Here are my relatively raw notes from the session with David Recordon, Chris Messina, and others.
People are tired of re-creating our data and friend lists on every new sites. We need to make it easier to move content from one site to another. Every website starts from scratch instead of building on things you have already created. This is why Facebook apps have been so successful – you can use the apps with your existing friends and existing information.
You don’t necessarily want all of the same friends on every service, and you don’t want to impose your new apps / sites on all of your friends by flooding them with friend requests. You may also want to message people on other services and integrate with various services so that you can use the sites you like, your friends use the ones they like, and both can still communicate and share information between them.
Who owns your friends email addresses? Do you have a right to port your friends email addresses from Facebook to Plaxo? You want to be able to contact your friends and easily find their email addresses without violating the privacy of your friends.
Terminology is getting confusing for people. Social networking, social graph, etc. The web is way more than terminology, it is really about the people and the experiences. Should we be using the terminology “friends”? Are these people your “friends”, are they contacts, etc.? There are many more interesting ways to frame it around actions (Dopplr with fellow travelers).
Contacts can be imported by giving them your email address and *password*. Do you really want to do this? Does it set users up to be phished?
Google released an address book api that can be used to get your contacts without giving away your email address and password.
Building blocks exist today to build portable social networks:
- hCard can be used to import contact information from other public services into another service. The point is to make it like magic: let them know what it does, what information would be shared, and how it will be used without necessarily confusing normal users with the terminology (leave it as a link or on an about page). Focus on explaining what you are doing for the user and not necessarily how you are going to do it. Also need to give people the option to only pull in certain contacts – just the ones that you want on a particular service.
- Need better ways to validate which accounts belong to a friend by following a trail of links. Is the David Recordon on Twitter the same one as the one on Facebook. Once you can specify your accounts and your friends accounts, you can also focus on using the same methods to bring in additional content and information. You are already creating the information, but adding some additional annotation around it makes it easier to find and make the data portable. Google social graph api is one way to do this – all based on public data.
- Enabling trust on the web with OpenID – you already have these accounts on the web, and OpenID is a good method of verifying your identity. You can use it to log in now and say who you are. If you have other profile information in your hCard, then the other site can discover it. But maybe you only want to share certain information.
- OAuth is more about authorization than authentication. Authorizing access to your resources using tokens to sign messages, like what you do with Flickr uploader by going to the Flickr site to log in and give the uploader authorization to access your photos. OAuth is really important for giving control to certain websites without giving them access to your username and password, which on Google would give them access Google Checkout in addition to mail / contacts. You can also revoke the tokens and not have to change your password to revoke access. A lot of the big players are moving in this direction.
These ideas are a big part of the evolution of the web. It will be difficult, but it’s a bit of tough love in the meantime.