The main focus of our discussion thus far has been on the construction of applications to exist within the container itself. But this isn’t the only context in which social networking applications can exist.
To provide this access layer safely and protect their users’ social data from attacks, many containers use security implementations such as OAuth. Many of the most popular social networking containers—including Facebook, YAP, iGoogle, Orkut, MySpace, and others—currently implement OAuth in some capacity.
Leveraging a container’s social features can help developers extend their reach far beyond the silo of the container itself and build out a rich social graph for their web applications or sites immediately, instead of having to build their own custom relevant graph during their website’s inception.
In addition to being able to capture social information from a container off-site, developers can use other technologies to allow users to sign in to a website using the username and password login structure of the container. One open source technology that allows developers to implement such a login structure is called OpenID (Open Identification). By not requiring users to create a new login for your particular site, you can help further socialize your web-based application and decrease the amount of drop-off during the registration process. Once a user logs in using OpenID, the site can then implement a facility to allow users to customize their profiles.
Combining these two technologies (OpenID and OAuth) into a sort of hybrid authorization process, developers can construct a login structure to prevent drop-off during registration (OpenID) and then use the container’s social URI endpoints to prepopulate a user’s profile and leverage whatever rich social data the container provides (OAuth).
We will discuss the implementations of OAuth and OpenID in the context of an off-site application or website in later chapters.