Scribd
Upload
61 views

Intro To Open Web Technology MSC OSCONF 2009 #MOSC2010

Intro To Open Web Technology Open ID, OAuth, Atompub and OpenSocial. MSC OSCONF 2009. MSC Malaysia Open Source Conference 2010 (MSC MOSC2010) Is Open For Registration http://conf.oss.my/

Uploaded by

Harisfazillah Jamel
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as ODP, PDF, TXT or read online on Scribd
61 views

Intro To Open Web Technology MSC OSCONF 2009 #MOSC2010

Intro To Open Web Technology Open ID, OAuth, Atompub and OpenSocial. MSC OSCONF 2009. MSC Malaysia Open Source Conference 2010 (MSC MOSC2010) Is Open For Registration http://conf.oss.my/

Uploaded by

Harisfazillah Jamel
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as ODP, PDF, TXT or read online on Scribd
You are on page 1/ 57

Introduction to Open

Web Technology
(Open ID, OAuth, Atompub and
OpenSocial)

Mohanaraj Gopala Krishnan


MSCOSCONF 2 June 2009
mohangk.org/blog
@mohangk on twitter
Questions for you
• Experience using or developing any of the following
services ?

• OpenID, Oauth, Atompub or OpenSocial ?

• Might not even know about it ?

• Under the hood technologies

• User your Gmail / Yahoo password on more then one site ?

• Use a twitter client that makes you login via twitter


website ?

• Blog using a client – e.g. Windows Live Writer

• Use any of Google APIs – Gmail, Youtube, Docs

• Use applications on Orkut, Friendster, MySpace or Ning ?


What do we mean by the
Open Web ?

http://www.flickr.com/photos/mag3737/1
The open web is a set of
philosophies
• Decentralization - not owned by any one company

• Transparency - view the “source”

• Openness - The protocols, docs, code or


specification must be available without penalty of
patents, copyright

• User choice - As easy to leave as it was to join -


take data and information with you

• 3rd Party Integration/Innovation - hook into the


system at all levels, innovate without asking
permission

• Civil Society and Discourse - many-to-many and


one-to-many communication, allowing for millions of
conversations
Not about technologies
"...However, if we define
the Open Web
in terms of these
technologies,
then we risk losing sight of
what makes the web
special and being able to have
the intellectual nimbleness to
evolve the infrastructure of the web."
-Brad Neuberg, Dojo, Google Gears developer
http://www.flickr.com/photos/uhop/225023
http://codinginparadise.org/weblog/2008/04/whats-open-web-and-why-is-it-important.html
Having said that,
• This is a talk about the web specifications that
embody those philosophies

• Open Web technologies being developed on many


fronts

• Client end

• Browser - Firefox – Gen Kanai's talks

• Server technologies

• Apache, PostgreSQL, Linux, BSD - tools that


power the web, most mature

• Web specifications

• Driven from need for collaboration, but has


value beyond it
What is OpenID ?

• OpenID is a specification that allows


people to log into a web site using
credentials provided by another web
site.
• Distributed authentication
Key concepts

• User
• Identifier - unique identifier that will
be reused at all sites
• Identity provider (OpenID Provider,
IdP, Server)
• Relying party (Consumer)
As an end user
• You can reuse your username and password
which sites that work as relaying parties (not all
IPs are Rps – Facebook is the largest RP)

• Single place to maintain/update your identity


• Need to have an account with an identity
provider
As a developer
• Exist mature libraries for many languages

• Build on the security expertise of others

• If you develop public websites

• OpenID as its gaining traction 500 million users,


over 25,000 sites accept OpenID logins*

• Makes it easier for new users to join as they do not


need to re-enter all information

• If you develop internal websites

• Can use OpenID as a form of SSO for multiple


internal application - looses out of the
“distributed” nature however

* http://www.janrain.com/openid
OpenID flow

www.johnmerrells.com/.../05/openid-diagram-1.png
What is OAuth?
• A simple open standard for
delegated Web API authorization
• Let other sites access your data
without telling them your password
Valet key for your
web

http://toyotaownersclub.com/forums/index.php?showtopic=77384
Key concepts
• End Users
• Share information between online services without disclosing
passwords

• Web service (Service providers)


• Allow for secure access to your API in a user controlled, secure
manner

• 3rd Party application (Consumers)


• A standard authorization scheme for the web
VS
http://www.flickr.com/photos/leelefever/133949029/
OpenID vs OAuth
•Goals are different
• OpenID is about sharing a single
identity with different consumers
• OAuth is about sharing your data
with different consumers without
sharing your identity
• Not mutually exclusive
Love triangle

End user

Service
provider Consumer
http://www.flickr.com/photos/factoryjoe/2658493767/
http://www.flickr.com/photos/factoryjoe/2659323294/
http://www.flickr.com/photos/factoryjoe/2659323294/
http://www.flickr.com/photos/factoryjoe/2658497753/
As an end user, why
bother?
• Never give your passwords to 3rd party
websites
• Even if not malicious, what if
compromised ?
WTF ?!
“Passwords are not
confetti.
Please stop throwing them
around.
Especially if they’re not
yours”
Chris Messina
http://www.slideshare.net/carsonified/how-oauth-and-portable-data-can-revolutionize-your-web-app-chris-messina-presentati
As a developer, why
bother?
• Large adoption - Goog, Y!, MySpace
• Interop - Leverage the services
• Can be used as a replacement for
HTTP basic auth
• SSL might not be always necessary
• Part of the Open web stack
• Atompub + OpenID + OAuth + XRDS
+OpenSocial
What is the Atom publication
protocol (Atompub) ?

