Google is in the Cat Bird Seat for Identity Matching in OpenSocial
Posted by Bob Warfield on November 2, 2007
David Berlind ponders how identity is handled in OpenSocial. Specifically, how do we map identity from one Social Network “Container” to the next? If I query “Open Social” for friends, it sends me back a text based name like “Cobra427”. That name might be “Bob Warfield” over on another site. How can I tell they are the same?
I had speculated previously that the application knows the names and that it can do the mapping between networks to the extent that all of your friends use the same OpenSocial application. I called this “leaking” information across Social Networks and speculated one could even build an app to help move graphs between networks.
It turns out there will be an Uber Leaker in the whole system. It should come as no great surprise that this pivotal role is played by Google. In looking over the OpenSocial API’s, I was struck by the authentication scheme. Before you can access any private information, and the Friends list is definitely private, you have to be authenticated to the API. There are two ways to do this. One is you can logon with your email and password each and every time you use the application. That stinks. And details are unclear of how such “accounts” are established. Google recommends that approach for desktop applications. Perhaps that’s intended for disconnected operation.
The preferred approach is to use your Google account, a mechanism they call AuthSub. Can you see where this is going? If everyone who uses an app has a Google account, and is logged in while they use the account, Google has the treasure map. They know how all the names link up across all the Social Networks. Pretty cool, eh?
The identity fabric people are searching for boils down to Google accounts. The API’s map all your Social Network info back to a specific Google account. Now Google is in a position to build out an extremely sophisticated and varied collection of information on anyone who has a Google account and participates with an application on Open Social.
I’m sure the conspiracy theorists will have a ball with that one, but let’s be real, if you want to have a meta-Social Network, you have to do something like that to link things together. You’ve already got individual Social Networks madly gathering dossiers on everyone that they type in themselves.
What am I going to do about this? Note to privacy buffs: you’re going to need a lot of Google Accounts. In fact, maybe you should never use the same one twice. Note to self: call broker and buy a few shares of GOOG before everyone figures out where this is going…
Breaking News Update
Despite what the current preliminary documentation says, it is possible to invoke OpenSocial without using AuthSub or having a Google account. How do I know this?
First, Al over at Folknology asked the question over on the forums and left me a link to the answer. Thanks Al!
Second, after reading a new post by Marc Andreesen, I created my own Ning social network and checked it out. I installed the iLike application as an available app on my Ning network, then I installed the app on my personal profile on the network. At no time did it have access to my Google login. Now in fairness, it also didn’t touch any of the profile or social graph info, so we still don’t know what really goes on there. I think we’re going to have to wait until the api is more fully documented to tell.
BTW, Ning is pretty slick. Give it a try. It’s easier to create a new social network of your very own than it is to build the social graph.