The document discusses the evolution of the web from Web 2.0 to Web 3.0, emphasizing the importance of social networking and open APIs for user engagement and data sharing. It highlights Tim O'Reilly's five rules for success in this new environment and explores the emerging tools and standards for facilitating social connections online. Additionally, it addresses the growing popularity of social networking, specifically in both mature and developing markets, and the benefits of using protocols like OpenID and OAuth for user authentication and data access.

1. THE OPEN, SOCIAL
WORKSHOP
Chris Messina • David Recordon • Joseph Smarr • OSCON • July 20, 2009 • San Jose, CA

2. Who are we?
chrismessina daveman692 jsmarr
*Photo by termie

3. Who are you?

5. W E L C O M E TO TH E S OCIAL WEB

6. It begins with Web 2.0

7. “Web 2.0 is the network as platform, spanning all
connected devices; Web 2.0 applications are those that
make the most of the intrinsic advantages of that platform:
delivering software as a continually-updated service
that gets better the more people use it, consuming and
remixing data from multiple sources, including individual
users, while providing their own data and services in a
form that allows remixing by others, creating network
effects through an “architecture of participation,” and
going beyond the page metaphor of Web 1.0 to deliver
rich user experiences.”
— Tim O’Reilly, Web 2.0: Compact Definition?
Photo by Dan Farber

8. “Web 2.0 is the business revolution in the computer industry
caused by the move to the internet as platform, and an
attempt to understand the rules for success on that new
platform. Chief among those rules is this: Build applications
that harness network effects to get better the more people
use them. (This is what I’ve elsewhere called ‘harnessing
collective intelligence.’)”
— Tim O’Reilly
Photo by Dan Farber

9. Tim O’Reilly’s five rules
The perpetual beta becomes a process for engaging
customers.
Share and share-alike data, reusing others’ and providing
APIs to your own.
Ignore the distinction between client and server.
On the net, open APIs and standard protocols win.
Lock-in comes from data accrual, owning a namespace or
non-standard formats.

11. “So what’s the seminal development that’s ushering in the era of
Web 3.0? It’s the real arrival, after years of false predictions,
of the thin client, running clean, simple software, against
cloud-based data and services. The poster children for this
Bullshit.
new era have been the Apple iPhone and iPod Touch, which have
sold 37 million units in less than two years and attracted 35,000
apps and one billion app downloads in just nine months.”
— Walt Mossberg and Kara Swisher, Welcome to Web 3.0

12. Bullshit.

13. “After all, Web 2.0 was not a new version of the web, but a
name that tried to capture what distinguished the companies
that survived the dotcom bust from those that survived, and point
the way forward for new companies entering the market.”
— Tim O’Reilly, responding to Mossberg and Swisher
Photo by Dan Farber

14. Building blocks of the social web

15. Who I am
Who I know
What’s going on

16. Identity
Relationships
Activities

17. Identity

18. Relationships

19. Activities

20. Trends

21. The rise of social networking
Photo by Mike Wooldridge

22. WWW

23. WWW
icons by iconaholic.com

24. ? ? ?
? WWW ?
? ? ?
icons by iconaholic.com

25. The iPhone era

26. Everyware computing

27. Everyware computing

28. DATA INSIDE!
“It’s like flying on an iPhone!”
Photo by Sathish J

29. Growing comfort with real identity

30. Growing comfort with real identity

31. Developer tools focusing on social

32. Tim O’Reilly’s five rules
The perpetual beta becomes a process for engaging
customers.
Share and share-alike data, reusing others’ and providing
APIs to your own.
Ignore the distinction between client and server.
On the net, open APIs and standard protocols win.
Lock-in comes from data accrual, owning a namespace
or non-standard formats.
Photo by Dan Farber

33. Tim O’Reilly’s five rules
The perpetual beta becomes a process for engaging
customers.
Share and share-alike data, reusing others’ and providing
APIs to your own.
Ignore the distinction between client and server.
On the net, open APIs and standard protocols win.
Lock-in comes from data accrual, owning a namespace
or non-standard formats.
Photo by Dan Farber

