This document summarizes an IBM Innovate 2013 session on open standards for social business apps. The session discussed several key open standards including ActivityStreams for event propagation, OAuth for authorization, OpenSocial for social APIs and mini-apps, and SAML for single sign-on. It provided examples of how these standards are used within IBM products and can be leveraged by partners to build social and mobile applications. The session also covered bringing the different standards together to support common use cases.
2. 2
Please note the following
IBM’s statements regarding its plans, directions, and intent are subject to change or
withdrawal without notice at IBM’s sole discretion.
Information regarding potential future products is intended to outline our general product
direction and it should not be relied on in making a purchasing decision.
The information mentioned regarding potential future products is not a commitment,
promise, or legal obligation to deliver any material, code or functionality. Information
about potential future products may not be incorporated into any contract. The
development, release, and timing of any future features or functionality described for our
products remains at our sole discretion.
Performance is based on measurements and projections using standard IBM
benchmarks in a controlled environment. The actual throughput or performance that any
user will experience will vary depending upon many factors, including considerations
such as the amount of multiprogramming in the user’s job stream, the I/O configuration,
the storage configuration, and the workload processed. Therefore, no assurance can be
given that an individual user will achieve results similar to those stated here.
3. 3
Agenda
Open Standards Used Within ICS
ActivityStrea.ms
OAuth
OpenSocial
SAML
Bringing It All Together
Partner Examples
4. 4
Most Used APIs (2012)
Mapping
Social
Search
Photos
Shopping
Video
Music
Telephony
Internet
Messaging
Source: Programmable Web 2012
5. 5
Social API Growth
2005 2006 2007 2008 2009 2010 2011 2012
0
50
100
150
200
250
300
350
400
450
500
Source: Programmable Web
6. 6
IBM leads with Open Standards
Maximizing integration possibilities
Enabling the next generation of socially-enabled
solutions to enhance customers' existing investments
and heterogeneous platforms
– Focus on open standards and “loosely coupled” web-centric
architectures
A commitment to drive and leverage open standards
– Maximize choice, flexibility, and ease of integration
– Drive enterprise innovation and leverage rapid innovation on
the public web
– Minimize incremental cost of targeting additional desktop and
mobile platforms
– Leverage dominant skill-sets based around web technologies
7. 7
HTML 5 and CSS3
As browsers evolve your apps can start to take advantage of the new features available in
HTML5 and CSS3
– XPages, Gadgets, iWidgets, Portlets, etc
New structural tags
– new media tags, canvas, local storage, geolocation
File Access
– Access to the local file system
Presentation
– CSS3 include many native styles which could only be achieved with JS libraries before
Connectivity
– Know whether you are online or offline
Storage
– Local storage is available in the browser
8. 8
Agenda
Open Standards For Social Apps
ActivityStrea.ms
OAuth
OpenSocial
SAML
Bringing It All Together
Partner Examples
9. 9
ActivityStrea.ms
The primary event propagation mechanism for
Social Business
Streams contain events and the means to act
upon them
Those means, for users to execute tasks
without a sovereign pivot, include embedded
experiences
The lead editor for the ActivityStream
specification JSON is James Snell from IBM
Implementations Include:
MySpace, Microsoft Windows
Live, Google Buzz, BBC,
Opera, TypePad, Gowalla,
Yammer, Gnip, SocialCast,
Superfeedr, Tibber, YIID
SmartCloud, Connections,
Notes/Domino, Rational Team
Concert, Sterling . . .
10. 10
Activity Streams Keep Your Users Up To Date
REST API and data model
backed by the OpenSocial
standard
– JSON data model - easy to use in
your web apps
3rd
party apps can post entries to
the activity stream
– Inside and outside of Connections
Integrate the Connections
activity stream into your apps
– This is how we integrate the
activity stream into Notes
– If your app is an OpenSocial
container you can render
embedded experiences too!
12. 12
Agenda
Open Standards For Social Apps
ActivityStrea.ms
OAuth
OpenSocial
SAML
Bringing It All Together
Partner Examples
13. 13
OAuth
Delegated Authorization provides a means
for interaction between gadgets
Can use a variety of authorization
mechanisms (SAML, etc.)
Cornerstone of security in Social Business
Rapidly evolving specification Implementations Include:
Facebook, MySpace, Microsoft
Windows Live, Google, BBC,
Opera, TypePad, Gowalla, Gnip,
SocialCast, Superfeedr, Tibber,
YIID, Cisco, Yammer, SAP, Jive,
Atlassian, IBM SmartCloud,
Yahoo, LifeRay, Oracle, Magneto,
Tibco Tibbr, Surfnet, Paypal . . .
SmartCloud, Connections,
Notes/Domino Social Edition,
Rational Team Concert, Tivoli,
Websphere, Sterling . .
