Archive Page 2

My data and having it my way

Quoting Burger King slogan “having it my way”, last week was a flurry of announcements, arguments, and personality clashes among tech pundits discussing, or rather arguing, the implications of user privacy following announcements from 3 big companies, MySpace, Google, Facebook, each announcing remarkably similar data portability features. I won’t belabor the details of each announcement because they have been covered in great details.

A controversial thing that came out of the announcements is Facebook blocking access to its users data from Google Friend Connect. The official reason cited by Facebook is that Google Friend Connect violated their TOS with regards to respecting their users privacy. IMO the real reason, as pointed out by several tech pundits already, is that Facebook wanted to continue to wall in their users data while conveniently citing the TOS privacy concern as the reason to block access.

What transpired afterward is even more controversial as several tech pundits, Steve Gillmor, Sam Whitmore, Marc Canter, Dana Gardner, Mike Arrington, Mike Vizard, Robert Scoble, self-invited guest Chris Saad (Gillmor’s words, not mine), weighed in about user privacy in general, and really ripped into each other at a Gillmore Gang conference call. You can read related posts on the subject at

Arrington and Scoble duked it out here Data Portability: It’s The New Walled Garden and later on in the Gillmor Gang conference call. I have also seen similar mulitiple discussions raised at without any conclusion.

Details notwithstanding, I had a epiphany about user privacy while trying to sort through the numerous and different opinions about what constitutes right and wrong user privacy controls. It dawned on me that user privacy is a personal and individual thing and is also dependent on the context of usage. IMO, this means no one can or should tell me what I consider private or not. Hence it is not meaningful to define a universal bill of rights for user privacy that works for everyone.

Let’s take the hotly debated example between Scoble and Arrington. Arrington’s position is that his data is his data and he should have the ultimate control over how that data is used which includes the ability to stop someone like Scoble with whom he has shared his email with to not use it on 3rd party services like Plaxo without Arrington’s explicit permission. Scoble’s counter argument is that once Arrington shares his email that he has given implicit permission for Scoble to use it elsewhere. He cited the examples of adding Arrington’s email to his Gmail and Yahoo mail accounts so he can email Arrington from either email account and Arrington has no issue with that. However, Arrington has an issue if Scoble wanted to expose Arrington’s email to a 3rd party service like Plaxo which according to Arrington has a tendency to spam people. If Scoble doesn’t care that Arrington use his email on Plaxo, then that’s Scoble’s right to not care, but if Arrington has an issue with Scoble using his email on Plaxo, then that’s Arrington right to care. Note that Arrington’s reaction is context based because he has no problem with Scoble adding his email to Gmail and Yahoo accounts, which brings me back to my point about user privacy being a personal and individual thing and is also dependent on the context of usage.

So how does this translate to implementing the right user privacy controls. IMO, a service should implement privacy controls ranging from air tight to I honestly don’t care who sees and uses my data along with a set of sensible defaults, e.g.,

  1. I am a private person and I want to explicitly approve every use of my data, WARNING: this might result in excessive permission requests but it’s what you asked for, think Microsoft Vista User Account Control feature.
  2. I am ok with sharing some but not all of my data with my friends and the world. Here’s where the sensible defaults come in, the challenge is to define a set of sensible defaults that makes sense for a particular service but needs to be contextual aware or requires contextual approval.
  3. I love attention and frankly don’t care who sees and uses my data. WARNING: you might regret this later on when you run for the post of US President or mayor when there are bikini pictures of you on the web but that’s a risk you accept.

I suspect most users will pick option 2, and that’s where the real fun begins, defining sensible defaults for each service while allowing for contextual awareness or approval. It’s interesting to note that in his post on How SHOULD dynamic privacy work?, Marc Canter also mentioned the need for privacy controls to be contextual aware although his example is different than mine. I like my example better =)

The above perspective is offered purely, and selfishly, from a user’s point of view without consideration for why big companies like MySpace or Facebook would want to provide free service and making their users data fully portable, hence loosing a competitive advantage. Does a service have a right to users data for providing free service in return, I think so. However, if the industry mindshare is moving towards making data portable, big companies are forced to go along so they don’t get left behind and that is exactly what Google, MySpace, Microsoft, and Facebook did though with varying degrees of data portability but it’s a good start.

