How does OpenSocial map identities?

I’ve been pouring over all the commentary on yesterday’s announcements of Google’s OpenSocial initiative. I’ll reserve judgment until the MyBlogLog team has had a chance to check out the documentation to see what’s possible. One open question I have is the one raised in this post by Dan Faber about the GetFriend call,

MySpace CTO Aber Whitcomb’s MySpace profile incorporates a widget from Flixster that shows what his MySpace friends think about certain movies. In order for that to happen, MySpace must look that information up in Flixster and the question I basically had was “How does the process know how to map a MySpace identity to a Flixster identity.”

This mapping is key. From what I can see in the API docs, you need to look up each person on a service and get back a service specific list of that person’s friends on that service. For example,

http://orkut.com/feeds/people/14358878523263729569/friends

This gets you a list of all the friends of this person on Orkut. This gets back a list of member IDs specific to Orkut. These member IDs can be used with the fields populated by the service to retrieve things like,

  • Display Name
  • profile url
  • email address
  • IM handle
  • phone number

This is what I glean from the API Reference doc. There is also another field called gd:extendedProperty where each service can put their own, service-specific information but it is not clear if this will extend to include a unique identifier that can be used to map a “John Smith” on one system to a “John Smith” on another.

So in order to make something like a flixter module work in a MySpace page to show what your MySpace friends are doing on Flixter this is what happens,

  1. Login into MySpace
  2. Have Flixter module lookup your MySpace friends via OpenSocial
  3. Have OpenSocial return a list of your MySpace friends with their OpenSocial numerical identifiers
  4. Parse the response for unique identifiers that you can use to lookup a list of Flixter users via OpenSocial
  5. Figure out which of the responses that are returned are, in fact, the same people on your MySpace friends list

Again, how do I make sure that “John Smith” that is on my MySpace friends list is the same “John Smith” I get back from Flixter? What if 20 “John Smith” records are returned? Which one do I present? I can double check email addresses but that can no only be easily spoofed but also the email address I use on MySpace might be different from the email address I use for Flixter.

MyBlogLog Services TabThis mapping is key. MyBlogLog has a Services tab on each members’ profile (click on graphic for a larger view) where members can enter all their identities on different social networks. This was built as a simple locater service because MyBlogLog members like to find each other where ever they hang out. MyBlogLog could be this mapping table but, as it’s built right now, there is no authentication to prove you own the profile you put into the table (other than Facebook) so we’d have to build that authentication layer in.

Maybe this is where OpenID comes in? Can OpenID serve as the unique key that ties this all together? Why weren’t they part of the announcement? This seems like a key bridge that needs to be put in place before all the pieces work as advertised. Am I missing something?

Update: Bob Warfield posts that Google ID is the recommended key to tie everything together via something called AuthSub. I sure hope this isn’t the only mechanism going forward. This brings us right back to a centralized, shareholder-owned, authentication service which isn’t very open.

12 Replies to “How does OpenSocial map identities?”

  1. the beauty of contextual identity management services is that as long as everything is tied back to the same unique identifier (aka OpenID), the user can manage their personas to ensure that there isn't inappropriate leakage

  2. I think that the information may not be available to the “App” developers; but should be included for “Container” providers. If done right, App developers shouldn’t even need to think about “friends” — they should come along for the ride in context of the site the user is on.

    While there is no guarantee on Container sites having an aggregate view of the data, it would make a lot of sense for Google to add that to OpenSocial when it puts the Container spec into the wild.

    Cheers,
    Todd

  3. I don’t think, as a user, I want one network to send my list of connections to another network to get back the activity stream on that other network – that’s sharing too much personal data between networks. To start with, the second network could return all my activity stream without trying to map the users in that stream to the host network.

  4. the beauty of contextual identity management services is that as long as everything is tied back to the same unique identifier (aka OpenID), the user can manage their personas to ensure that there isn’t inappropriate leakage

  5. Hi, I can provide some background on this. OAuth will become the preferred auth mechanism for the REST version of OpenSocial, so that’s good news.

    As far as mapping goes, I’m guessing that flixter maps mysql users into it’s own internal map. What might be interesting is if you could use the same flixter data in multiple containers. With the right tooling, I believe it’s possible.

  6. @Todd, Subbu, and Max, context is an important point and it will be interesting to see how very different social networks add controls that retain this context. LinkedIn and MySpace are examples of two very different social networks where ignoring context will result in some very bizarre module behaviors. It’ll be a UI challenge to say the least!

    @Paul, OAuth as preferred is great news! Look forward to seeing this in action.

Leave a comment