14. 14
OAuth Step 1
User Partner Application OAuth Provider
Register application Provide client ID and secret
15. 15
OAuth Step 2
User Partner Application OAuth Provider
Open application
Redirect browser to OAuth
provider
Login to OAuth
provider
Append authorization code
to URL
Redirect browser callback
URL
16. 16
OAuth Step 3, 4, 5
User Partner Application OAuth Provider
Request access and
refresh token
Exchange authorization code
for access and refresh tokens
Request API access
using access token
Grant access to API
Make API call with
access token
Allow API access
Step 3
Step 4
Step 5
17. 17
OAuth...Authorization NOT Authentication
• It is important to remember OAuth stands for Open Authorization NOT Open
Authentication
– It allows you to authorize 3rd
party apps (like yours!) to access information on a user's behalf
– Don't reinvent the wheel, there are plenty of open source OAuth client implementations to use
• XPages Social Enabler
• IBM Social Business Toolkit
• Connections 4 is both an OAuth 2.0 provider and client
– All Connections APIs can be access via OAuth from your application
• IBM SmartCloud for Social Business is an OAuth 2.0 & 1.0a provider
– All SmartCloud for Social Business APIs can be access via OAuth from your application
• Notes and Domino Social Edition is an Oauth 2.0 & 1.0a client
18. 18
Agenda
• Open Standards For Social Apps
• ActivityStrea.ms
• OAuth
• OpenSocial
• SAML
• Bringing It All Together
• Partner Examples
19. 19
OpenSocial
• Social APIs and Mini Applications
(Gadgets)
• IBM has a leadership role including
– On the Board of Directors
– Committers on Apache Shindig
– Has been instrumental in drafting the
OpenSocial 2.0 & 2.5 specification
– Invented and gave to the community
Embedded Experiences and many,
many more capabilities
– Provided enterprise extensions
Implementations Include: Cisco, SAP,
Jive, Atlassian, IBM SmartCloud,
Google, Yahoo, MySpace, LifeRay,
Oracle, Magneto, Tibco Tibbr,
Surfnet, Paypal . . .
SmartCloud, IBM Connections, IBM
Notes/Domino®, Rational Team
ConcertTM
, Sterling. . .
20. 20
Using OpenSocial
• OpenSocial is used today in Connections, Notes and Domino Social Edition, and IBM
SmartCloud for Social Business
• You can use OpenSocial gadgets as your application model or as a component to your
application
• The same gadgets will render in Notes, iNotes, and Connections....build it once run it
across the portfolio!
• Embedded experiences give you an enhanced notification model for your applications
and they are backwards compatible!
• Technology agnostic, its just web technologies use what you want!
– Dojo, JQuery, and other JavaScript libraries
21. 21
Notifications With Embedded Experiences
Gadget
Action
Taken In
Your App
Your App
Standard
MIME Email
Activity Entry
EE Data
Model
22. 22
Embedded Experiences
• Changing the way you get notifications
– The goal is to make notifications more useful and interactive
– Supported in email and activity streams
• IBM Connections, IBM Connections Mail, IBM Notes 9, IBM iNotes 9
• JSON + XML
• Two types
– Gadget + Context data
{
"gadget" :
"http://www.socialnetwork.com/embedded/commentgadget.xml",
"context" : 123
}
– URL
{
“url” : “http://domino.com/myxpage.xsp”
}
23. 23
Email Embedded Experience
From: notifications@socialnetwork.com
To: johndoe@example.com
Subject: Social Network: Mary Has Commented On Your Status
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="XXXXboundary text"
Mary has commented on your status.
--XXXXboundary text
Content-Type: text/plain
Mary has commeneted on your status.