One last thought, I believe it is Gillmor that posed this argument, when you sign up for a free service and agrees to their TOS, you have agreed to the terms that they laid out regarding usage of your data, so it’s a done deal and you have to abide by the terms you agreed to. First off, to be realistic, very few people read TOS in its entirety, if you do, you are in the minority. As they say, the devil is in the details which you unwittingly agreed to without reading in full because TOS are designed to be purposely mind numbingly boring and unnecessarily long to discourage a user from reading it in full and providing CYA coverage. And even if you read it in full, it’s not easy to decipher the legal jargon thrown in for further confusion. IMO, while this is technically a correct argument, it is not an effective argument.

In the wild snapshot#1: Lessons from my XFN coding experiment

In an offline conversation with Chris Messina, we discussed the idea of creating blog-length interviews with various in the wild apps describing their processes and the technologies that they use with regards to data portability. The goal is to profile real use cases, solutions, and lessons learned when it comes to the current state of affairs for data portability technology. I am using the term “data portability technology” loosely here and is in no way affiliated with the ongoings of

So I am giving it a go and see what comes of it because we both think this kind of information can be useful to others looking to understand the lay of the data portability land. As such, I will title all such future posts starting with “In the wild snapshot…” as well as assign the category (WordPress terminology) of “in the wild snapshot”. If any of you are interested in doing such an interview, leave a comment on here and I will get in touch with you. Note that these posts are generally meant for web developers but everyone is welcomed to read it of course.

First up, I interviewed myself on my recent XFN coding experiment, neat how that works.

Application Overview
Given the abundance of XFN producers available, I wanted to create a XFN consuming application instead. If you need an introduction to rel-me and XFN, check out my earlier post here. The basic idea is to extract XFN information from a URL and present it in a human readable form, in my case, grouping rel-me entries into “My Online Identities” and rel-contact entries into “My contacts”, that’s it, pretty simple thing to do.

Technology considered: XFN, FOAF, Javascript, JSON, DOM, server side platform (like Ruby on Rails, etc), Google Social Graph API, Google Social Graph Test Parser, lab.backnetwork ufXtract microformats parser

Technology used: XFN, Javascript, JSON, DOM, CSS, lab.backnetwork ufXtract microformats parser

To begin with, I considered client side (Javascript, JSON, DOM, CSS) vs. server side (Ruby on Rails) platforms and went with client side technologies primarily because I had a good example client side app to start with, courtesy of Kevin Marks (OpenSocial advocate and microformats founder). You will notice the very similar layout and fonts, I like to reuse code.

The next question is selecting an appropriate XFN parser. I can either try to find some Javascript library or write my own or use a 3rd party service. To make things easier, I decided to go with a 3rd party service. I have 2 choices to pick from 3rd parties, lab.backnetwork microformats parser and Google Social Graph API. I decided to use lab.backnetwork parser primarily because it parse pages in real-time whereas Google Social Graph API only parse pages crawled by Googlebot which can result in data staleness. With lab.backnetwork parser, I used the JSON callback to process the JSON data structure passed back by the parser. Once I have the JSON data, I then sliced and diced it to dynamically generate additional HTML using Javascript, DOM, and CSS.

If you want more details on how to use Javascript to call the lab.backnetwork parser, check out this excellent post Javascript badges powered by JSONP and microformats. Extracted from the post, here’s the script tag code calling lab.backnetwork parser

var script = document.createElement('script');
script.type = "text/javascript";
Badge.obj = badge;
script.src = "" + escape(link.href) + "&format=xfn&output=json&";

Lessons learned
As a newcomer to XFN, this is a good way, at least for me, to learn about XFN. lab.backnetwork parser works pretty well for extracting XFN information especially since it provides real-time parsing. However, unlike Google Social Graph API, it doesn’t currently parse FOAF. FOAF is a competing standard to XFN but can be used in conjunction with XFN. Here’s a post about XFN and FOAF. From the few profile pages I have seen, it is possible for people to use both XFN and FOAF. For example, on such a profile page, XFN is used to markup the multiple rel-me identities and FOAF (in a separate file) is used to list all his friends. However in other profile pages, FOAF is skipped altogether. It doesn’t appear that there is a best practice published on how to mix and match the various technology.