35. • facebook.com/chrismessina
• friendfeed.com/chrismessina
• google.com/profiles/chrismessina
• twitter.com/chrismessina

36. • facebook.com/chrismessina
• friendfeed.com/chrismessina
• google.com/profiles/chrismessina
• twitter.com/chrismessina

38. @chrismessina

39. /chrismessina

40. http://twitter.com/chrismessina

41. http://facebook.com/chrismessina

42. Etc.

43. Mazlow’s Hierarchy of Needs
morality,
creativity,
spontaneity,
problem solving,
lack of prejudice,
Self-actualization acceptance of facts
self-esteem, confidence,
achievement, respect of others,
Esteem respect by others
friendship, family, sexual intimacy
Love/belonging
security of: body, employment, resources,
Safety morality, the family, health, property
breathing, food, water, sex, sleep, homeostasis, excretion
Physiological

44. People want to share and be connected
“Of the 1.1 billion people age 15 and older worldwide who accessed the
Internet from a home or work location in May 2009, 734.2 million visited
at least one social networking site during the month, representing a
penetration of 65 percent of the worldwide Internet audience. [...]
“Social networking has become a popular online pastime not only in
mature Internet markets like North America, but also in developing,
high-growth Internet markets such as Russia,” said Mike Read, SVP &
managing director, comScore Europe. “In a country as geographically
large as Russia, social networking represents a way of connecting
people from one corner of the country to the other. The highly engaged
behavior of social networkers in Russia offers significant opportunity for
marketers and advertisers seeking to reach these audiences.”
— comScore, July 2, 2009
*Source: comScore

45. B UI L DI N G O N TH E S OCIAL WEB

46. How is building today different?

47. Patterns

48. On-ramps for new users

50. Photo by Bridget AMES

52. nID Logo - Revision 3 Client: OpenID Foundation 2007-11-26 Prepared by: Randy Reddig S

53. Demo!

54. Large US OpenID Providers
• AOL
• Google
• Microsoft (in “developer preview”)
• MySpace
• Yahoo!

55. Creating your own OpenID Provider
factoryjoe.com +

56. Using the WordPress OpenID plugin
<html>
<head>
<link rel="openid2.provider" href="http://factoryjoe.com/openid/server" />
<link rel="openid2.local_id" href="http://factoryjoe.com /author/admin/" />
<link rel="openid.server" href="http://factoryjoe.com/openid/server" />
<link rel="openid.delegate" href="http://factoryjoe.com /author/admin/" />
</head>
<body>
...
</body>
</html>

57. Delegating to MyOpenID
<html>
<head>
<link rel="openid2.provider" href="https://www.myopenid.com/server" />
<link rel="openid2.local_id" href="https://factoryjoe.myopenid.com/" />
<link rel="openid.server" href="https://www.myopenid.com/server" />
<link rel="openid.delegate" href="https://factoryjoe.myopenid.com/" />
</head>
<body>
...
</body>
</html>

58. OpenID Usability

60. factoryjoe

61. user@email.com

62. friendster

63. Hotmail

64. elderly

65. I HATE YOU!!!!!!!!!!!!!!!!!!!!!!!!LADY GAAAGGG

68. Previous attempts

76. Emerging work: pop-up flow
(shipped by Facebook, Google and JanRain)

77. http://boogle.com
Courtesy Balsamiq

78. http://boogle.com

79. http://boogle.com
http://boogle.com/signin

80. http://boogle.com

81. http://boogle.com/#finish
Welcome back, Chris Sign out

82. The NASCAR Problem
Photo by Timothy Vogel

87. • What’s your address?

88. • What’s your address?
• What’s your phone number?

89. • What’s your address?
• What’s your phone number?
• What’s your AOL screenname?

90. • What’s your address?
• What’s your phone number?
• What’s your AOL screenname?
• What’s your email address?

91. • What’s your address?
• What’s your phone number?
• What’s your AOL screenname?
• What’s your email address?
• What’s your MySpace?

92. • What’s your address?
• What’s your phone number?
• What’s your AOL screenname?
• What’s your email address?
• What’s your MySpace?
• Twitter?

