OpenSocial

Last updated

OpenSocial
Initial releaseNovember 1, 2007;16 years ago (2007-11-01)
Stable release
2.5.1 / August 30, 2013 (2013-08-30)
Written in Java, PHP, C#, JavaScript, HTML
Type Web application framework
License Apache License 2.0
Website opensocial.org

OpenSocial is a public specification that outlines a set of common application programming interfaces (APIs) for web applications. Initially designed for social network applications, it was developed collaboratively by Google, MySpace and other social networks. It has since evolved into a runtime environment that allows third-party components, regardless of their trust level, to operate within an existing web application.

Contents

The OpenSocial Foundation has integrated or supported various Open Web technologies, including OAuth and OAuth 2.0, Activity Streams, and Portable Contacts. Since its inception on November 1, 2007, [1] applications that implement the OpenSocial APIs can interoperate with any social network system that supports them.

OpenSocial initially adopted a universal approach to development. As the platform matured and the user base expanded, it was modularized, allowing developers to include only necessary components of the platform. [2] Orkut, a Google client, was the first to support OpenSocial. [3]

On December 16, 2014, the World Wide Web Consortium (W3C) announced that the OpenSocial Foundation would transition its standards work to the W3C Social Web Activity. [4] This effectively integrated OpenSocial into the W3C’s Social Web Working Group and Social Interest Group, thereby dissolving OpenSocial as a separate entity.

Structure

Structure of OpenSocial Opensocial.jpg
Structure of OpenSocial

OpenSocial was rumored to be part of a larger social networking initiative by Google code-named "Maka-Maka", which is defined as meaning an "intimate friend with whom one is in terms of receiving and giving freely" in Hawaiian.

In its 0.9 version, OpenSocial incorporated support for a tag-based language. [6] known as OSML. This language facilitates tag-based access to data from the OpenSocial APIs, which previously necessitated an asynchronous client-side request. Additionally, it established a comprehensive tag template system and adopted an expression language that is loosely based on the Java Expression Language.

From version 2.0 onwards, OpenSocial began supporting the Activity Streams format. [6]

History

Background

OpenSocial is commonly described as a more open cross-platform alternative to the Facebook Platform, a proprietary service of the popular social network service Facebook. [7]

Development

OpenSocial was rumored to be part of a larger social networking initiative by Google code-named "Maka-Maka", [8] which is defined as meaning an "intimate friend with whom one is in terms of receiving and giving freely" in Hawaiian. [9]

Implementation

An open-source project, Shindig, was launched in December 2007 to provide a reference implementation of the OpenSocial standards. It has the support of Google, Ning, and other companies developing OpenSocial-related software. The Myspace OpenSocial parser was released as project Negroni in January 2011 and provides a C#--based implementation of OpenSocial.

Apache Rave is a lightweight and open-standards-based extensible platform for using, integrating and hosting OpenSocial and W3C Widget-related features, technologies and services. It will also provide strong context-aware personalization, collaboration and content integration capabilities and a high-quality out-of-the-box installation as well as be easy into integrate in other platforms and solutions. [10]

Both Shindig and Apache Rave are no longer in development and have been retired by the Apache Foundation.

Usage

Enterprise websites, such as Friendster, hi5, LinkedIn, MySpace, Orkut, and Salesforce.com are major users of OpenSocial. [11]

Friendster

Friendster has deployed APIs from version 0.7 of the OpenSocial specification, making it easy for existing OpenSocial applications using version 0.7 to be launched on Friendster and reach Friendster over 75 million users. Friendster also plans to support additional OpenSocial APIs in the coming months, including the new 0.8 APIs. [12]

hi5

hi5 taps Widgetbox support for OpenSocial to get access to the choice of web widgets Widgetbox provides. [13]

MySpace

Myspace Developer Platform (MDP) is based on the OpenSocial API. It supports social networks to develop social and interacting widgets. It can be seen as an answer to Facebook's developer platform. [14]