Another issue I ran into is parsing and displaying human readable names for XFN URLs. As it stands, XFN allows one to define relationship between oneself and friends all centered around the URLs. However, URLs are not designed for optimal human readability, some URLs are long and unruly and others employ the use of proprietary internal naming scheme, e.g. (actual site names changed to protect the innocent),

The reason why I think it is important to couple human readable names with URLs is that a consuming app usually wants to do something meaningful with the XFN information and URLs alone does not provide complete information resulting in the end user having to do more work filling in the human readable information after the initial extraction.

In my discussion with Kevin Marks, he indicated that hCard can and should be used along with XFN to provide complete information. For example, it is possible to have the following XFN and hCard markup

<li class=”vcard”><a class=”fn url” href=”; rel=”met colleague friend” >Joe Blow</a></li>
<li class=”vcard”><a class=”fn url” href=”; rel=”met colleague friend”>Jane Doe</a></li>

I think this is a best practice that is not obvious. Developers are generally familiar with each type of microformats standard but I haven’t seen much documentation in way of how to mix and match the various standards for optimal use. Each standard tends to be describe in silo without consideration for other standards, so hopefully revelations like this can help developers better understand how to use the standards.

Even though the XFN/hCard combination is more complete than just XFN, I still see some issues with it. For example, a parser has to understand the implied relationship between the hCard information and the XFN information and returns that information as a related entity meaning that hCard provides the human readable names for the XFN URL, a relationship that is currently not part of the hCard or XFN spec, so it has to be inferred by the developer. Also, I would like this type of cross standards best practices to also extend to XFN/FOAF, etc. Note that at this time, Google Social Graph APIs do not parse hCard information so even if someone put that information on their profile page, it won’t be useful if the consuming app uses Google Social Graph API. Kevin indicates that he might rectify this in the future and extends the API to also parse hCard.

One last thought, even though I started my application using Javascript, if I want to do more useful stuff, I would switch over to server side code. In particular, if I need to store persistent user information, I need a database and that’s best facilitated by server side platform.

Feedback and suggestions are welcomed.

Chris pointed me to a blog post he did on XFN, Portable contact lists and the case against XFN, it’s worth a read IMO.

A real life use case of Microformat hCard in action

Just yesterday, I was writing about rel=me, XFN, and microformats, check out the post A simple data portability project or is it if you haven’t read it already or just want some background on rel=me, XFN, and microformats.

Today I plan to attend the monthly DataPortability meetup at LinkedIn office in Mountain View. For directions, I would normally go through a series of steps to open a new tab, load google maps, find LinkedIn, etc. However, with my new found microformat knowledge, I immediately noticed that the Firefox Operator plugin lit up when the event page is loaded. As it turns out,, the event service provider in this case, supports microformats.

Here’s the Operator showing the contact details for the event
Event hCard Contact
To map it out, I clicked on “Find with Google Maps” and presto, it shows up on Google maps, very cool. Note that the contact information is using the hCard microformat. And hCard is actually based on another standard, vcard. hCard is just vcard expressed in HTML format. Here’s the actual HTML for that information

<div class="venue location vcard">
<span class="fn org">
<a href="/venue/59005/">LinkedIn</a>
<div class="address adr">
<span class="street-address">2029 Stierlin Court</span>
<span class="locality">Mountain View</span>
<span class="region">California</span>
<span class="postal-code">94043</span>
</div> deleted from brevity

The hCard bits are represented in class="street-address", class="locality", class="region", etc., attributes.

Here's the Operator showing the event calendar details
Event hCard Calendar
If you wish to add this event to your favorite calendar like Outlook, click on "Export Event" or perhaps "Add to Yahoo calendar" or "Add to Google calendar".

