Tantek Celik (Moderator, @t) , Dave Morin (Facebook, @davemorin), Kevin Marks (google, @kevinmarks), Joe Smarr (Plaxo, @jsmarr)
KMarks: OpenSocial is open to anyone - open to millions of users, designed to be an abstraction, and who owns the social graph? Individuals have shared custodial ownership of it. Sites have custodianship over user data due to the social contract, they do not wish to violate it.
Goal of OpenSocial is to have an abstraction.
JSmarr: Feeling of openness, helping people stay connected. Openness is empowering users to make a tool they want to work together. When you know it is really open, users are mashing up things the company never expected, in novel ways - what is driven by is by the user. Information you share, you should have control an access to using it.
DMorin: one of the things giving people control over the info they share is the core of openness - makes it easier that they can use effectively and confidently. On the Developers side, makes it easy and seamless to build on top of the FB platform. We are all connected through these social graphs.
TCelik: all want information to move across - how easy is it to move data across? Easy to get data in, but impossible to get it out - Data Roach Motel
KMarks: Depends on which system: orkut is using the OpenSocial API - you can get the information via the interface. TCelik presses - and KMarks answers you more than likely can build an application to get the data out.
JSmarr: plaxo is all about making it easy to get the data in and out - so you can easily get the data out. On gmail - they are now offering a OAuth-like solution. Now, Yahoo, google and Microsoft offer APIs and you can allow services to access your data.
You can export into all of the services connected - and export into standard formats (.csv, .xls)
TCelik: asking if anyone has entered the password from one service in another - did you feel dirty? [Hands go up]
- training users to giving passwords to other sites - training users to hurt themselves
- "Why do I care - I have the same password anyway..."
TCelik: valet keys to your logins on the web - open standard
DMorin: (responding to TCelik's original question) Important to breakdown data into there pockets:
- Identity - structured way of creating identity
- Social Graph - how do you get your contacts in via the uploaders and FriendFinder
- FriendFinder helps you find connections, requires repeated connectivity
- Feed and Social Actions - easy to create applications and made a standard interface for going into other applications (80M users) - makes sure that you are giving permission to applications into access your info
KMarks: [Dynamic privacy] is very much the goal - common way for live sync.
JSmarr: it is assumed that you will have a social experience, but they need to have this interface.
DMorin: the model can be based on the banking system [sounds like we are discussing the idea that private information as money.....hmmm].
KMarks: OpenSocial 0.8 providing a way of joining Friend Connect and Facebook Connect up. Different sites have different social contracts with their users - so you need to find a way that is similar/standard. This is Friend Connect, not Friend Import.
JMichalski: two feature requests - will OpenSocial make these happen.
- I am writing an email in gmail and want to access my plaxo address book at the time
- I am writing an email in gmail and want to send the article to a set of friends that I have tagged in plaxo one tag, and in gmail another
TCelik: shows us a post from David Recordon and asks is this resolved yet
JSmarr: in Silicon Valley - there are many overlapping connections.
DMorin: FB has 80M users - they need to be able to have an experience that makes sense to them. We want to work alongside of others to make these things happen.
KMarks: We do not know what we did wrong in making google Friend Connect - we are open to understand why and fix it? What would we need to change to make it work?
JSmarr: We are incredibly enthusiastic about the connectivity, and there are plenty of technical countermeasures that can handle the tradeoff. We have been very happy with it.
DMorin: Work with google to make dynamic privacy work on other sites.
Dynamic privacy is when I log in via FB identity, I should be able to support the change of relationship across any site that connects.
Audience: What is the business model that allows for giving away the information to google - isn't this the question?
DMorin: It is about maintaining user control of user data and user information in terms of privacy and access.
CCarfi: when will the privacy information be in the "hands" of the user and not across systems?
DMorin: putting privacy controls in the hands of the user. At FB, privacy settings are VERY granular. [Ed Note: sounds like good fences makes good neighbors]. Wants to standardize privacy settings [like P3P].
OpenID - allows a person to use a single signon and share access information across websites (durable identity). By default - everything is a fragmented silo.
A user-centric privacy is about the user can set the preferences themselves. The user is in control of who gets what.
TCelik: Anyone support P3P?
KMark: have given to the customers a sense of understanding on how they behave. OpenSocial is about having an abstraction that anyone can model to.
Kalya: In LibertyAlliance and Oracle's authentication management is in the working group.
BTempleton: These are technology standards for DISCLOSE - not privacy standards.
JSmarr: actually OpenID allows me to make sure I do not have the distinction of who I am since it is a token.
TCelik: Not really privacy, it is about disclosure.