Tim O’Reilly sums up quite nicely the key problem we’re all waiting to see solved with OpenSocial
If all OpenSocial does is allow developers to port their applications more easily from one social network to another, that’s a big win for the developer, as they get to shop their application to users of every participating social network. But it provides little incremental value to the user, the real target. We don’t want to have the same application on multiple social networks. We want applications that can use data from multiple social networks.
Tim’s a great writer and is able to sum up what took me over 600 words to try and describe. But both these posts are worth a read for the comments.
In my post, Paul Linder from Hi-5, one of the launch partners for OpenSocial says that OAuth will be the preferred authentication method that will potentially bind identeties together across social networks. This is great because it’ll be neutral.
In Tim’s post, Kevin Marks from Google reminds everyone of the technical challenges of preserving privacy of data across social networks that honor the complex rules and “social norms” of each social network. In his comment, Kevin hints that “publicly articulated performative” social networks (i.e. twitter, MySpace) would be easier to integrate because the data such as friend connections are public and connections are made with that in mind.
This is why I think the momentum and growth will favor social networks that are built on openness. Just as my parents are frustrated with the permissioning layers of flickr that I have put in place for personal photos, the vast majority of users are going to opt for simple to understand integrations, those that are open.
I’ve been pouring over all the commentary on yesterday’s announcements of Google’s OpenSocial initiative. I’ll reserve judgment until the MyBlogLog team has had a chance to check out the documentation to see what’s possible. One open question I have is the one raised in this post by Dan Faber about the GetFriend call,
MySpace CTO Aber Whitcomb’s MySpace profile incorporates a widget from Flixster that shows what his MySpace friends think about certain movies. In order for that to happen, MySpace must look that information up in Flixster and the question I basically had was “How does the process know how to map a MySpace identity to a Flixster identity.”
This mapping is key. From what I can see in the API docs, you need to look up each person on a service and get back a service specific list of that person’s friends on that service. For example,
This gets you a list of all the friends of this person on Orkut. This gets back a list of member IDs specific to Orkut. These member IDs can be used with the fields populated by the service to retrieve things like,
This is what I glean from the API Reference doc. There is also another field called gd:extendedProperty where each service can put their own, service-specific information but it is not clear if this will extend to include a unique identifier that can be used to map a “John Smith” on one system to a “John Smith” on another.
So in order to make something like a flixter module work in a MySpace page to show what your MySpace friends are doing on Flixter this is what happens,
Login into MySpace
Have Flixter module lookup your MySpace friends via OpenSocial
Have OpenSocial return a list of your MySpace friends with their OpenSocial numerical identifiers
Parse the response for unique identifiers that you can use to lookup a list of Flixter users via OpenSocial
Figure out which of the responses that are returned are, in fact, the same people on your MySpace friends list
Again, how do I make sure that “John Smith” that is on my MySpace friends list is the same “John Smith” I get back from Flixter? What if 20 “John Smith” records are returned? Which one do I present? I can double check email addresses but that can no only be easily spoofed but also the email address I use on MySpace might be different from the email address I use for Flixter.
This mapping is key. MyBlogLog has a Services tab on each members’ profile (click on graphic for a larger view) where members can enter all their identities on different social networks. This was built as a simple locater service because MyBlogLog members like to find each other where ever they hang out. MyBlogLog could be this mapping table but, as it’s built right now, there is no authentication to prove you own the profile you put into the table (other than Facebook) so we’d have to build that authentication layer in.
Maybe this is where OpenID comes in? Can OpenID serve as the unique key that ties this all together? Why weren’t they part of the announcement? This seems like a key bridge that needs to be put in place before all the pieces work as advertised. Am I missing something?
Update: Bob Warfield posts that Google ID is the recommended key to tie everything together via something called AuthSub. I sure hope this isn’t the only mechanism going forward. This brings us right back to a centralized, shareholder-owned, authentication service which isn’t very open.