--XXXXboundary text
Content-Type: text/html
<html>
<!-- HTML representation here -->
</html>
--XXXXboundary text
Content-Type: application/embed+json
{
"gadget" : "http://www.socialnetwork.com/embedded/commentgadget.xml",
"context" : 123
}
26. 26
Agenda
• Open Standards For Social Apps
• ActivityStrea.ms
• OAuth
• OpenSocial
• SAML
• Bringing It All Together
• Partner Examples
27. 27
SAML
• SAML is a SSO standard published by OASIS
• XML-based framework for communicating user authentication, entitlement, and attribute
information
• The user is then authenticated with every application that also uses the IdP
– Domino and Websphere both support SAML
– Use an IdP such as IBM Tivoli Access Manager, Tivoli Federated Identity Manager or Microsoft
Active Directory Federation Services
• Benefits
– Platform neutrality
– Loose coupling of directories
– Improved online experience for end users
– Reduced administrative costs for service providers
– Risk transference
28. 28
SAML For ICS Developers
WAS App
Domino
App
Idp
3rd
Party
App
3rd
Party
App
Login
SAML
Assertion
29. 29
Agenda
• Open Standards For Social Apps
• ActivityStrea.ms
• OAuth
• OpenSocial
• SAML
• Bringing It All Together
• Partner Examples
30. 30
Common Standards Based Use Cases
• HTML 5
– Leverage HTML5 (if you can) in your web apps, XPages, iWidgets, OpenSocial Gadgets, J2EE
apps
• ActivityStrea.ms
– Apps should try to leverage the activity stream in Connections 4 as a notification mechanism for
your users social network
– Provide embedded experiences to make your notifications more interactive
• Use OAuth instead of basic auth
– OAuth is more secure than basic auth so where possible take advantage of it in Connections 4
and SmartCloud
– Use the IBM Social Business Toolkit SDK, the XPages Social Enabler to make using OAuth
easier
• OpenSocial
– Use gadgets for embedded experiences in email and activity stream notifications to make them
more interactive
– Build a gadget for your app to allow cross product integration
31. 31
Bringing It All Together
SAML
Assertion
Cookie
Social
Networking
Social
Messaging
Social Apps
Idp
32. 32
Agenda
• Open Standards For Social Apps
• ActivityStrea.ms
• OAuth
• OpenSocial
• SAML
• Bringing It All Together
• Partner Examples
33. 33
Kudos Badges for IBM Connections
Kudos Badges -
Measure, Reward &
Drive Adoption of IBM
Connections
Kudos Thanks - Peer
to Peer Recognition
Kudos Analytics –
Report & Measure
Connections usage
and behavior
Native Integration for
Connections with
iWidget, OpenSocial,
Mobile & Embedded
Experience Support
kudosbadges.com sales@kudosbadges.com
34. 34
iEnterprises / Social Smart Software
Social and Mobile Software
i-Comply Social Media
Compliance Software
i-Comply Social Media Brand
Management
Extends IBM Connections
To Facebook
To LinkedIn
To Twitter
IBM Notes 9 Integration
Embedded Experience
Widgets
John Carini, CEO
jcarini@ienterprises.com
36. 36
Daily Apple TV giveaway
Complete your session surveys online each day at a conference kiosk or on
your Innovate 2013 Portal!
Each day that you complete all of that day’s session surveys, your name will
be entered to win the daily Apple TV!
On Wednesday be sure to complete your full conference evaluation to receive
your free conference t-shirt!
Author Notes: This is the PowerPoint template for the Innovate 2013 Track Sessions This template has been built in PowerPoint 2003. If you’re using PowerPoint 2007 or above, you may experience different usability results than what is provided as guidance here. To allow all masters of your exiting presentation to be updated correctly, download this template to your hard drive and copy your existing slides into the new template using slide sorter. IBMers can find additional information on presentation guidelines and resources at: https://w3-connections.ibm.com/wikis/home?lang=en-us#!/wiki/Rational%20Presentation%20Templates,%20Guidelines,%20and%20Resources IBM Rational presenters can leverage existing brand-level assets and sparklers (including Rational Brand Messaging Slides, Client Success Slides and Client Quotes, Statistics) from SSW’s Brand Content Page: https://w3-03.sso.ibm.com/software/xl/myportal/content?synKey=R789607U42052O71 Imagery guidelines: Avoid using cartoon like clip-art, use photo-art instead. Third party material cannot be used in a presentation without written permission (this includes product and Web page screen shots, and photos). Images must be acquired from a ‘royalty-free to use’ source such as: Microsoft or Lotus Symphony Clip Art library http://www.freebyte.com/clipart_images_photos_icons/#freevectorgraphics http://www.freedigitalphotos.net/ IBMers can use royalty-free images from the following repositories : IBM Brand Systems Center / Assets / Photography Login instructions: https://w3-connections.ibm.com/forums/html/topic?id=c1082624-e54c-4e04-bad1-ddb150ac7540 IBM Software Story Images https://w3-connections.ibm.com/files/app#/collection/b7570645-b2f8-4450-a27f-9269a163fc2d IBM Rational Presentation Image Library: https://w3-connections.ibm.com/wikis/home?lang=en_US#!/wiki/Rational%20Presentation%20Templates,%20Guidelines,%20and%20Resources/page/Presentation%20Image%20Library
IBM IOD 2011 05/02/13 Prensenter name here.ppt 05/02/13 21:28 Please note the following IBMers must include the next slide (verbatim) after your title slide. IBMers must also include the mandatory “Acknowledgements and Disclaimers” slide (see slide 10) at the end of your presentation before the closing “Thank You” slide. - You will need to customize the “Acknowledgements and Disclaimers” text in red appropriately.
Optional slide. Graphic is available in English only.
Optional slide. Graphic is available in English only.
Giveaway Slide
IBM IOD 2011 05/02/13 Prensenter name here.ppt 05/02/13 21:28 Mandatory closing slide (1 of 2) Acknowledgements and disclaimers IBMers must include This mandatory “Acknowledgements and Disclaimers” slide at the end of your presentation before the closing “Thank You” slide. - You will need to customize the “Acknowledgements and Disclaimers” text in red appropriately.
Mandatory closing slide (2 of 2) Thank You Slide (available in English only).