OpenSocial community defines version 0.9

A new version of the OpenSocial Specification hit the presses yesterday -- packed full of new features to make writing, testing, and maintaining apps much easier. From a streamlined JavaScript API, to a more efficient way to communicate between the app and your server, many of the OpenSocial v0.9 updates aim to make coding and rendering apps blazing fast.

If you're not familiar with the specification process, here's how OpenSocial evolves from one version to the next:

• New ideas are proposed and discussed on the spec list (which anyone can contribute to).
• Proposals that are selected by the community are prototyped to flesh out the details.
• After a vote, the new version of the spec is published.
• Containers implement support for the new spec.
• App developers start using the new features.

Luckily, many of the prototypes for these new features were implemented in Apache Shindig, so they'll be coming to a container near you in short order. Keep an eye on your favorite container's blog for announcements (like this one) about when v0.9 features will be ready for you to check out.

Many of the folks who contributed to OpenSocial v0.9 will be at Google I/O in San Francisco on May 27-28. We love to talk about this stuff, so check out the Google I/O site to sign up and join us.

Posted by Lane LiaBraaten, on behalf of the OpenSocial Community

Japan's Mixi Announces Open Beta Launch of its OpenSocial Container

My name is Yoichiro Tanaka. I belong to the Platform Team of mixi, Inc. “mixi” is currently the most popular Japanese social networking service (SNS) and has more than 16.3 million registered users. I am happy to announce that we have released an open beta of “mixi apps, ” which is based on OpenSocial. The first release of the “mixi apps” container (runtime environment) was in last December, but this was only to select companies. However as of April 8th, we've opened the door to all developers!

Background

"mixi" was launched in February 2004 as one of the first social networking services in Japan. It lets users create profiles, make friends with other users, post diaries, discuss in several communities, share pictures and music with friends, etc.

In addition to those basic features, we have been developing the mixi Platform and working with our partners (service providers or developers) on enhancing the "mixi" service for users. “mixi apps” is one of our services which lets social application providers develop applications that use social graphs formed in mixi, and provide these applications to mixi users. To achieve this, we thought OpenSocial would be the best solution.

Supported Features

• OpenSocial core APIs (People, Activities and Persistence).
• The gadgets "core" and "feature-Specific" APIs (The gadgets APIs are mostly supported in the open beta with full support coming in the production release).
• A mixi specific "Community API," which allows application access to mixi community (or group) information along with its members.

Upcoming Supported Features

• OpenSocial's RESTful Protocol will be supported in the near future as "mixi Connect."
• The mixi platform will also support a photo album API, among other APIs.

Timeline

• Closed beta release - December 2008
• Open beta release - Available now!
• Consumer launch - first half of 2009

To learn more about mixi's new OpenSocial platform please visit:

http://developer.mixi.co.jp/ (Note: this site is in Japanese)

To support and engage our new mixi social applications development community, on April 23rd we will hold our first ever mixi OpenSocial developers conference, "mixi Appli Conference 2009." In addition to providing detailed information on how to build applications for "mixi apps," we will also talk about "mixi fund," which is a program that offers financial support to social application developers. More information on this conference can be found at:

http://mixi.co.jp/mixiappli-event/ (Note: this site is also in Japanese)

We believe our upcoming production release of "mixi apps" and overall support of the OpenSocial standards will enable us easily continue innovating on compelling future social services for our users.

Posted by Yoichiro Tanaka, mixi OpenSocial Architect

Important OAuth signing changes coming to a container near you

Although OAuth and OpenSocial make a powerful combination, it's important for developers to know specific implementation details for each container. If you're a developer using the OpenSocial REST and RPC protocols, either with the client libraries or by rolling-your-own implementation, we wanted to let you know about two fundamental changes coming to Shindig which are intended to simplify the implementation and use of OAuth.

First, using content-type: application/x-www-form-urlencoded in any client to server requests will be strictly prohibited. Instead, we recommend using application/json, application/xml, or application/atom+xml.

