Introduction To Open Web Protocols
-
Upload
mohanaraj-gopala-krishnan -
Category
Technology
-
view
4.973 -
download
1
description
Transcript of Introduction To Open Web Protocols
![Page 1: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/1.jpg)
Introduction to Open Web Protocols
(Open ID, OAuth, Atompub and OpenSocial)
Mohanaraj Gopala KrishnanMSCOSCONF 2 June 2009mohangk.org/blog@mohangk on twitter
![Page 2: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/2.jpg)
Questions for you• Experience using or developing any of the following services ?
• OpenID, Oauth, Atompub or OpenSocial ?
• Might not even know about it ?
• Under the hood technologies
• User your Gmail / Yahoo password on more then one site ?
• Use a twitter client that makes you login via twitter website ?
• Blog using a client – e.g. Windows Live Writer
• Use any of Google APIs – Gmail, Youtube, Docs
• Use applications on Orkut, Friendster, MySpace or Ning ?
![Page 3: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/3.jpg)
What do we mean by the Open Web ?
http://www.fickr.com/photos/mag3737/1914076277
![Page 4: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/4.jpg)
The open web is a set of philosophies
• Decentralization - not owned by any one company
• Transparency - view the “source”
• Openness - The protocols, docs, code or specifcation must be available without penalty of patents, copyright
• User choice - As easy to leave as it was to join - take data and information with you
• 3rd Party Integration/Innovation - hook into the system at all levels, innovate without asking permission
• Civil Society and Discourse - many-to-many and one-to-many communication, allowing for millions of conversations
![Page 5: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/5.jpg)
Not about technologies"...However, if we defne the Open Web in terms of these technologies,then we risk losing sight of what makes the web special and being able to havethe intellectual nimbleness to evolve the infrastructure of the web."
-Brad Neuberg, Dojo, Google Gears developerhttp://www.fickr.com/photos/uhop/2250235637
http://codinginparadise.org/weblog/2008/04/whats-open-web-and-why-is-it-important.html
![Page 6: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/6.jpg)
Having said that,• This is a talk about the web specifcations that embody those
philosophies
• Open Web technologies being developed on many fronts
• Client end
• Browser - Firefox – Gen Kanai's talks
• Server technologies
• Apache, PostgreSQL, Linux, BSD - tools that power the web, most mature
• Web specifcations
• Driven from need for collaboration, but has value beyond it
![Page 7: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/7.jpg)
What is OpenID ?
•OpenID is a specifcation that allows people to log into a web site using credentials provided by another web site.
•Distributed authentication
![Page 8: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/8.jpg)
Key concepts
•User
• Identifer - unique identifer that will be reused at all sites
• Identity provider (OpenID Provider, IdP, Server)
•Relying party (Consumer)
![Page 9: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/9.jpg)
As an end user• You can reuse your username and password which sites that
work as relaying parties (not all IPs are Rps – Facebook is the largest RP)
• Single place to maintain/update your identity
• Need to have an account with an identity provider
![Page 10: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/10.jpg)
As a developer• Exist mature libraries for many languages
• Build on the security expertise of others
• If you develop public websites
• OpenID as its gaining traction 500 million users, over 25,000 sites accept OpenID logins*
• Makes it easier for new users to join as they do not need to re-enter all information
• If you develop internal websites
• Can use OpenID as a form of SSO for multiple internal application - looses out of the “distributed” nature however
* http://www.janrain.com/openid
![Page 11: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/11.jpg)
OpenID fow
www.johnmerrells.com/.../05/openid-diagram-1.png
![Page 12: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/12.jpg)
![Page 13: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/13.jpg)
![Page 14: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/14.jpg)
![Page 15: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/15.jpg)
What is OAuth?
•A simple open standard for delegated Web API authorization
•Let other sites access your data without telling them your password
![Page 16: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/16.jpg)
Valet key for your web
http://toyotaownersclub.com/forums/index.php?showtopic=77384
![Page 17: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/17.jpg)
Key concepts
• End Users
• Share information between online services without disclosing passwords
• Web service (Service providers)
• Allow for secure access to your API in a user controlled, secure manner
• 3rd Party application (Consumers)
• A standard authorization scheme for the web
![Page 18: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/18.jpg)
VS
![Page 19: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/19.jpg)
http://www.fickr.com/photos/leelefever/133949029/
![Page 20: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/20.jpg)
OpenID vs OAuth
•Goals are different
•OpenID is about sharing a single identity with different consumers
•OAuth is about sharing your data with different consumers without sharing your identity
•Not mutually exclusive
![Page 21: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/21.jpg)
Love triangle
End user
Service provider Consumer
![Page 22: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/22.jpg)
http://www.fickr.com/photos/factoryjoe/2658493767/
![Page 23: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/23.jpg)
http://www.fickr.com/photos/factoryjoe/2659323294/
![Page 24: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/24.jpg)
http://www.fickr.com/photos/factoryjoe/2659323294/
![Page 25: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/25.jpg)
http://www.fickr.com/photos/factoryjoe/2658497753/
![Page 26: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/26.jpg)
As an end user, why bother?
•Never give your passwords to 3rd party websites
•Even if not malicious, what if compromised ?
![Page 27: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/27.jpg)
WTF ?!WTF ?!
![Page 28: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/28.jpg)
“Passwords are not confetti. Please stop throwing them around.
