Introduction To Open Web Protocols
2 likes2,226 views
The document introduces various open web protocols such as OpenID, OAuth, AtomPub, and OpenSocial, emphasizing the philosophies of decentralization, transparency, and user choice. It discusses the functionality and importance of each protocol for both end users and developers, highlighting the growing adoption and integration potential across web applications. Additionally, it outlines how these technologies collectively contribute to a more open and innovative web ecosystem.
Introduction To Open Web Protocols
- 1. Introduction to Open Web Protocols (Open ID, OAuth, Atompub and OpenSocial) Mohanaraj Gopala Krishnan MSCOSCONF 2 June 2009 mohangk.org/blog @mohangk on twitter
- 2. Questions for you Experience using or developing any of the following services ? OpenID, Oauth, Atompub or OpenSocial ? Might not even know about it ? Under the hood technologies User your Gmail / Yahoo password on more then one site ? Use a twitter client that makes you login via twitter website ? Blog using a client – e.g. Windows Live Writer Use any of Google APIs – Gmail, Youtube, Docs Use applications on Orkut, Friendster, MySpace or Ning ?
- 3. What do we mean by the Open Web ? http://www.flickr.com/photos/mag3737/1914076277
- 4. The open web is a set of philosophies Decentralization - not owned by any one company Transparency - view the “source” Openness - The protocols, docs, code or specification must be available without penalty of patents, copyright User choice - As easy to leave as it was to join - take data and information with you 3rd Party Integration/Innovation - hook into the system at all levels, innovate without asking permission Civil Society and Discourse - many-to-many and one-to-many communication, allowing for millions of conversations
- 5. Not about technologies "...However, if we define the Open Web in terms of these technologies , then we risk losing sight of what makes the web special and being able to have the intellectual nimbleness to evolve the infrastructure of the web." -Brad Neuberg, Dojo, Google Gears developer http://www.flickr.com/photos/uhop/2250235637 http://codinginparadise.org/weblog/2008/04/whats-open-web-and-why-is-it-important.html
- 6. Having said that, This is a talk about the web specifications that embody those philosophies Open Web technologies being developed on many fronts Client end Browser - Firefox – Gen Kanai's talks Server technologies Apache, PostgreSQL, Linux, BSD - tools that power the web, most mature Web specifications Driven from need for collaboration, but has value beyond it
- 7. What is OpenID ? OpenID is a specification that allows people to log into a web site using credentials provided by another web site. Distributed authentication
- 8. Key concepts User Identifier - unique identifier that will be reused at all sites Identity provider (OpenID Provider, IdP, Server) Relying party (Consumer)
- 9. As an end user You can reuse your username and password which sites that work as relaying parties (not all IPs are Rps – Facebook is the largest RP) Single place to maintain/update your identity Need to have an account with an identity provider
- 10. As a developer Exist mature libraries for many languages Build on the security expertise of others If you develop public websites OpenID as its gaining traction 500 million users, over 25,000 sites accept OpenID logins* Makes it easier for new users to join as they do not need to re-enter all information If you develop internal websites Can use OpenID as a form of SSO for multiple internal application - looses out of the “distributed” nature however * http://www.janrain.com/openid
- 15. What is OAuth? A simple open standard for delegated Web API authorization Let other sites access your data without telling them your password
- 16. Valet key for your web http://toyotaownersclub.com/forums/index.php?showtopic=77384
- 17. Key concepts End Users Share information between online services without disclosing passwords Web service (Service providers) Allow for secure access to your API in a user controlled, secure manner 3rd Party application (Consumers) A standard authorization scheme for the web
- 18. VS
- 20. OpenID vs OAuth Goals are different OpenID is about sharing a single identity with different consumers OAuth is about sharing your data with different consumers without sharing your identity Not mutually exclusive
- 21. Love triangle End user Service provider Consumer
- 26. As an end user, why bother? Never give your passwords to 3 rd party websites Even if not malicious, what if compromised ?
- 27. WTF ?!