Security issues

Initial OpenSocial support experienced vulnerabilities in security, with a self-described amateur developer demonstrating exploits of the RockYou gadget on Plaxo, and of Ning social networks using the iLike gadget. [15] As reported by TechCrunch on November 5, 2007, OpenSocial was quickly cracked. The total time to crack the OpenSocial-based iLike on Ning was just 20 minutes, with the attacker being able to add and remove songs on a user's playlist and access the user's friend information. [16]

Häsel and Iacono showed that “OpenSocial specifications were far from being comprehensive in respect to security”. [17] They discussed different security implications in the context of OpenSocial. They introduced possible vulnerabilities in Message Integrity and Authentication, Message Confidentiality, and Identity Management and Access Control.

Release versions

Criticism of initial release

Despite the initial fanfare & news coverage, OpenSocial encountered many issues initially; it only ran on the Google-owned Orkut, and only with a limited number of devices, with multiple errors reported on other devices. Other networks were still looking into implementing the framework.

On December 6, TechCrunch followed up with a report by MediaPops founder Russ Whitman, who said "While we were initially very excited, we have learned the hard way just how limited the release truly is." Russ added that "core functionality components" are missing and that "write once, distribute broadly" was not accurate. [18]

Legend:   Discontinued  Current

VersionRelease dateRelease notes
2.5.1 [19] August 30, 2013 View Release Notes
2.5.0 [20] August 28, 2012 View Release Notes
2.0.1 [21] November 23, 2011 View Release Notes
2.0.0 [22] August 18, 2011 View Release Notes
1.1.0 [23] November 18, 2010 View Release Notes
1.0.0 [2] March 9, 2010 View Release Notes
0.9.0 [24] April 15, 2009 View Release Notes
0.8.1 [25] September 25, 2008 View Release Notes
0.8.0 [26] May 27, 2008 View Release Notes
0.7.0 [27] January 25, 2008 View Release Notes
0.6.0 [28] December 21, 2007 View Release Notes
0.5.0 [29] November 9, 2007 View Release Notes

Version 2.5.1

Changes to the REST API were made to address several issues that required changes in the OpenSocial specifications so the Open Mobile Alliance could use it.. [19]

Version 2.5.0

Common Containers were added that provided "a set of common services that Container developers can leverage for features like in-browser Gadget lifecycle event callbacks, Embedded Experiences, selection handlers, and action handlers." [20] A new Metadata API gives OpenSocial applications the ability to adapt to the capabilities of different OpenSocial containers. The WAP authentication extension was deprecated.

Version 2.0.1

OAuth 2.0 support was finalized in this version of OpenSocial. [21]

Version 2.0.0

OpenSocial introduced support for Activity Streams. JSON had emerged as the preferred data format and support for ATOM was deprecated. The Gadget format was simplified to give the ability to define a template library within a Gadget specification. [22] While not finalized, the groundwork for OAuth 2.0 support was put in place.

Version 1.1.0

In response to enterprise environment needs, OpenSocial added support for advanced mashup scenarios. It enabled gadgets to "securely message each other in a loosely coupled manner." [23] This new feature was called Inter-Gadget Communication.

Version 1.0.0

OpenSocial acknowledged that the "one-size-fits-all" approach it was taking was not going to work for the diverse types of websites that had adopted the platform. To address this issue, OpenSocial is modularized into four compliance modules: Core API Server, Core Gadget Server, Social API Server, and Social Gadget Server. [2] This allowed a developer to pick and choose the modules they wanted to use while using other services that aren't part of OpenSocial. Extensions were introduced to allow developers to extend OpenSocial containers.

Version 0.9.0

In response to feedback and observation of how developers were using the API, this version focused on making "application development, testing, and deployment easier and faster, while reducing the learning curve for new app developers." [24] The OpenSocial Javascript API was streamlined to make it lightweight while retaining the power of the old Javascript API. Proxied content was introduced to eliminate the need for developers to work around previous AJAX limitations. Proxied content allows content to be fetched from a URL and displayed in a <Content> tag. In response to a common use of sending data to a remote server immediately after a request, OpenSocial 0.9.0 introduced data pipelining. Data pipelining allows the developer to specify the social data the application will need and make the data immediately available. OpenSocial Templates were introduced to create data-driven UI with a separation of markup and programmatic logic. OpenSocial Markup Language (OSML Markup) is a new set of standardized tags to accomplish common tasks or safely perform normally unsafe operations within templates. OSML is extensible. Developers can create a library of their own custom tags.