Here's the Operator showing the various event tagspaces
Event tags
Tagspaces is also another microformat standard but so far it hasn't been useful to me as a user. Tags are widely implemented in popular social networking sites, though in some places they are called keywords, e.g., if you add a video clip from the movie "Rush Hour 3", you can tag it with "Jackie Chan", "Martials arts", "Kungfu", "comedy", etc, you get the idea. The more tags you add, the easier it is for someone else to find it.

However, it hasn't translated well with most of the tags I have seen so far. Take a look at the tags for the event page, it lists "dataportability", "microformats", "relme", "upcomingevent472061". For "dataportability", it then list sub options for "Find products on", etc. Without putting my technical hat on, I would be totally puzzled by "dataportability", "microformats", "relme", "upcomingevent472061", let alone find "dataportability" product on In fact, I tried to find dataportability product on and guess what, it came up zippo as it should because there is no such thing. However to a first time user seeing and trying it, a likely first impression is that it is useless and broken. On other microformat capable pages, I saw duplicate (sometimes 3 or 4 times) tags making it even more confusing, this probably could have been handled by Operator removing the duplicate entries though but there shouldn't be dups in the first place. Anyway, I do think this is a useful feature but it requires more usability thoughts for Joe Blow users.

A simple data portability project or is it

As stated in my last post Storm in a teapot, has started a DIY project of the month on rel=me.

First off, a bit of background about rel=me (rel is short for relationship), XFN, and microformats. rel=me is merely one piece of XFN (XHTML Friends Network) microformat standard. XFN is a format to depict social relationships, i.e., friends, family, lovers, co-workers, etc. For a quick introduction to XFN, check out this page – assumes basic HTML knowledge.

What are microformats you ask. According to about page, microformats are designed for humans first and machines second. Well not really, especially for humans that are non-techies. It should have said that microformats are designed for humans with at least a basic knowledge of HTML otherwise it is just gibberish. HTML knowledge is primarily a domain expertise of web developers and designers which are a subset of developers. For example, I met with a friend of mine yesterday who is a software professional for over 20 years with extensive experience in Java / J2EE, security appliances, etc and he has never heard of any of the data portability technologies or even FriendFeed or Twitter for that matter. He is just as clueless as the non-techie users in terms of knowing what XFN is though he has the ability to learn about it far more quickly than a non-techie user.

XFN is only one microformat standard, other microformat standards are

  • hAtom – for marking up Atom feeds from within standard HTML
  • hCalendar – for events
  • hCard – for contact information; includes adr – for postal addresses, geo – for geographical coordinates (latitude, longitude)
  • hReview – for reviews
  • hResume – for resumes or CVs
  • rel-directory – for distributed directory creation and inclusion
  • rel-nofollow, an attempt to discourage 3rd party content spam (e.g. spam in blogs).
  • rel-tag – for decentralized tagging (Folksonomy)
  • xFolk – for tagged links
  • XOXO – for lists and outlines

Getting back to DIY rel=me project. For those of you that understand HTML, rel=me is an HTML attribute you can add to href link tags to describe your various online identities. For a full list of other rel values, check out this page. For example, here are some of my online identities in XFN rel=me format

<a href="" rel="me">Bob Ngu's Twitter profile</a>
<a href="" rel="me">Bob Ngu's LinkedIn profile</a>
<a href="" rel="me">Bob Ngu's FriendFeed profile</a>
<a href="" rel="me">Bob Ngu's Data Portability Blog</a>

Note that I did some HTML tricks to not display the above information as regular links, otherwise it would look like this normally

As you can see, the actual HTML output has no visual difference as far as a user is concerned, they are simply regular links. But to a XFN capable reader or browser, it can understand the rel=me attribute as semantically meaning “you”. Note that there are many different forms of online identity, not just profiles at popular social sites but also any blogs you own, etc. This is not immediately obvious to a regular user so it’s worth pointing out.

