In response to the looming threat of ClosedPrivate, Kevin Marks of Google dropped in for a surprise talk on OpenSocial. He’s part of the NSA (Not Search or Apps) team, and wanted to give us an idea of what OS is all about. He started off by quickly running through the campfire presentation, and stressing that the aim was a common social api across many sites. The goal is to bring a social context to applications, to personalize them based on social graphs. He wants to bring media, filtered by the apps logic, so you can see what your friends are reading and you might be interested in.
Talking about the problems of bad actors in social networks, he quoted Douglas Adams; "Of course you can’t ‘trust’ what people tell you on the web anymore than you can ‘trust’ what people tell you on megaphones, postcards or in restaurants. Working out the social politics of who you can trust and why is, quite literally, what a very large part of our brain has evolved to do."
There was an API overview, which Eric hurried him through to get to the meaty non-technical discussion. The first question was about where OpenSocial came from? Kevin’s answer was that it came from two sources; the desire to easily add features to Orkut without having the pain of changing server code, and being inspired by what was possible in Google Gadgets.
The next was how mature Kevin thought the API was? His answer was that you can do things with it, but only just!
Another tough question was about how the security model worked? Kevin replied that this was currently defined by the container, but agreed this was non-ideal. He explained the dilemma Google has with sites asking users for their mail names and passwords, it’s a big security headache. The only solution going forward is to make sure that the secure method is easier to use than the unsecure, but it’s not clear how this will be done.
When asked about possible container services, such as message sending or common UI elements, Kevin thought they’d be a nice feature, but was noncommittal.
One of the audience wondered why any other social networks would want to sign up for OpenSocial? His reply was that supporting it would make it easier for users to get interesting features.
He was asked if the friends model extended IM, and he thought it was simplistic enough at the moment to map. He also suggested avoiding an email address as a primary key, since most people have multiple email addresses. When asked about adding friends through the API, he replied that it was just a query mechanism on top of the other networks, since that was a lot easier to figure out. He agreed that security was an even bigger issue than normal, since you’re giving access to your friend’s personal information to any malicious code too.
The question came up of what objections he’d had to overcome from the social networks, and whether fears of their whole graphs being downloaded were a problem? The biggest problem they’d run into was the user id namespaces filling up. On that topic, he suggested an important use might be the delegation of user registration and authentication to a third party social network, for services that don’t want to implement that infrastructure.
As a final point, Ross Mayfield brought up the question of the possibility of malicious containers made the problem of bad actors an order of magnitude worse?