Second, in addition to the current method of body signing (which treats the entire body as a query parameter), a new implementation will be made available called the request body hash. Developers should use one method or the other, not both, on any given request. When available, the client libraries will default to using the request body hash.

Here's a bit of background on these changes:

In order to verify that requests sent by developers to OpenSocial containers are actually coming from a trusted source, they are cryptographically signed. The container verifies signature to check that the request originated from the developer and to ensure that the details of the request have not been intercepted or modified by a third party.

In most cases, this turns out just fine, but incompatibilities and inconsistencies arise when you happen to send a request containing "&" or "=" characters in the body, such as this request to update appdata:

[{"params":{"groupId":"@self","appId":"@app","userId":"@viewer","data":{"testkey":"a=b&b=c"},"fields":"testkey"},"id":"add","method":"appdata.update"}]

When such a body is sent along with a content-type of application/x-www-form-urlencoded, Java Shindig (following the Java servlet spec) assumes that the "&" and "=" characters delineate key/value pairs of form data (it's x-www-form-urlencoded after all). When these parameters are reordered and put together as part of the OAuth signing process, the new signature will not match the one sent by the developer (who treats the request body as one giant parameter instead of several, as intended). Thus, the request fails.

However, when the content-type of the request body is properly disclosed (application/json in this case), Java Shindig will treat the body as one parameter, thereby avoiding any conflicts with either the spec or the "&" and "=" characters. In addition, support for the request body hash does away with the non-standard behavior of putting the request body into the signature base string, substituting a hash in its place. It's quite elegant, and far simpler from an implementation standpoint.

For more history and discussion, see this thread in the OpenSocial and gadgets spec group.

What this means for you as a developer:

If you've been dreading the part where I say "go implement this in your code," fear not. We've released new versions of each of the client libraries (Java, PHP, Python, Ruby) which support the changes, while maintaining backwards compatibility.

Starting today, the iGoogle and orkut sandboxes are incorporating these changes to let you start testing right away

If you have any questions on the client library changes, feel free to ask in the client libraries group.

Posted by Dan Holevoet, Google Developer Programs

eBay announces Selling Manager Apps beta, opens up platform to gadget developers

My name is Farhang Kassaei, I am a platform architect at eBay.

We are very excited to announce that our Selling Manager (SM) suite of productivity tools is now offered as a gadget container - with the same extensibility technology behind OpenSocial. In other words, eBay Selling Manager is now OPEN as a beta platform to ALL developers. This is a great opportunity for developers to have direct access to professional sellers who manage their businesses on eBay.

With our beta platform launch today the SM sandbox is open to anyone with an eBay developer account. If you have not signed up for the eBay Developers Program yet, join for FREE at http://developer.ebay.com/join. If you are already a member of our developer community, visit http://developer.ebay.com/smapps for all the information you need to get started.

eBay will be opening up applications within Selling Manager to all sellers later this summer so this is the perfect time to get on board and get your application user-ready and tested. Also, don't forget to attend our annual Developer Conference in San Jose this June where we’ll be offering hands-on training for Selling Manager Applications. Visit our Developers Conference web site for more details.

Now, let me tell you a bit about the Selling Manager Apps. Although the SM apps are built on top of gadget specifications, they are not the typical OpenSocial applications (for one, eBay does not have a traditional traversable social graph). The SM Apps are productivity tools for eBay sellers, such as tools that allow sellers to manage customer questions more effectively, or to handle shipping and handling of sold items, or to identify and graph marketplace trends in pricing. Like any small business, eBay sellers value tools that make them more efficient and maximize their profitability.

What is most exciting about SM Apps is that you can make money. You choose how much you would like to charge for your applications and get paid by your subscribers. eBay handles billing your subscribers, processing their payments and distributing the funds to you thorough your PayPal account.

eBay is excited to be part of the OpenSocial/Gadget community. Our goal is to make development of commercial applications as open as developing social applications. Check out our Selling Manager beta platform hub at http://developer.ebay.com/smapps, and make sure to let us know how you think we’re doing.

Posted by Farhang Kassaei, Platform Architect, eBay