• A manner of updating Atom feed


information on a server from a client

• The feed format is Atom Syndication


format - RFC 4287

• Atom publication protocol – RFC 5023


Key concepts
• Is a RESTful HTTP protocol – uses HTTP “correctly”

• Consists of

• Entry – basic unit of content

• Feed – a collection of entries


Allows for data beyond HTML
• The atom:content element allows for storing of
more data then just HTML

• Being used as a way to expose data on the web

Google has
extended
Atompub and the
Atom syndication
format to expose
their applications
data online
• Microsoft as well has used it as the
basis of the Live web services

http://dev.live.com/blogs/devlive/archive/2008/02/27/213.aspx
Example
As a developer, why bother ?
• If you're building apps

• More web APIs are being exposed as an extension


to Atompub or being built in a RESTful manner

• If you're exposing your building a web service/API

• Building your Web API on top of Atompub will


ensure that it benefits from all the RESTful
principles

• Allows your users to leverage existing tooling and


know how in accessing Atompub or RESTful web
services
OpenSocial
• A set of open, standard APIs for building social
applications

• Widget/ Portal based

• Front ends are implemented in Javascript, HTML,


CSS. Uses Javascript to query backends.

• Backends expose RESTful web APIs to query


backends that return data either as JSON or Atom
feeds.

• Leverages OAuth for security


Examples

http://www.flickr.com/photos/29501676@N00/1826112130/
• http://apps.myspace.com

• ~ 1000+ apps
iGoogle – a non social site OpenSocial container
Google Friend Connect – A hosted OpenSocial solution
Applications
available
as part of
Google Friend
connect
Deals with proliferation of online social
sites

http://widgetsummit.com/media/slides/opensocial.pdf - Chris Schalk, Google Developer Advocate Paul Lindner, Engineering Manager, hi5
http://widgetsummit.com/media/slides/opensocial.pdf - Chris Schalk, Google Developer Advocate Paul Lindner, Engineering Manager, hi5
http://widgetsummit.com/media/slides/opensocial.pdf - Chris Schalk, Google Developer Advocate Paul Lindner, Engineering Manager, hi5
Key concepts
• Platforms that can run the OpenSocial widgets are
called “containers”

• The containers expose a standard set of underlying


data APIs

• People & Friends

• Access friends information programmatically

• Activities

• See what you’re friends are up to

• Share what you are doing

• Persistence

• Provide state without a server

• Share data with your friends


Javascript front end querying the data apis
http://widgetsummit.com/media/slides/opensocial.pdf - Chris Schalk, Google Developer Advocate Paul Lindner, Engineering Manager, hi5
Javascript front end accessing data from outside
OpenSocial container
http://widgetsummit.com/media/slides/opensocial.pdf - Chris Schalk, Google Developer Advocate Paul Lindner, Engineering Manager, hi5
As a developer, why bother ?
• If you're building apps for social networks

• Huge deployment

375,000,000 users , 4,500+ apps, pipeline of 100+ containers world wide

http://widgetsummit.com/media/slides/opensocial.pdf - Chris Schalk, Google Developer Advocate Paul Lindner, Engineering Manager, hi5
• If you're building a web app

• Provide social features in your software

• Automatically get access to all these potential


gadgets

• Even companies like SAP and Oracle are looking at


ways to integrate social type features into their
application

http://www.sapweb20.com/blog/2009/05/sap-and-open-social-at-the-google-io-developer-conference/
• Leverage existing implementations
• Apache shindig
http://incubator.apache.org/shindig/

• Being used by HI5

• Glassfish socialsite
https://socialsite.dev.java.net/http://incubator.ap
ache.org/
Summary
• The technologies are being built on top of each other
– Open Web stack – many more interesting open web
specs being developed

http://developer.yahoo.net/blog/archives/2008/12/the_open_stack.html
• Great engineering work, learnings applicable outside
of original use cases

• Community driven specifications work

• All the engineering happens on mailing lists,


forums, wikis – anybody can participate,
meritocratic

• Don't necessarily need to roll your own – lookout for


existing open specs – participate

• If there is really a need – suggest to existing


groups and get feedback
Thank you!
How does it happen?
• Community driven
• Mailing list, wikis, discussion
groups anybody can join and
contribute
• Companies back up – but not in
the forefront
• Strong personalities
• There tends to be evangelist that
rally the troops
• Speed of development
• Light weight process allows for quick releases
E.g.

• OpenID – 1.0 released 5/2005, 1.1 5/2006,


2.0 12/5/2007

• OAuth – Started work ~Nov 2006, Oct 3rd 2007


v1 released. Currently in IETF standardization
process

You might also like