So assuming that you went through the trouble to write up your HTML with rel=me, what next, where is that information actually consumed. I don’t think the 2 most popular browsers (IE 7 and Firefox 2) at this time have native support for XFN, I hear Firefox 3 is suppose to have native microformat support but I haven’t looked for it and if it is there, it isn’t immediately obvious to me. The closest thing I can find is a Firefox plugin called Operator. Operator is a microformat capable reader and for the most part seems to be able to consume most of the above microformat standards except rel=me, kind of odd but kind of understandable.

Here’s an example of a microformat capable page, and this is the microformat information that the Operator (installed on Firefox 2) plugin extracted from the page. For example, there are 3 contacts information: deBurca Ltd, James Burke, Joscelyn Upendran. For all 3 contacts, you can export the contact information in vcard format, just select “Export Contact”.

If you want to test out microformats, you can also use tools like ufXtract – Microformats Parser (Beta 0.2.2) to read a microformat capable page. I don’t recommend nor expect a non-techie to use that tool though. If you are technically inclined, go ahead and plug in this post URL in the ufXtract tool and select “me” for format, click submit, and you will see the rel=me information extracted.


text: Bob Ngu’s Twitter profile

text: Bob Ngu’s LinkedIn profile

text: Bob Ngu’s FriendFeed profile

text: Bob Ngu’s Data Portability Blog

Another service capable of consuming XFN, including rel=me, is Google Social Graph APIs but again this is only for techies, specifically web developers. Non-web developers and even web designers might not be well suited to understand the APIs. I heard that Google Social Graph APIs came about after this excellent article Thoughts on the Social Graph by Brad Fitzpatrick (since hired by Google and is responsible for delivering Google Social Graph APIs) and
David Recordon (Six Apart).

Note that Googe Social Graph APIs only work on data after Googlebot has crawled it, so for real-time testing, Google created a test parser URL at
You can see the Google test parser documentation here. Anyone can send a HTTP POST request to the test parser URL and see the Google Social Graph API results. One of contributor, Julian Bond, implemented a simple wrapper page around the test parser URL. If you go to the wrapper page and enter this post URL, you will get the following results

SG Test Parser http response: 200
List of outgoing "me" edges
...the rest of the output deleted for brevity

Basically the list of outgoing “me” edges is the Google Social Graph output for the rel=me links I added in this post.

Final Thoughts
When I started looking at rel=me, my initial thought was, quoting Sherlock Holmes, “It’s elementary, my dear Watson” but it’s far from elementary as you can see. XFN and microformats are talked about way more in blogs than actually being practiced in the wild. I first started to check for XFN capable sites off this page and a lot of the XFN capable site links are broken, either the site no longer exists or the information is incomplete. It is definitely not a page for non-techies. I did find the one (as mentioned above) site that provided readable microformat information. I also know that Mahalo (a new search engine) also now supports microformat in their results.

At this time, I can honestly say that XFN rel=me proliferation is limited and experimental at best. It would take a while for mass adoption to happen and requires a lot of user education, adoption by popular social sites like Facebook, MySpace, etc, and native browser support.

Storm in a teapot

Kara Swisher wrote a post recently Twitter: Where Nobody Knows Your Name. While attending a wedding at Washington D.C., she did an informal technology survey with about 30 people all of whom were quite intelligent, armed with all kinds of the latest devices (many, many people had iPhones, for example) and not sluggish about technology.

There are her findings (not at all surprising to me), quoting from her article

The grand total who knew what Twitter was: 0
Same goes for FriendFeed: 0
Widget: 1 (but she thought it was one of the units used in a business class study).
Facebook: Everyone I asked knew about it and about half had an account, although different people used it differently.

So her conclusion,

In other words, confirming for me what I wrote last week about the intense obsession with the hottest new services like Twitter and FriendFeed, in the echo chamber of Silicon Valley, and how no one else cares yet.