Especially if they’re not yours”
Chris Messina http://www.slideshare.net/carsonifed/how-oauth-and-portable-data-can-revolutionize-your-web-app-chris-messina-presentation/
![Page 29: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/29.jpg)
As a developer, why bother?
•Large adoption - Goog, Y!, MySpace
• Interop - Leverage the services
•Can be used as a replacement for HTTP basic auth
• SSL might not be always necessary
•Part of the Open web stack
• Atompub + OpenID + OAuth + XRDS +OpenSocial
![Page 30: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/30.jpg)
What is the Atom publication protocol (Atompub) ?
• A manner of updating Atom feed information on a server from a client
• The feed format is Atom Syndication format - RFC 4287
• Atom publication protocol – RFC 5023
![Page 31: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/31.jpg)
Key concepts• Is a RESTful HTTP protocol – uses HTTP “correctly”
• Consists of
• Entry – basic unit of content
• Feed – a collection of entries
![Page 32: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/32.jpg)
Allows for data beyond HTML• The atom:content element allows for storing of more data
then just HTML
• Being used as a way to expose data on the web
Google has extended Atompub and theAtom syndication format to expose their applications data online
![Page 33: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/33.jpg)
•Microsoft as well has used it as the basis of the Live web services
http://dev.live.com/blogs/devlive/archive/2008/02/27/213.aspx
![Page 34: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/34.jpg)
Example
![Page 35: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/35.jpg)
![Page 36: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/36.jpg)
As a developer, why bother ?• If you're building apps
• More web APIs are being exposed as an extension to Atompub or being built in a RESTful manner
• If you're exposing your building a web service/API
• Building your Web API on top of Atompub will ensure that it benefts from all the RESTful principles
• Allows your users to leverage existing tooling and know how in accessing Atompub or RESTful web services
![Page 37: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/37.jpg)
OpenSocial• A set of open, standard APIs for building social applications
• Widget/ Portal based
• Front ends are implemented in Javascript, HTML, CSS. Uses Javascript to query backends.
• Backends expose RESTful web APIs to query backends that return data either as JSON or Atom feeds.
• Leverages OAuth for security
![Page 38: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/38.jpg)
Examples
http://www.fickr.com/photos/29501676@N00/1826112130/
![Page 40: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/40.jpg)
iGoogle – a non social site OpenSocial container
![Page 41: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/41.jpg)
Google Friend Connect – A hosted OpenSocial solution
![Page 42: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/42.jpg)
Applications availableas part ofGoogle Friend connect
![Page 43: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/43.jpg)
Deals with proliferation of online social sites
http://widgetsummit.com/media/slides/opensocial.pdf - Chris Schalk, Google Developer Advocate Paul Lindner, Engineering Manager, hi5
![Page 44: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/44.jpg)
http://widgetsummit.com/media/slides/opensocial.pdf - Chris Schalk, Google Developer Advocate Paul Lindner, Engineering Manager, hi5
![Page 45: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/45.jpg)
http://widgetsummit.com/media/slides/opensocial.pdf - Chris Schalk, Google Developer Advocate Paul Lindner, Engineering Manager, hi5
![Page 46: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/46.jpg)
Key concepts• Platforms that can run the OpenSocial widgets are called
“containers”
• The containers expose a standard set of underlying data APIs
• People & Friends
• Access friends information programmatically
• Activities
• See what you’re friends are up to
• Share what you are doing
• Persistence
• Provide state without a server
• Share data with your friends
![Page 47: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/47.jpg)
http://widgetsummit.com/media/slides/opensocial.pdf - Chris Schalk, Google Developer Advocate Paul Lindner, Engineering Manager, hi5
Javascript front end querying the data apis
![Page 48: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/48.jpg)
http://widgetsummit.com/media/slides/opensocial.pdf - Chris Schalk, Google Developer Advocate Paul Lindner, Engineering Manager, hi5
Javascript front end accessing data from outside OpenSocial container
![Page 49: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/49.jpg)
As a developer, why bother ?• If you're building apps for social networks
• Huge deployment
375,000,000 users , 4,500+ apps, pipeline of 100+ containers world wide
http://widgetsummit.com/media/slides/opensocial.pdf - Chris Schalk, Google Developer Advocate Paul Lindner, Engineering Manager, hi5
![Page 50: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/50.jpg)
• If you're building a web app
• Provide social features in your software
• Automatically get access to all these potential gadgets
• Even companies like SAP and Oracle are looking at ways to integrate social type features into their application
http://www.sapweb20.com/blog/2009/05/sap-and-open-social-at-the-google-io-developer-conference/
![Page 51: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/51.jpg)
• Leverage existing implementations
• Apache shindig
http://incubator.apache.org/shindig/
• Being used by HI5
• Glassfsh socialsite
https://socialsite.dev.java.net/http://incubator.apache.org/
![Page 52: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/52.jpg)
Summary • The technologies are being built on top of each other – Open
Web stack – many more interesting open web specs being developed
http://developer.yahoo.net/blog/archives/2008/12/the_open_stack.html
![Page 53: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/53.jpg)
• Great engineering work, learnings applicable outside of original use cases
• Community driven specifcations work
• All the engineering happens on mailing lists, forums, wikis – anybody can participate, meritocratic
• Don't necessarily need to roll your own – lookout for existing open specs – participate
• If there is really a need – suggest to existing groups and get feedback
![Page 54: Introduction To Open Web Protocols](https://reader033.fdocuments.in/reader033/viewer/2022042613/54584759af79594f558b52d5/html5/thumbnails/54.jpg)
Thank you!