Tuesday, March 31, 2009

SocialWeb at Web 2.0 Expo

What has been happening with Data Portability on the Social Web. ie. OpenID, OAuth, etc.

The workshop is being run by @chrismessina, @daveman692 and @jsmarr

I will twitter comments from this session using the tag #w2e_sw

If you want to build new and innovative services you don't want to frustrate your users by asking for a bunch of account related data. If the data is out there go and get it. Don't Re-Key!

You need standards to enable mashups. Alternatively, you need consistent formats.

If standards exist - use them!

http://www.oxyweb.co.uk/blog produced a world map of popular social networks. This struck me as a great parallel to the HealthCare world with incompatible/competing health care players.

Functional sites, like Friendfeed, Twitter, last.fm and Dopplr represent specialist services. They have the opportunity to create combined value but they need a social graph to create this.

Facebook solved this for many, as long as developers were prepared to live inside facebook.

Activity streams are an emerging standard. No logo yet.

XMPP is not that popular yet, although it is one of the pipes that Twitter implemented and search.twitter.com leveraged.

Partuza is an Open Social - social Network site that uses Apache Shindig.

Pinax is a platform for rapidly developing websites using social tools such as IM, chat,

The emerging theme is "Connect"

Facebook Connect, OpenSocial Connect.

New building blocks:

  • Who you are
  • Who you know
  • What's going on

These are aspects of the social ecosystem. These create the virtual circle of sharing/knowing.

The anatomy of "Connect":

  • Profile (id, accounts profiles)
  • Relationships (friends, followers)
  • Content
  • Activity
  • Goal (search and discovery)

Most sites are building on the Open Stack:

  • MySpace
  • Yahoo
  • Google
  • Plaxo
  • Microsoft


  • OpenID
  • XRDS-Simple
  • OAuth
  • PortableContacts
  • OpenSocial

Facebook is different but is matching these standards.

Why do this?:

- Why do people have to:

  • Create a new account on every service
  • Re-create their profile
  • Give away their password to every site that asks
  • Re-discover their friends
  • re-friend their friends
  • Learn new ways to share and communicate

Why do developers have to?:

  • Deal with forgotten passwords
  • create another profile form
  • Support every new service API that emerges
  • Force members to invite everyone they know
  • Implement and unsafe method to import contacts
  • Create widgets for incompatible social networks
  • Manually interpret feeds for activity streams

Industry trends:

  • User control of data
  • User centric web services
  • Locatin based services
  • Real time content delivery ubiquitous connectivity
  • Interoperable app platforms
  • content aggregation and syndication
  • increasing quantities of data to work with
  • democratization of digital media creation tools

How do customers benefit:

MySpace has built login with OpenID and OAuth to compete with Facebook Connect.

OpenID popup extension is being developed to simplify the user interface, ala facebook connect.

The emerging issue is that once an item has been made "public" on a social network it can't be withdrawn. If you withdraw an item it may still exist in other places that were connected to the original publishing location.


Now for the technical stuff:

OpenID Demo:

Mapquest (owned by AOL). You can sign in to mapquest with OpenID.

In 2009 there are over 30,000 sites that let you login with OpenID (Relying sites). Growth from 20,000 in August 2008 and 10,000 in Jan 2008. (source: http://blog.janrain.com)

Implementing OpenID as a relying party (ie. accept OpenID)

Internally you need to map one or more openIDs to an internal account.

The OpenID User experience

Directed Identity is emerging as one solution to avoid need for users to know URLs.

At least there aren't too many major providers so the button option is still feasible.

Once people have become known to a site it is possible to tailor re-sign in based upon where a user has come from. eg. If they arrive from Gmail then assume a gmail account.

Personal Discovery standard is emerging, driven by EU demands.

The browser knows who you are so this may be a way to simplify login. This moves away from web sites trying to guess which accounts you use.

The Popup extension is emerging as a technique. The challenge is to avoid spoofing. People don't look at the URL bar.

Remember - you can use email address as an indicator of which OpenId providers to support.

Different sites have different account preferences. This leads to sites supporting multiple standards. eg. OpenID + facebook. At least supporting OpenId means you automatically support Yahoo, AOL, Google, MySpace and other popular sites.

Microformats are also important.

Microformats enable webpages to be an API.