- 28. “ Passwords are not confetti. Please stop throwing them around. Especially if they’re not yours ” Chris Messina http://www.slideshare.net/carsonified/how-oauth-and-portable-data-can-revolutionize-your-web-app-chris-messina-presentation/
- 29. As a developer, why bother? Large adoption - Goog, Y!, MySpace Interop - Leverage the services Can be used as a replacement for HTTP basic auth SSL might not be always necessary Part of the Open web stack Atompub + OpenID + OAuth + XRDS +OpenSocial
- 30. What is the Atom publication protocol (Atompub) ? A manner of updating Atom feed information on a server from a client The feed format is Atom Syndication format - RFC 4287 Atom publication protocol – RFC 5023
- 31. Key concepts Is a RESTful HTTP protocol – uses HTTP “correctly” Consists of Entry – basic unit of content Feed – a collection of entries
- 32. Allows for data beyond HTML The atom:content element allows for storing of more data then just HTML Being used as a way to expose data on the web Google has extended Atompub and the Atom syndication format to expose their applications data online
- 33. Microsoft as well has used it as the basis of the Live web services http://dev.live.com/blogs/devlive/archive/2008/02/27/213.aspx
- 34. Example
- 36. As a developer, why bother ? If you're building apps More web APIs are being exposed as an extension to Atompub or being built in a RESTful manner If you're exposing your building a web service/API Building your Web API on top of Atompub will ensure that it benefits from all the RESTful principles Allows your users to leverage existing tooling and know how in accessing Atompub or RESTful web services
- 37. OpenSocial A set of open, standard APIs for building social applications Widget/ Portal based Front ends are implemented in Javascript, HTML, CSS. Uses Javascript to query backends. Backends expose RESTful web APIs to query backends that return data either as JSON or Atom feeds. Leverages OAuth for security
- 38. Examples http://www.flickr.com/photos/29501676@N00/1826112130/
- 40. iGoogle – a non social site OpenSocial container
- 41. Google Friend Connect – A hosted OpenSocial solution
- 42. Applications available as part of Google Friend connect
- 43. Deals with proliferation of online social sites http://widgetsummit.com/media/slides/opensocial.pd f - Chris Schalk, Google Developer Advocate Paul Lindner, Engineering Manager, hi5
- 44. http://widgetsummit.com/media/slides/opensocial.pd f - Chris Schalk, Google Developer Advocate Paul Lindner, Engineering Manager, hi5
- 45. http://widgetsummit.com/media/slides/opensocial.pd f - Chris Schalk, Google Developer Advocate Paul Lindner, Engineering Manager, hi5
- 46. Key concepts Platforms that can run the OpenSocial widgets are called “containers” The containers expose a standard set of underlying data APIs People & Friends Access friends information programmatically Activities See what you’re friends are up to Share what you are doing Persistence Provide state without a server Share data with your friends
- 47. http://widgetsummit.com/media/slides/opensocial.pd f - Chris Schalk, Google Developer Advocate Paul Lindner, Engineering Manager, hi5 Javascript front end querying the data apis
- 48. http://widgetsummit.com/media/slides/opensocial.pd f - Chris Schalk, Google Developer Advocate Paul Lindner, Engineering Manager, hi5 Javascript front end accessing data from outside OpenSocial container
- 49. As a developer, why bother ? If you're building apps for social networks Huge deployment 375,000,000 users , 4,500+ apps, pipeline of 100+ containers world wide http://widgetsummit.com/media/slides/opensocial.pd f - Chris Schalk, Google Developer Advocate Paul Lindner, Engineering Manager, hi5
- 50. If you're building a web app Provide social features in your software Automatically get access to all these potential gadgets Even companies like SAP and Oracle are looking at ways to integrate social type features into their application http://www.sapweb20.com/blog/2009/05/sap-and-open-social-at-the-google-io-developer-conference/
- 51. Leverage existing implementations Apache shindig http://incubator.apache.org/shindig/ Being used by HI5 Glassfish socialsite https://socialsite.dev.java.net/http://incubator.apache.org/
- 52. Summary The technologies are being built on top of each other – Open Web stack – many more interesting open web specs being developed http://developer.yahoo.net/blog/archives/2008/12/the_open_stack.html
- 53. Great engineering work, learnings applicable outside of original use cases Community driven specifications work All the engineering happens on mailing lists, forums, wikis – anybody can participate, meritocratic Don't necessarily need to roll your own – lookout for existing open specs – participate If there is really a need – suggest to existing groups and get feedback
- 54. Thank you!