 called Bridges. Cloud Bridges is a web-based application. It uses browsers and web servers. We have a website, obviously, CloudBridger.es where you can get the project source. It's under the GNU GPL. It's based on an earlier project called OSocial, which is made by a guy called Victor Coustonobler, but he's from France. He can't be here today. I'm Edwin. I'm from the UK and my biography is on the FOSDEM website. I'm going to start off by saying what the problem is that CloudBridgers was trying to solve before I explained how it solves it, but it's about social networks and the problems people have been having with social network fatigue, having to keep joining new social network sites and not being able to move their information between sites. We're obviously not the first people to consider this problem. There's a group of people who have a project called Data Portability and they've been looking into questions like this. They believe obviously you should own your data, and so their answer to these questions are that you should be able to import data into a social network or a site like that and be able to export it out again. The typical information is who your friends are, which you have to keep finding on each new site. Some of the ideas they've had for this portability is having an aggregator where you'd have to give out your password to a site and that would screen scrape all the websites and aggregate all your information together, which isn't very secure. Or if everybody was a network where you'd have a blog and that becomes your social network profile, you'd have no privacy that way. Or a network of networks where someone would create a new social network which came with the ability to talk to other social networks with an inter-network communication protocol, but that doesn't address the issue of already existing social networks. Or a social network subscribe model where you have one host that has the canonical copy of all your data and all the other social networks subscribe to that to get updates. But I don't think existing social networks will want to do that. Our requirements are these things. Users should be able to stay on their current social network if they wish or switch to another social network at no cost. So it'll be just like having an email account. But this is just our opinion. We're just trying one possible solution. So fortunately, a standard has come along called OpenSocial, which is published by Google. Google's social network use it along with MySpace, Hi5 and some others, notably not Facebook, but something which social networks are implementing slowly. It should allow an application writer to have access to nearly all the profile information which is stored on the social network accounts and features are becoming available over time. It's sort of in a beta stage right now. It's version 0.7. The technology it uses is XML for the UI. It's got embedded HTML in it and JavaScript for the interaction with the user and with the site. It's kind of a missed chance for data portability. Google haven't really given the sort of functions you'd need to implement data portability as people were wanting. For instance, it doesn't provide calls between social networks and it doesn't allow a site or a client to subscribe to data which is on the social network. It's only once you've actually logged into your profile page that these things can be activated. But things have been progressing since then. Although it's not designed for data portability, it does let data out in a standardized way. So that means that a sort of data portability is possible along the idea of whatever isn't impossible is mandatory. Victor saw that social networking data could be opened up through this. So he coded an app using open social APIs, made it known online and he got 1,000 users over time. And then later I joined and we started working on the second generation design which became cloud bridges. Also because this was being popular on news sites, someone asked us to give our information about it and we were interviewed. We said that there are problems with social networks right now and that data portability did look like a good way to solve those problems and it was already having some successes and the article was positive about us. So how did O's social work? It was just like any other app to install on a social network page. Once it's installed you could press a button and then our open social website would receive your profile information and your list of friends and convert them into open formats so you could browse them from our site in an open way. And we also had flash visualizations of your social graph so you could navigate who your friends are and who their friends are. One thing to note about the technology is an open social implementation provides a container, they call it, for apps which is the base libraries, JavaScript libraries, for you to install your application into and that provides methods like fetch person and make request. It's not purely JavaScript otherwise there would be cross-site scripting issues. You make these requests to the server itself and then the server makes requests out to the third party. So how is CloudBridge different? We added security which is obviously important. There are three levels of privacy. You can have data which is secret which means we don't store it at all. Friends only which means we only disclose it to people you say are your friends and public which means it's available on the front page of our website. We had a concept of expiring links where you'd be able to click a link which is only valid for a certain period of time where you could see people's information and that meant you'd be able to revoke people's as you're being your friends so the URL wouldn't keep working. Those links are available in a friends list in the application itself. Version 0.6 of the spec included the ability to sign requests to stop spoofing from happening which some of the earlier widgets had problems with. There had been some problems. There was the Scobal incident involving Robert Scobal. He has this Scobalizer blog. He was testing an app which is similar to ours for a social network website called Plaxo. He famously has 5,000 friends on Facebook which is the limit that you can have on Facebook and Facebook detected that this