93. • What’s your address?
• What’s your phone number?
• What’s your AOL screenname?
• What’s your email address?
• What’s your MySpace?
• Twitter?
• Are you on Facebook?

94. • What’s your address?
• What’s your phone number?
• What’s your AOL screenname?
• What’s your email address?
• What’s your MySpace?
• Twitter?
• Are you on Facebook?
• What’s your OpenID?

97. Break

99. Adding teh social

100. The Password Anti-pattern

101. Stopping ReFriend Madness

102. As Simple as JavaScript

103. Increasing engagement by *connecting

104. Anatomy of “Connect”
• Profile (identity, accounts, profiles)
• Relationships (followers, friends, contacts)
• Content (posts, photos, videos, links)
• Activity (poked, bought, shared, blogged)
• Goal: Discovery of people and content

105. Viewing
Virtuous Cycle of Sharing
Sharing

109. Portable Contacts API
• Simple JSON API for sharing, filtering and searching
contacts between social web sites.
• Implemented as a part of OpenSocial and thus deployed
on large sites such as MySpace.
• Integrated with OpenID and OAuth in Gmail.

110. {
"startIndex": 10,
"itemsPerPage": 10,
"totalResults": 12,
{
"id": "703887",
"displayName": "Mark Hashimoto",
"name": {
"familyName": "Hashimoto",
"givenName": "Mark"
},
"birthday": "0000-01-16",
"gender": "male",
"drinker": "heavily",
"tags": [
"plaxo guy"
],
"emails": [
{
"value": "mhashimoto-04@plaxo.com",
"type": "work",
"primary": "true"
},
{
"value": "mhashimoto@plaxo.com",
"type": "home"
}
],

111. "value": "http://sample.site.org/photos/12345.jpg",
"type": "thumbnail"
}
],
"ims": [
{
"value": "plaxodev8",
"type": "aim"
}
],
"addresses": [
{
"type": "home",
"streetAddress": "742 Evergreen TerracenSuite 123",
"locality": "Springfield",
"region": "VT",
"postalCode": "12345",
"country": "USA",
"formatted": "742 Evergreen TerracenSuite 123nSpringfield, VT 12345 USA"
}
],
"accounts": [
{
"domain": "plaxo.com",
"userid": "2706"
}
]
}
]
}

112. {
"id": "1",
"name": "Chris Messina",
"urls": [
{ "value": "http://factoryjoe.com/blog", "type": "blog" }
]
},
{
"id": "2",
"name": "Joseph Smarr",
"emails": [
{ "value": "joseph@plaxo.com", "type": "work", "primary": "true" },
{ "value": "jsmarr@gmail.com", "type": "home" }
],
}
}
filterBy=name&filterOp=startswith&filterValue=Chr

113. {
"id": "1",
"name": "Chris Messina",
"urls": [
{ "value": "http://factoryjoe.com/blog", "type": "blog" }
]
}
}
filterBy=name&filterOp=startswith&filterValue=Chr

114. {
{
"id": "2",
"name": "Joseph Smarr",
"emails": [
{ "value": "joseph@plaxo.com", "type": "work", "primary": "true" },
{ "value": "jsmarr@gmail.com", "type": "home" }
],
}
}
filterBy=email&filterOp=contains&filterValue=plaxo.com

115. Google’s Social Graph API

119. Discovery in the cloud

120. c:
icon by Seedling Design

121. http://
icon by Seedling Design

122. http://
icons by Seedling Design and Fast Icon

123. http://
icons by Seedling Design, etc

124. factoryjoe.com
icons by Seedling Design

127. Emerging Work!
XRD + LRDD

128. OpenID
<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS
xmlns:xrds="xri://$xrds"
xmlns:openid="http://openid.net/xmlns/1.0"
xmlns="xri://$xrd*($v*2.0)">
<XRD>
<Service priority="0">
<Type>http://specs.openid.net/auth/2.0/signon</Type>
<Type>http://openid.net/sreg/1.0</Type>
<Type>http://openid.net/extensions/sreg/1.1</Type>
<Type>http://schemas.openid.net/pape/policies/2007/06/phishing-resistant</Type>
<Type>http://schemas.openid.net/pape/policies/2007/06/multi-factor</Type>
<Type>http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical</Type>
<URI>https://pip.verisignlabs.com/server</URI>
<LocalID>https://recordond.pip.verisignlabs.com/</LocalID>
</Service>
</XRD>
</xrds:XRDS>