Basically all the fuss about FriendFeed and Twitter in the tech world sounds very much like storm in a teapot, I couldn’t agree more. But the question then why is a service like Facebook so much more mainstream than FriendFeed or Twitter? Perhaps it’s a matter of time before Twitter and FriendFeed gets more adoption but IMO, the simple answer is that the value of Facebook, likewise MySpace or Youtube, is immediately obvious to non-techie users. If a service make non-techie users work to figure out how to use it, you have lost them, pure and simple. Also, I suspect that non-techie users have no idea what a feed is, much less feed aggregator or mashups.

This post is actually a lead up to my next post on a current ongoing DataPortability DIY project of the month on rel=me adoption, rel=me is a XFN (XHTML Friends Network) microformat standard, I will explain more in the next post.

Master of My Domain

The infamous Seinfeld line “Master of My Domain” comes to mind when I learn of a new upcoming social network ( to debut summer 2008 ) called My first impression was “Do we really need another social network?” Isn’t there enough social networks to numb the mind causing further social network fatigue? At least that’s how I feel when I read the unending stream of posts at sites like Techcrunch, they are a blur and rarely stands out.

The same goes for the numerous data portability standards or solutions, there are just so many of them out there solving the same problem over and over again and not going anywhere. At this point data portability isn’t about lack of technology, it is about too much technology and not enough consensus, which is why I think came about with a goal to bring consensus, at least that’s the idea, execution will determine success or failure. Which leads me to wonder how did some of these standards rose above the fray and got adopted by the community, standards like openID, OAuth, microformats are some examples. Perhaps more thoughts on this later in another post – feel free to share if you have any thoughts on this.

So back to I learned about it from a CNet post The Web 2.0 economy hangs in limbo talking about Mashable enlisting to throw a party like it was 1999 (Prince and first internet boom comes to mind) all over again. Digging further leads me to’s blog, At first glance, the first post Feudalism 2.0 (or serfing the web) gave me pause for “seriously, another social network? Argh”.

However, once one of the founder (Tony Haile) clarified for me how is different than other solutions like People Aggregator or Ringside social application platform, a light bulb went off for me.’s basic premise is that instead of relying on social networks like MySpace or Facebook to host your profile and your relationship goodness keeping you and your friends prisoner behind their walled gardens, you host “you” on This is done by you having your own domain, e.g.,, that is mine and only mine. Social networks can then interact with your domain to gain access to your identity, profile, and friends information at your discretion. Now you see why the expression “Master of My Domain” comes to mind for IMO this is disruptive technology and a great next step in data portability. also claims to make it open so that I can take my information to another service provider if I don’t like their service. Great stuff.

On a personal note, I am not enamored with the domain name “”, I know it is short for “Content Hub and Identity Management Platform” but makes me feel like an un-evolved user who is only capable of pushing buttons or doing menial tasks for rewards. Plus Content Hub and Identity Management Platform is just well too geeky (even though I am a geek) for my taste. Now, “Master of My Domain” that’s something a non-geeky user can relate to, not to mention it’s a double (or is it triple) entendre. Interestingly enough, I started having some new startup ideas of my own that could be potential partners to something like, I registered and got the domain name before I learn of, coincidence or fate? I would relish the opportunity to work with them.

Doing the right thing vs. doing the things that matter to users

So Ning just got a $500M valuation, see Techcrunch’s post Ning Worth Half A Billion Dollars and Marc Canter isn’t happy about it, so unhappy that he wrote 2 posts about it Ning earns $1.7 a year on paid subs and they’re worth HOW much?, Response to Jean Hughes Robert on his comment about Ning.

After digging into a bit, I learn that Marc also has a similar company to Ning, People Aggregator. You can get an overview of People Aggregator from a Techcrunch post almost 2 years old A look inside PeopleAggregator. Quoting from the post,

Here’s how it works. will be a fully functioning online social network in and of itself, but it will share information with other services through common identity standards for our profiles and through APIs (application programming interfaces) for our writing, multimedia and contacts.

Perhaps most important, PeopleAggregator will also provide new social networks with hosted software and later next month will offer downloads of the software for organizations who prefer to host it themselves. Licenses will be free for nonprofits and will cost commercial ventures a one-time sum after they successfully monetize the system.