Version 0.8.1

This minor release placed a major focus on server-to-server protocols as "the Person schema has been aligned with the Portable Contacts effort, and an optional RPC proposal has been added." [25] JSON-RPC protocol was added to increase server to server functionality. The RESTful protocol that was introduced in v0.8.0 underwent a large revision with several fields being added, modified, and deleted.

Version 0.8.0

OpenSocial changed specifications for containers to implement a RESTful API. Many of the OpenSocial Javascript API changes made this version incompatible with previous versions. Existing gadgets continued to use v0.7.0. After updating the gadget, it would use v0.8.0. Security improved with the introduction of OAuth authorization and HTML sanitation, and container lifecycle events. [26] Persistence data was stored in JSON.

Version 0.7.0

Released as the "first iteration that can fully support rich, social applications." [27] It added several standard fields for profile information, the ability to send a message to install an application, an Activity template to control activity notifications about what users have been doing, and a simplified persistence API to use feeds instead of global and instance-scoped application data. Another major announcement came from Apache Shindig. Apache Shindig-made gadgets open-sourced. In coordination with this announcement, OpenSocial 0.7.0 introduced Gadget Specifications for developers to be able to define their gadgets using the Gadget API.

Version 0.6.0

Security was a large focus in version 0.6.0. Permission controls were tightened to prevent a gadget from returning information if it is not authorized to do so. New classes were added, such as the Environment class to allow a gadget to respond differently according to its environment and the Surface class to support navigation from one surface to another. The Activities class was simplified based on developer needs and the Stream class was deprecated. [28]

Version 0.5.0

Google announced the launch of OpenSocial with a pre-release of version 0.5.0. While unstable, this API introduced "various XML DTDs, Javascript interfaces and other data structures" [29] to the OpenSocial platform.

Related Research Articles

Google Developers is Google's site for software development tools and platforms, application programming interfaces (APIs), and technical resources. The site contains documentation on using Google developer tools and APIs—including discussion groups and blogs for developers using Google's developer products.

<span class="mw-page-title-main">HTML5</span> Fifth and previous version of HyperText Markup Language

HTML5 is a markup language used for structuring and presenting hypertext documents on the World Wide Web. It was the fifth and final major HTML version that is now a retired World Wide Web Consortium (W3C) recommendation. The current specification is known as the HTML Living Standard. It is maintained by the Web Hypertext Application Technology Working Group (WHATWG), a consortium of the major browser vendors.

The Sun Java System Portal Server is a component of the Sun Java Platform, Enterprise Edition, a software system that supports a wide range of enterprise computing needs.

OAuth is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by companies such as Amazon, Google, Meta Platforms, Microsoft, and Twitter to permit users to share information about their accounts with third-party applications or websites.

A software widget is a relatively simple and easy-to-use software application or component made for one or more different software platforms.

WebRTC is a free and open-source project providing web browsers and mobile applications with real-time communication (RTC) via application programming interfaces (APIs). It allows audio and video communication and streaming to work inside web pages by allowing direct peer-to-peer communication, eliminating the need to install plugins or download native apps.

<span class="mw-page-title-main">BaseX</span> XML database management and query system

BaseX is a native and light-weight XML database management system and XQuery processor, developed as a community project on GitHub. It is specialized in storing, querying, and visualizing large XML documents and collections. BaseX is platform-independent and distributed under the BSD-3-Clause license.

Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context. It is a Candidate Recommendation of the W3C working group on Web Application Security, widely supported by modern web browsers. CSP provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on that website—covered types are JavaScript, CSS, HTML frames, web workers, fonts, images, embeddable objects such as Java applets, ActiveX, audio and video files, and other HTML5 features.