129. Portable Contacts
<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS
xmlns:xrds="xri://$xrds"
xmlns:openid="http://openid.net/xmlns/1.0"
xmlns="xri://$xrd*($v*2.0)">
<XRD version="2.0">
<Type>xri://$xrds*simple</Type>
<Service>
<Type>http://portablecontacts.net/spec/1.0</Type>
<URI>http://pulse.plaxo.com/pulse/pdata/contacts</URI>
</Service>
<Service priority="0">
<Type>http://specs.openid.net/auth/2.0/signon</Type>
<Type>http://openid.net/sreg/1.0</Type>
<Type>http://openid.net/extensions/sreg/1.1</Type>
<Type>http://schemas.openid.net/pape/policies/2007/06/phishing-resistant</Type>
<Type>http://openid.net/srv/ax/1.0</Type>
<URI>http://www.myopenid.com/server</URI>
<LocalID>http://brian.myopenid.com/</LocalID>
</Service>
</XRD>
</xrds:XRDS>

130. How it works

131. Data access with OAuth

132. A protocol for developing password-less APIs.
Your valet key for the web.

139. Advanced OAuth
Wrangling
Kellan Elliott-McCrea
XTech 2008: The Web on the Move
http://www.slideshare.net/kellan/advanced-oauth-wrangling

140. On the desktop

143. 4D56

146. On the phone

151. chris@domain.com
••••••••

156. The OpenID/OAuth Hybrid

157. +

158. TOC
8. Requesting Authentication
When requesting OpenID Authentication via the protocol mode "checkid_setup" or "checkid_immediate", this extension can be used to
request that the end user authorize an OAuth access token at the same time as an OpenID authentication. This is done by sending the
following parameters as part of the OpenID request. (Note that the use of "oauth" as part of the parameter names here and in
subsequent sections is just an example. See Section 5 for details.)
openid.ns.oauth
REQUIRED. Value: "http://specs.openid.net/extensions/oauth/1.0".
openid.oauth.consumer
REQUIRED. Value: The consumer key agreed upon in Section 7 .
openid.oauth.scope
OPTIONAL. Value: A string that encodes, in a way possibly specific to the Combined Provider, one or more scopes for the
OAuth token expected in the authentication response.
TOC
9. Authorizing the OAuth Request
If the OpenID OAuth Extension is present in the authentication request, the Combined Provider SHOULD verify that the consumer key
passed in the request is authorized to be used for the realm passed in the request. If this verification succeeds, the Combined Provider
SHOULD determine that delegation of access from a user to the Combined Consumer has been requested.
The Combined Provider SHOULD NOT issue an approved request token unless it has user consent to perform such delegation.
TOC
10. Responding to Authentication Requests
If the OpenID authentication request cannot be fulfilled (either in failure mode "setup_needed" or "cancel" as in Sections 10.2.1 and
10.2.2 of [OpenID] ) then the OAuth request SHOULD be considered to fail and the Provider MUST NOT send any OpenID OAuth
Extension values in the response.
The remainder of this section specifies how to handle the OAuth request in cases when the OpenID authentication response is a positive
assertion (Section 10.1 of [OpenID] ).
If the end user does wish to delegate access to the Combined Consumer, the Combined Provider MUST include and MUST sign the
following parameters.
openid.ns.oauth
REQUIRED. Identical value as defined in Section 8 .
openid.oauth.request_token
REQUIRED. A user-approved request token.
openid.oauth.scope
OPTIONAL. A string that encodes, in a way possibly specific to the Combined Provider, one or more scopes that the returned
request token is valid for. This will typically indicate a subset of the scopes requested in Section 8 .
To note that the OAuth Authorization was declined or not valid, the Combined Provider SHALL only respond with the parameter

164. 2 Clicks Demo!

