A brief overview of the open source technologies available for building social applications on top of social containers such as YAP, iGoogle, Orkut, MySpace, etc.
4. 4 RockYou! User Database Hacked “In December 2009, an attacker breached the company's database of usernames and passwords of its 32 million users.” Techweet: http://www.techweet.com Zynga Threatens to Leave Facebook “Zynga was threatening to leave Facebook altogether in the wake of Facebook's requiring exclusive use of Facebook credits for monetization in applications.” TechCrunch: http://www.techcrunch.com Spammers Running Wild In Latest MySpace Phishing Attack “…suggesting that the site has fallen prey to a security exploit that grants spammers access to accounts.” TechCrunch: http://www.techcrunch.com
The social graph is the user footprint on the web. We are no longer living in the days when our online and real lives are separate. Developers can leverage off of this data to personalize and target applications for specific users.
Why would you ever want to build an application in such a hostile space? One main reason:When you first deploy your application you have the potential to reach the huge network of users on the existing platform, allowing you to build a user base very quickly – much more so than in traditional software development.
There are generally four layers that developers need to be concerned about when working in this space, all addressed by open source technologies.
OpenSocial is a project which seeks to standardize the approach to accessing user social data on a platform.Shindig is an apache project which allows OpenSocial gadgets (or apps) to render in a container.
OAuth is an open source project which is used to allow users to permission applications to perform actions or capture user data on their behalf. OpenID is a project which is used to take your social identity off the social networks and expose it, using a single sign-on username and password, to third parties.
Traditionally, applications are secured by serving them up within iframes. They are simple to create / maintain and provide full content control for developers. The problem is that they are not secure and allow a host of XSS attacks on a container.Caja, a Google created open project, seeks to sandbox applications on a container to provide a layer of security on the container from applications. It rewrites front-end JavaScript, HTML and CSS to sanitize the code running on a platform and provides a sanitized version of the DOM to the application without allowing it to reach out to the real DOM.
Links to the projects and platforms we talked about during this presentation