HTML audio is a subject of the HTML specification, incorporating audio input, playback, and synthesis, all in the browser.

User-Managed Access (UMA) is an OAuth-based access management protocol standard for party-to-party authorization. Version 1.0 of the standard was approved by the Kantara Initiative on March 23, 2015.

Distributed social network projects generally develop software, protocols, or both.

Google APIs are application programming interfaces (APIs) developed by Google which allow communication with Google Services and their integration to other services. Examples of these include Search, Gmail, Translate or Google Maps. Third-party apps can use these APIs to take advantage of or extend the functionality of the existing services.

The OpenAPI Specification, previously known as the Swagger Specification, is a specification for a machine-readable interface definition language for describing, producing, consuming and visualizing web services. Previously part of the Swagger framework, it became a separate project in 2015, overseen by the OpenAPI Initiative, an open-source collaboration project of the Linux Foundation.

Media Source Extensions (MSE) is a W3C specification that allows JavaScript to send byte streams to media codecs within web browsers that support HTML video and audio. Among other possible uses, this allows the implementation of client-side prefetching and buffering code for streaming media entirely in JavaScript. It is compatible with, but should not be confused with, the Encrypted Media Extensions (EME) specification, and neither requires the use of the other, although many EME implementations are only capable of decrypting media data provided via MSE.

Brotli is a lossless data compression algorithm developed by Google. It uses a combination of the general-purpose LZ77 lossless compression algorithm, Huffman coding and 2nd-order context modelling. Brotli is primarily used by web servers and content delivery networks to compress HTTP content, making internet websites load faster. A successor to gzip, it is supported by all major web browsers and has become increasingly popular, as it provides better compression than gzip.

Universal 2nd Factor (U2F) is an open standard that strengthens and simplifies two-factor authentication (2FA) using specialized Universal Serial Bus (USB) or near-field communication (NFC) devices based on similar security technology found in smart cards. It is succeeded by the FIDO2 Project, which includes the W3C Web Authentication (WebAuthn) standard and the FIDO Alliance's Client to Authenticator Protocol 2 (CTAP2).

<span class="mw-page-title-main">WebAssembly</span> Cross-platform assembly language and bytecode designed for execution in web browsers

WebAssembly defines a portable binary-code format and a corresponding text format for executable programs as well as software interfaces for facilitating interactions between such programs and their host environment.

WebXR Device API is a Web application programming interface (API) that describes support for accessing augmented reality and virtual reality devices, such as the HTC Vive, Oculus Rift, Oculus Quest, Google Cardboard, HoloLens, Apple Vision Pro, Magic Leap or Open Source Virtual Reality (OSVR), in a web browser. The WebXR Device API and related APIs are standards defined by W3C groups, the Immersive Web Community Group and Immersive Web Working Group. While the Community Group works on the proposals in the incubation period, the Working Group defines the final web specifications to be implemented by the browsers.

<span class="mw-page-title-main">Well-known URI</span>

A well-known URI is a Uniform Resource Identifier for URL path prefixes that start with /.well-known/. They are implemented in webservers so that requests to the servers for well-known services or information are available at URLs consistent well-known locations across servers.