What this means is that it will be easy to come and go from new social networks, instead of being locked in to one just because you’ve put the time and energy into using your account there. Instead of being at the mercy of one centralized database and service, if Canter’s vision succeeds then countless social networks will proliferate with unique styles and function but with interoperability.

It appears that Canter’s rant about Ning’s valuation might have something to do with People Aggregator not being as successful as Ning or Facebook. Quoting from this Valleywag post, Marc Canter tells Mark Zuckerberg how to run Facebook,

Oh, and Canter’s screed certainly wouldn’t have anything to do with Canter’s own also-ran social network, PeopleAggregator, which has attracted few users despite “doing the right thing.” The right thing, apparently, being “failing.” Sure. Canter can’t replicate the success of Facebook, and he can’t make the marketplace care about his values.

The reason why I am writing about this is that People Aggregator’s purpose is very relevant to the data portability effort. So relevant in fact it reads like the Data Portability manifesto. But yet why did it not catch on like Facebook or Ning? People Aggregator did all the right things WRT to making data portable whereas Facebook is primarily a walled-off social network and Ning, while being a white-label social network provider, isn’t nearly as open (even though they implemented OpenSocial) as People Aggregator.

My thoughts on why People Aggregator isn’t as successful is what I said in the title of this post “Doing the right thing vs. doing the things that matter to users”. In particular, Facebook and Ning did more of what matters to the users than People Aggregator. In the end, it’s the users that determine that success of a social network. For the most part, your average user, while inconvenienced by having to re-enter a lot of their profile and friends data on different social networks, aren’t deterred enough to not join those social sites. Bottom line, the benefits of the walled-off sites outweigh the pain of re-entering your profile and friends data which leads me to rethink one of my earlier posts on The many faces of Data Portability. I believe that ultimately, the data portability standards that matter are the ones that provide real and substantial values to the users rather than what is right from an ideology viewpoint.

OAuth Explained

Ok, I admit this post is for geeks but even geeks can’t keep up with all the latest technology all the time, so I guess I am ungeeking OAuth (pronounced “Oh Auth” and short for Open Authorization) for geeks, wait, is that like oxymoron?

Problem Domain
If you have accounts on multiple social sites like youtube, facebook, myspace, flickr, etc, you have probably been asked by at least one if not all of the sites to invite your friends during signup and probably repeatedly afterwards. Usually this involves handing over your private username and password to your favorite email accounts like Yahoo, Gmail, etc. By handing over your private information, you allow the site(s) to scrape your email contacts for their emails so the site(s) can spam them with invites, lovely huh. In the back of my mind, I always have this discomfort about what the site(s) might do with my private login information, it’s like giving someone the keys to your house and hope that they don’t make a copy and raid your house later on.

Solution OAuth
I extracted most of the 2 paragraphs below from the OAuth About page.
Obviously sharing the same discomfort as me, a few open source developers got together and studied several existing proprietary authentication implementations (Google AuthSub, AOL OpenAuth, Yahoo BBAuth, Upcoming API, Flickr API, Amazon Web Services API, etc). Each protocol provides a proprietary method for exchanging user credentials for an access token or ticker. Out comes OAuth based on the best practices and common functionality of the proprietary implementations.

So what is OAuth? OAuth allows the you the User to grant access to your private resources on one site (which is called the Service Provider), to another site (called Consumer Application, not to be confused with you, the User). This isn’t the same as OpenID. While OpenID is all about using a single identity to sign into many sites, OAuth is about giving access to your stuff without sharing your identity at all (or its secret parts).

OAuth Process Flow
I extracted most of the following from an excellent post Developing OAuth clients in Ruby.

To better understand things, let’s look at the process flow – you probably need to be a developer to make sense of it.

  1. Register your consumer application with the OAuth compliant service provider to receive your Consumer Credentials (This is only done once)
  2. You initiate the OAuth Token exchange process for a user by requesting a RequestToken from the Service
  3. You store the RequestToken in your database or in the users session object
  4. You redirect your user to the service providers authorize_url with the RequestToken’s key appended
  5. Your user is asked by the service provider to authorize your RequestToken
  6. Your user clicks yes and is redirected to your CallBack URL
  7. Your callback action exchanges the RequestToken for an AccessToken
  8. Now you can access your users data by performing http requests signed by your consumer credentials and the AccessToken.