app was trying to download and leech all his friends and they had some automatic block which cancelled his account. He was later reinstated after a lot of complaining but he had to promise he wouldn't do that sort of thing again so there is resistance from social networks to this sort of idea. This is what the technology is capable of and the open social implementations are just sandboxes right now so we haven't hit any problems yet. Let me go through a use case. Imagine Alice and Bob work together with Alice on MySpace and Bob on Hi5 which is sort of a typical situation. She wants her co-workers to know who her MySpace friends are but Bob doesn't. She installs our cloud bridges app and she tells the app her name to appear on our website so she says that as public data. The app asks her who her friends are and so she can say Bob on Hi5 she's not limited to people on MySpace and so cloud bridges stores this as an Alice-to-Bob relationship in the database. She says that that relationship is friends only so only someone who she says is her friend can see that and then she invites Bob to install cloud bridges on his account on MySpace on Hi5 so he does so but he decides to keep everything secret and he marks Alice as a friend but a secret friend then when he checks his cloud bridges friends list the app sees the Bob-to-Alice friendship and so it adds Alice's name to his list but because it also knows that Alice has a relationship to Bob it adds Alice's name becomes a link to a page on cloud bridges which contains her unique number the current timestamp and a hash so that the link would expire and that contains her personal information which only Bob can see because he's been set as a friend. I'm now going to do a demonstration hopefully. Here is our website or one of the pages you can select this is the way that you normally install on app on one of these things this is the sandbox version so you want to add the application add the application there are some people I've already added actually and then you'll be able to add someone from a different social network Hi5 add friend now add it to your I have to refresh the page there's that person in the list and then you can see them in cloud bridges page with this expiring link and there they are friend of Hagfish and Victor there should be a profile image that isn't loaded so that's the sort of thing you can do and then obviously you can follow these people and explore it so one of the technologies we've been using is micro formats these are standardized ways of expressing a certain type of information that you might find on a web page for instance a person or a friendship or an event they use valid HTML by using the class attribute semantically which are already found in the wild that people are actually using on websites and you can already get importers and converters and browser plugins which consume these formats for a lot of these formats so one example which we currently use is hCard if you know the vCard formats it's like that, it describes a person but it just uses HTML to do this XFN, it looks like a link on a web page but it uses the rel attribute of links in the HTML spec and it gives you a fixed vocabulary of ways you can express a link between yourself and the person that's at the other end of that link hAtom is one we plan on implementing it's like the Atom feed protocol so you could have an event feed like you find on a social network the only difficulty would be how you would subscribe to something which has an expiring link which we haven't solved yet and the rel tag is another one we don't support yet allows you to have short tags which describe a current page then it's for describing yourself and it won't have a fixed vocabulary which would be good for free text searching for people so obviously we try to stop spoofing which OpenSocial now supports it supports a protocol which is sort of based on OAuth which is an open published specification OAuth was originally designed for mashups for securely sending data between different services where you have an account for instance you might want to import your photos from a photo sharing account into your social network and you don't want to give your password for one of these sites to the other site the way Google does it is you specify key value pairs which become part of a URL and you specify the destination URL that you want to make this request to and then the container adds a hash to it using a public key and there's a different public key per container so you can verify that the container makes that request and there are free OAuth free software OAuth libraries out there which you can use so how do we do it we're not doing a full web service there's no SOAP or Wustl involved the app which you install into your social network site is the client and it talks to the container which is acting as a proxy for talking to our website at cloud bridges and it retrieves data which we generate by a PHP script on our server the container JavaScript libraries calls the browser to make XML HTTP requests which is Ajax for files on the social network domain itself rather than going directly to the third party which would be cross-site scripting originally the open social API claimed it would support several formats for getting data but it originally only supported JSON format so we started using that and we found it's a good format it looks like an object dump as a string in JavaScript and you can call eval on it which loads that string as an object into memory but obviously if you're evalling arbitrary code there are security issues so there are parsers out there which parse the string first to check if everything's safe so future possibilities we're all about removing requirements so it hopefully cloud bridges makes it possible to go from having three social network accounts to only having one and we could even go to having zero social network accounts at all if you didn't want to by using open ID which is a URL based identity and it's globally unique so we wouldn't need to keep a database of accounts we could just assume that you had an open ID and you could log in with that to cloud bridges and see friends who had listed that open ID as a friend and interestingly as Google have open sourced the reference implementation for an open social container there we go