spread of
G
gadgets can spread bad gadgets too.Caja reduces threats with a JavaScript
sanitizer as an additional quot;sandboxquot;
on top of iFrame protection.
103
104. Caja
Caja is:
• A capability-based Javascript sanitizer.An Open Source project from
Google.Optional but recommended for
OpenSocial containers.Will eventually be secure enough
to run gadgets
inline instead of in iframes.
http://code.google.com/p/google-caja/
104
105. Templates
Need for a templating language:
• evelopers need a simple way to convert OpenSocial data to HTML.
D
• OM manipulation is slow and ugly.
D
• nnerHTML is unsafe.
i
105
114. Container Specific Extensions
MySpace
• photo albums
• videos
hi5
• status
• presence
• photo albums
Netlog
• credits api extension
• translation tool for free
Imeem
• music metadata api
116. Challenges
This lumberjack will
thank anyone who
helps solve the
following problems...
David Glazer, Director of Engineering, Google
OpenSocial Foundation board member
116
117. Challenges
Cross container development is still tricky:
• ontainers may not follow the standard.
C
• ontainers may follow the standard but have different policies.
C
• ollow best practices:
F
http://tinyurl.com/4nuzll
117
118. Challenges
No central directory
• ard for apps to spread to many containers.
H
• pps need to work with different install processes.
A
• irectory approval requirements vary from container to container.
D
118
122. Hosting your application
• Host it anywhere you want to, with any back-end
• Keep in mind:
o Popular apps like iLike get > 200k req / minute peak
o Means dealing with lots of scalability issues!
o DB Sharding, memcache pools, server farms..
• Why not use a cloud service like:
o Google App Engine
o Joyent.com
o Amazon EC2
124. OpenSocial Monetization
• Ads from Ad Networks
o AdSense, RightMedia
o BuddyPoke, Rate My Friend
• Brand/Private Label App
o Sony Ericsson MTV Roadies app on orkut
• Sell virtual or real goods
• Free -> Freemium
• Referrals
Technology
• Virtual currency platforms: socialgold
• New opensocial payment api proposal
125. Success Story: Buddy Poke
• #1 OpenSocial app on orkut
• 8M installs for orkut, hi5, MySpace
• $1-2 CPM
• #1 App for App Engine w/ millions daily PV
126. Success Story: PhotoBuzz
• 6M+ installs on hi5 and orkut
• CPM $1-3, especially good on orkut
• 4M buzzes per day
• Small team of 4 people, profitable
128. Becoming an OpenSocial Container
• Question:
o How do you become an OpenSocial container?
• Answer:
o The Apache incubator project “Shindig” serves this
purpose!
129. What is Shindig ?
• Open source reference implementation of OpenSocial &
Gadgets specification
• An Apache Software Incubator project
• Available in Java & PHP
• http://incubator.apache.org/shindig
It’s Goal:
“Shindig's goal is to allow new sites to start hosting social apps
in under an hour's worth of workquot;
130. Introduction to Shindig Architecture
• Gadget Server
• Social Data Server
• Gadget Container JavaScript
133. Social Server - RESTful API
• Preview available on
o iGoogle
o Orkut
o Hi5
• New development models
o Server to server & Mobile!
• Try it out:
curl http://localhost:8080/social/rest/people/john.doe/@all
137. Implementing Shindig - Data sources
• Integrate with your own data sources
o People Service
o Activities Service
o App Data Service
class MyPeopleService implements PeopleService {
...
}
class MyAppDataService implements AppDataService {
...
}
class MyActivitiesService implements ActivitiesService {
...
}
139. Implementing Shindig - Java
Code at http://chrisschalk.com/shindig_docs/io/shindig-io.html
import org.apache.shindig.social.opensocial.ActivitiesService;
public class SQLActivitiesService implements ActivitiesService {
private SQLDataLayer sqlLayer;
@Inject
public SQLActivitiesService(SQLDataLayer sqlLayer) {
this.sqlLayer = sqlLayer;
}
140. Implementing Shindig - Java
public ResponseItem<List<Activity>> getActivities(List<String>
ids,
SecurityToken token) {
Map<String, List<Activity>> allActivities =
sqlLayer.getActivities();
List<Activity> activities = new ArrayList<Activity>();
for (String id : ids) {
List<Activity> personActivities = allActivities.get(id);
if (personActivities != null) {
activities.addAll(personActivities);
}
}
return new ResponseItem<List<Activity>>(activities);
}
141. Implementing - Make it a platform
• Add UI Elements
o App Gallery
o App Canvas
o App Invites
o Notification Browser
• Developer Resources
o Developer Console
o Application Gallery
• Scale it Out!
142. Implementing - Scale it Out!
• Prevent Concurrency issues
• Reduce Latency
• Add Caching
• Add more caching!
143. Usage Example: Sample Container
• Static html sample container
• No effort to get up and running
• No database or features
144. Usage Example: Partuza
• Partuza is a Example social network site, written in PHP
• Allows for local gadget development & testing too
• Use as inspiration (or copy) for creating your own social site
• http://code.google.com/p/partuza
145. OpenSocial for intranet, portals
Sun Microsystems
• Socialsite: Shindig + gadget based UI written in Java
• Open Source https://socialsite.dev.java.net/
Upcoming from Impetus
• Zest: Shindig + Drupal (PHP)
• Zeal: Shindig + Liferay (Java)
147. Summary
• Become an OpenSocial Container
o Get Shindig (PHP or Java)
o Look at examples & documentation
o Implement Services
o Add UI
o Scale it out
• Resources & Links:
o http://www.chabotc.com/gdd/
149. What is Friend Connect?
Google Friend Connect lets a site owner instantly awaken and
strengthen the community that visits their web site…
…and it’s very easy to use.
simply copying a few snippets of code into your site
http://www.google.com/friendconnect/
150.
151. Friend Connect gives ...
• Users
more ways to do more things with my friends
o ...
• Site owners
o ... more (and more engaged) traffic for my site
• App developers
o ... more reach for my apps
and ... make it easy
152. Friend Connect is a hub
Social Networks can plug one or more of the following into it
• Login
• Profile
• Friends List
• Activities
Users can leverage all their existing online social ressources:
openid logins, friend’s graphs, activity stream sinks
153. Friend Connect APIs...for all tastes
• Non developers
• Source a script to add OpenSocial
gadgets on the page
• Client side developers
• JS API (like Maps & Search): use
OpenSocial directly in the page
• Server side developers
• REST API
156. Conclusion
• OpenSocial is mature and successful
• An open stack is emerging on the server:
oauth, openid, portable contacts
• 2009 will be the year of the activity stream:
• Twitter’s rise
• Facebook redesign
• Friendfeed is the best in that category
today
• ActivityStream workgroup to standardize the
pipes