If you want more details (especially if you are a Ruby on Rails guy), check out the post Developing OAuth clients in Ruby.

Is FriendFeed all that?

In the post, How our digital lives are spreading out, Scoble dotes on FriendFeed and in a separate post said that his new blog design will be heavily influenced by FriendFeed, whatever that means. If he likes it any more, he would marry FriendFeed, talk about an unholy union. BTW, is Scoble migrating his online presence from his blog to FriendFeed an example of “Decentralized Me” or rather “Centralized Decentralized Me”?

All joking aside, his post got me thinking about whether FriendFeed is all that Scoble gushes about. I can see FriendFeed’s appeal for someone like him, a tech pundit and blogger with his own company fully immersed in the web 2.0 lifestyle doing a zillion things at one time. But what about your average user, Joe Blow, who enjoys watching the occasional video, rarely if ever posting a video, probably doesn’t have a blog, maybe has a MySpace or Facebook profile and well, generally not all that interesting to anyone else other than his friends and family. To which I say, Friendfeed isn’t really all that interesting to him, at least not in the same way as someone like Scoble.

The way I see it, services like FriendFeed and Twitter are particularly meaningful for someone who is well-known in his field, has a lot of followers / readers, and a desire to further extend his brand online. For the average user who doesn’t have much of an audience, it quickly becomes boring for him to friendfeed or twitter. However, the value of FriendFeed to an average user is keeping abreast of his favorite online personality activities. What say ye, FriendFeed and Twitter users.

BTW, how does Scoble keeps tab on 16,000 people? Talk about information overload.

Updated 4/4/2008
I must have been channeling Scoble when I wrote this post (or maybe I stole his speech for Next Web Conference) but here’s what Scoble said per Techcrunch post Live From the Next Web (2008): Day 2

Kicking things off is Robert Scoble, who is talking about the new digital divide: People with friends and people without friends. The old digital divide (rich versus poor) still exists. But the new digital divide is a consequence of how social software works. You have a better experience on Facebook, Twitter, FriendFeed, Upcoming or even Google Reader the more friends that you have. But if you don’t have any friends, the experience really sucks.

Is OpenSocial Shindig a trojan horse?

No, not that kind of trojan horse but you will see what I mean later on. The more I learn about OpenSocial, the more I think it is making a strategic play as the de facto social networking standard not just for gadget apps container but also how to link containers (as Chris Saad puts it) as it pertains to data portability.

Here’s why I think so. OpenSocial has a reference implementation Shindig (written in Java) that any social site can drop into its infrastructure, hook up some connections between Shindig and their backend and presto, the site now supports OpenSocial apps (at least in theory). Quoting from this blog

As Google product manager Dan Peterson describes in Let’s get this shindig started: “Shindig is a new project in the Apache Software Foundation’s incubator (as per the formal proposal) that aims to provide an open source reference implementation of the entire OpenSocial stack — Shindig’s goal is to allow new sites to start hosting social apps in well under an hour’s worth of work.” This source “is based upon code that has been powering Google Gadgets and iGoogle for the past few years and is meant to bootstrap the Shindig project.”

Did you catch that part about “in well under an hour’s worth of work”? That’s very appealing to social sites because it is of minimal impact to their existing code base. At the minimum, it gives them great incentive to try it out and see how well it works. And once it is in, it usually stays. That means OpenSocial can easily proliferate across social sites making it a practiced standard in the wild.

OpenSocial is known for making gadget apps portable but they are going beyond that already. There is currently a proposal to make OpenSocial APIs RESTful. IMO, this is the “linking containers” bit. RESTful APIs is an open standard and can be called by anyone through HTTP essentially opening up the social site users data through OpenSocial. And the more social sites with OpenSocial support, the more it becomes a standard in the wild.

Maybe I am off the mark here, if you think so, I would like to hear from you (leave a comment) why.