References

  1. "Google Launches OpenSocial to Spread Social Applications Across the Web – News announcements – News from Google – Google". googlepress.blogspot.com. Retrieved November 23, 2015.
  2. 1 2 3 Mark Marum (January 1, 2013). "OpenSocial Specification 1.0.0 Release Notes". GitHub . Retrieved November 28, 2015.
  3. "OpenSocial opens new can of worms". CNET. Retrieved November 8, 2023.
  4. "OpenSocial Foundation Moving Standards Work to W3C Social Web Activity". W3C. December 16, 2014. Retrieved December 17, 2014.
  5. Häsel, Matthias (January 1, 2011). "Opensocial: An Enabler for Social Applications on the Web". Commun. ACM. 54 (1): 139–144. doi:10.1145/1866739.1866765. ISSN   0001-0782. S2CID   52805577.
  6. 1 2 "OpenSocial Specification Release Notes". opensocial-resources.googlecode.com. Archived from the original on August 11, 2011. Retrieved November 23, 2015.
  7. Helft, Miguel; Brad Stone (October 31, 2007). "Google and Friends to Gang Up on Facebook". The New York Times . Retrieved October 31, 2007.
  8. Schonfeld, Erick (October 29, 2007). "Google's Response to Facebook: "Maka-Maka"". TechCrunch . Retrieved October 31, 2007.
  9. "maka.maka". Nā Puke Wehewehe ʻŌlelo Hawaiʻi. Ulukau: The Hawaiian Electronic Library. Archived from the original on September 18, 2013. Retrieved November 1, 2007.
  10. "Open Social Foundation Moves Standards Work to W3C Social Web Activity" . Retrieved December 2, 2015.
  11. "What is OpenSocial? A Webopedia Definition". www.webopedia.com. Retrieved November 23, 2015.
  12. "Friendster Opens Platform to Developers". PCWorld. October 28, 2007. Retrieved December 2, 2015.
  13. ""hi5 Taps Widgetbox for OpenSocial Support and Access to the World's Widest Selection of Widgets." Science Letter 9 Sept. 2008: 4265. Academic OneFile. Web". go.galegroup.com. Retrieved September 9, 2015.
  14. "Let me see my app!". February 5, 2008. Archived from the original on February 9, 2008. Retrieved February 5, 2008.
  15. Arrington, Michael (November 5, 2007). "OpenSocial Hacked Again". TechCrunch . Retrieved November 6, 2007.
  16. Arrington, Michael (November 5, 2007). "OpenSocial Hacked Again". TechCrunch . Retrieved July 24, 2010.
  17. Häsel, Matthias; Iacono, Luigi Lo (May 31, 2010). Decker, Bart De; Schaumüller-Bichl, Ingrid (eds.). Security in OpenSocial-Instrumented Social Networking Services. Lecture Notes in Computer Science. Springer Berlin Heidelberg. pp. 40–52. doi:10.1007/978-3-642-13241-4_5. ISBN   978-3-642-13240-7.
  18. Schonfeld, Erick (December 6, 2007). "OpenSocial Still "Not Open for Business"". TechCrunch . Retrieved July 24, 2010.
  19. 1 2 Mark Marum (January 1, 2013). "OpenSocial Specification 2.5.1 Release Notes". GitHub . Retrieved November 28, 2015.
  20. 1 2 Mark Marum (January 1, 2013). "OpenSocial Specification 2.5.0 Release Notes". GitHub . Retrieved November 28, 2015.
  21. 1 2 Mark Marum (January 1, 2013). "OpenSocial Specification 2.0.1 Release Notes". GitHub . Retrieved November 28, 2015.
  22. 1 2 Mark Marum (January 1, 2013). "OpenSocial Specification 2.0.0 Release Notes". GitHub . Retrieved November 28, 2015.
  23. 1 2 Mark Marum (January 1, 2013). "OpenSocial Specification 1.1.0 Release Notes". GitHub . Retrieved November 28, 2015.
  24. 1 2 Mark Marum (January 1, 2013). "OpenSocial Specification 0.9.0 Release Notes". GitHub . Retrieved November 28, 2015.
  25. 1 2 Mark Marum (January 1, 2013). "OpenSocial Specification 1.8.1 Release Notes". GitHub . Retrieved November 28, 2015.
  26. 1 2 Mark Marum (January 1, 2013). "OpenSocial Specification 0.8.0 Release Notes". GitHub . Retrieved November 28, 2015.
  27. 1 2 Mark Marum (January 1, 2013). "OpenSocial Specification 0.7.0 Release Notes". GitHub . Retrieved November 28, 2015.
  28. 1 2 Mark Marum (January 1, 2013). "OpenSocial Specification 0.6.0 Release Notes". GitHub . Retrieved November 28, 2015.
  29. 1 2 Mark Hopkins (November 9, 2007). "OpenSocial Container Pre-Release". Mashable . Retrieved November 28, 2015.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.