165. What Plaxo found
• Better for the user: higher success rate with no
password anti-pattern
• Better for the provider: Happy users and no automated
data scraping
• Better for the site: Higher conversion rate; more
informed social graph

166. An Open Stack is emerging

168. Evolving the Open Stack
Mashups OpenSocial
Attributes OpenID/AX ... Contacts Portable Contacts
Authentication OpenID/Auth Access Control OAuth
Metadata Discovery YADIS, XRDS-Simple, XRD
Unique Identifiers URLs, email addresses
As proposed by Johannes Ernst

169. Success stories

170. “We launched OpenID in March 2008 with Highrise.
About 15% of the logins are now using OpenID.”
— David Heinemeier Hansson, 37Signals

171. “Deployments for their customers – Twitter and
Songbird – are seeing OpenID utilization of 20% or
more.”
— Eirc Eldon, VentureBeat

174. ReadWriteWeb ReadWriteTalk Enterprise Jobwire About Subscribe Co
RSS RWW Da
Your em
RSS RWW W
Your em
Search ReadWriteWeb
Home Products Trends Best of RWW Archives
Comcast Property Sees 92% Success Rate With New Mobile retail software
designed for in-store ret
OpenID Method counting, receiving etc.
Written by Marshall Kirkpatrick / February 10, 2009 2:33 PM / 22 Comments « Prior Post Next Post » www.handpoint.com
Dell Business Comput
The most-watched geek event of the day has to be the OpenID UX
Business Computer Pow
(User Experience) Summit, hosted at the Facebook headquaters. The Core™ 2 Duo On Sale
www.nz.dell.com
most discussed moment of the day will surely be the presentation by
Comcast's Plaxo team. New Zealand Site
Features 130,000 Memb
Plaxo and Google have collaborated on an OpenID method that may It's So Popular!
www.smilecity.co.nz
represent the solution to OpenID's biggest problems: it's too unknown,
it's too complicated and it's too arduous. Today at the User Experience
Summit, Plaxo announced that early tests of its new OpenID login
system had a 92% success rate - unheard of in the industry. OpenID's usability problems appear RWW SPONSORS
closer than ever to being solved for good.
This experimental method refers to big, known brands where users were already logged in, it
requires zero typing - just two clicks - and it takes advantage of the OpenID authentication
opportunity to get quick permission to leverage the well established OAuth data swap to facilitate
immediate personalization - at the same time, with nothing but 2 clicks required of users.
Plaxo, primarily known for the noxious flood of spam emails it delivered in its early days, is now an
online user activity data stream aggregator owned by telecom giant Comcast. The Plaxo team has
been at the forefront of the new Open Web paradigm best known for the OpenID protocol.

175. *Source: Janrain
OpenID adoption across the web continues to grow

176. UserVoice Identity Providers
Source: Janrain - Why Websites Should Accept Multiple Third Party Identity Account Logins

177. Interscope Identity Providers
Source: Janrain - Why Websites Should Accept Multiple Third Party Identity Account Logins

178. sulit.com.ph Identity Providers
Source: Janrain - Why Websites Should Accept Multiple Third Party Identity Account Logins

179. G E T T I N G INVOLVED
& C O N TR IBUT IN G

180. Open source in the cloud era

182. Yoism: the world’s first open source religion

187. “The price of freedom is eternal vigilance.”
—thomas jefferson

188. our
^
“The price of freedom is eternal vigilance.”
—thomas jefferson

189. Patents, trademarks and copyright

191. Joining communities

192. • OpenID Foundation
• Open Web Foundation
• OpenSocial Foundation
• Partuza Project/Shindig
• Activity Streams
• Microformats
• Diso Project

193. Libraries, frameworks & resources

194. • Partuza.nl
• Shindig
• Diso Project
• oauth.net/code
• Pinax

195. C O N C L U SION

196. The open, social web is being built on standards that are
free to implement and that encourage competition at the
layer of service and user experience.

197. Q & A