Semantic information can be embedded in a page. Some of the oldest standards are hCard (vCard in HTML)

Use CSS classes to markup and style the data. Very simple way to markup information in existing web pages.

This is ideal for database driven sites because you can edit one output web page and apply a microformat to every database record that is displayed through that web page.

Twitter supports hCard and includes the rel=me setting. If you want your blog to be the top search result on your name in Google then add this value to your blog. Simply add rel="me" to a relevant link on your blog.


The more you publish the more you need a way to identify what you are publishing as yours. Our desktop is moving out in to the cloud.

Identity enables discovery. XRDS-Simple "the name is more complex than the concept"

XRDS - defines services.

eg. OpenID, PortableContacts

eg. OpenID points to one service. PortableContacts points to Plaxo.

WordPress OpenID plugin supports creating XRDS file.

XRDS-Simple can be used for a personal discovery or for sites to publish their service endpoints

LRDD - Link-based Resource Descriptor Discovery (emerging work)


Authorization is important so you don't have to make data public to make it portable.

Will OAuth work in a mobile mode? Yes!

iPhone example is FlightTrack Pro works with Tripit. The iPhone app uses OAuth and Safari to authorize the app on Tripit.com.

OAuth is a protocol for developing password-less APIs.

Plaxo was recently bought by Comcast. Comcast saw a 92% success rate with login using OpenID in collaboration with Google.

The Plaxo-Google connection uses a hybrid. They do the OpenID dance and also handle the OAuth token acquisition at the same time. They also collect and notify user on the basic information that will be used. eg. name and email address.

The Comcast-Google test worked so well that the business folks at Comcast wouldn't let them turn the experiment off!

OAuth can be used asynchronously to allow one user to give permission to someone else to gain access to their information. eg. Dave allows Chris to see his phone number in his contact record.

Relationships and Contacts

Rather than have to support writing to address book APIs for each major service they instead implement a standard protocol. That is PortableContacts. This builds on OAuth and vCard standards.

GMail now supports Portable Contacts. ie. No Google specific code is required to use information from the Google Addressbook.

OpenSocial REST People Protocol is now PortableContact compatible.

vCardDav compatibility is coming with IETF.

Linking Accounts

The XFN Microformat is being used to link accounts and services.

Add a Rel=Me link to connect pages on services..

You can also use Rel=Contact to identify friends.

Google's Social Graph API does this in a simple form. A demo is available.

Activity Streams

Activity Streams are in the realm of "LifeStreaming"

Friendfeed support approximately 59 services. Each was hand coded by Friendfeed.

Activity Streams is about creating a protocol that can be leveraged across sites.

Social Discovery. eg. Plaxo Pulse, LinkedIn network updates, Facebook status updates.

Messaging: Twitter, Yammer, Eventbox (desktop app)

Brand/Personal Monitoring: GetSatisfaction's Overheard searching Twitter.

Primitives: Active, Verb, Object

Actor, Verb Object (context)

Build on Standards

Use ATOM for lists. (aka feeds)

Activity Stream is using a derivation of ATOM to share streams.

Activity Streams is targeted to go in to OpenSocial.

Check out http://activitystrea.ms for the latest info.

Gadgets and OpenSocial

Allow applications to be added tomultiple sites. Write a gadget once and allow in to run on multiple sites. Over 700M users acorss multiple sites support OpenSocial from Myspace to Plaxo to Ning oor Orkut etc.

Shindig is an Apache incubator project for gadgets in OpenSocial.

You can also build OpenSocial apps in the Google AppEngine.

This standard simplifies Engineering integratin and allows developers to focus on PRODUCT integration - ie. How to fit in to the target environment. eg. Ning is different from MySpace.

Next Steps - Homework:

1. Markup existing Data

2. Stop leaking passwords

3. Support OpenID and OAuth

These tools are mature enough to enable simple integration across sites and business partners.

Check out theSocialWeb.tv for the latest news in the space.


  1. Good well written post. slight difficulty in understanding.Thanks for sharing.
    GIS Mapping services

  2. Apologies if some of the post is hard to read. It is written in real time - "stream of consciousness" style capturing the key points from three great presenters - who talk Very quickly!

    I also add some of my t"top of mind" implications from their thoughts - again in real time. Hopefully I can get time to synthesize this after the conference.

  3. you did a great job. Thanks