Portable Contacts API Starts to Get Real

This evening Joseph and John of Plaxo and I have been hosting a hackathon at Six Apart for the Portable Contacts API (video about PorC). The Portable Contacts API is designed “to make it easier for developers to give their users a secure way to access the address books and friends lists they have built up all over the web.”

We originally expected a handful of people to show up and hack on implementing bits of the specification, but so far have been blown away at the progress made and about the twenty people that came. Tomorrow is a summit style meeting hosted by MySpace also in San Francisco to try to finalize the specification among a wide range of providers and consumers. I’m expecting a handful of interesting demos, but wanted to share two that have already come together tonight.

Joseph Smarr and Kevin Marks of Google hacked together a web transformer that integrates Microformats, vCard, and the Portable Contacts API. Given Kevin’s homepage which is full of Microformats, they’ve built an API that extracts his profile information from hCard, uses a public API from Technorati to transform it to vCard, and then exposes it as a Portable Contacts API endpoint. Not only does this work on Kevin’s own page, but his Twitter profile as well which contains basic profile information such as name, homepage, and a short bio.

Brian Ellin of JanRain has successfully combined OpenID, XRDS-Simple, OAuth, and the Portable Contacts API to start showing how each of these building blocks should come together. Upon visiting his demo site he logs in using his OpenID. From there, the site discovers that Plaxo hosts his address book and requests access to it via OAuth. Finishing the flow, his demo site uses the Portable Contacts API to access information about his contacts directly from Plaxo. End to end, login with an OpenID and finish by giving the site access to your address book without having to fork over your password.

While the individual building blocks are fairly geeky themselves, pulling them together like has been happening tonight shows that we’re only at the beginning of building the next generation of social networks. When the pieces work together, people won’t have to know what’s going on under the hood; it will just work–and will be almost like magic. John has more photos up on his blog.

tags: , , , , , ,
  • That sounds awesome. One thing I gotta ask though is who’s even using the Google Contacts API? I keep finding people not using it and it drives me nuts. I don’t know why. I hope people will use what you’re working on now.

  • Todd

    Isn’t it a conflict of interest to have people from Plaxo influencing how PoCo gets developed? Plaxo’s business model is to encrypt your contact data into their proprietary, closed format and charge you money to use your own data, is it not?

    I was under the impression that PoCo was to be the Open Source solution to Plaxo. Please bring it to my attention if PoCo is really just Plaxo in disguise.

  • Todd, Quite the contrary. Plaxo has been at the center of true data portability long before that term was in use. We do not encrypt user data into some proprietary format. We let users get their data into and out of Microsoft Outlook, the Mac Address book, the web, and more. Yes, the emergence of a universal, easy-to-implement open spec for secure access to “people data” will be good for our business. It should be good for everyone’s busy, because it will make all of our services more genuinely useful to users.

  • Todd

    Sir, I do not see that anywhere inside a Plaxo account, the ToS or the Privacy Policy.

    Please provide the URL.

    As I make new connections with people, and add them to my Plaxo account, I do not see “Export my contacts…”, “Export my contacts and delete my account…” or “save my contacts as H-card…”

    I see no way to import Plaxo native contacts into Gmail.

    I don’t see a prompt for OpenID at sign-up, or use of oAuth when importing my contacts from Gmail, either.

    When I go to http://www.plaxo.com/api to see if there is the means for me to access and pull contacts out of a Plaxo user’s account I just get an internal server error screen.

  • Todd,

    From this link:


    you can access our various “sync points” and also see links to import and export options.

    To delete your account, go here:


    You should see OpenID option on sign up and sign in. With respect to OAuth import, that will come in the upcoming transition to Portable Contacts.

    Likewise the API site is currently undergoing an update to move from Plaxo-specific APIs to Portable Contacts. It’s something we plan to do shortly after today’s summit.

    Hope that helps.

  • Todd,

    I wrote up a detailed answer with links a while ago. Not sure if it’s being processed or if I need to retype it. Sending this simple comment to see if it gets through.

  • Okay, hope I’m not creating duplicate responses, but one I submitted earlier did not show up. For this one, I’ll include on key link:


    From there, you can say a variety of “sync points,” services that we giving users a way to a have automated data movement into and out of.

    At the top, you’ll also see links for import and for export of contacts.

    As the the API page, that is in transition at the moment, shifting from our own APIs to focus on the new open-spec API Portable Contacts.

    That transition is also when we’ll cut over to OAuth based importing.

    Hope that helps.

  • We already have OpenSocial, XRDS-Simple, OAuth, etc, none of which were getting popular in use. Now we have another open standards or API, shall we support existing ones first?

  • Andy, I think that’s a good question which goes to show how we’re not yet doing a good job of explaining how these various technologies do different things yet fit together and complement each other. The Portable Contacts API has become aligned with the OpenSocial REST API so that an OpenSocial Container happens to also be implementing a piece of Portable Contacts. OpenID allows someone to login to a site without creating a new account, but rather using one they already have and XRDS-Simple then provides a service discovery mechanism from your OpenID URL. You’re thus able to start creating an experience where a user shows up at your site, logs in with their OpenID, you discover via XRDS-Simple where their address book is, and request to access it via a combination of OAuth and the Portable Contacts API. Lots of buzzwords, but overtime a really compelling user experience!

  • Todd

    Mr. McCrea

    I see OpenID for signing into an existing account but not to create one. Also, I am unconformable with you treating “sync” and “export” as synonyms. They are not.

    I do appreciate you, the CEO of such a large company, taking the time to reply to my criticisms and questions, but I am not satisfied with your answers.

    Hashing it out here in the comments is probably not the best why for me to get the results I want. I ask Mr.Recordon where is the best place for a long suffering end user to participate in the development of Portable Contacts. Is there a weekly meeting, user group, or chat?

    I, and so many people I know, have been jerked around for so long by companies abusing our personal data, skepticism is a given.

  • Hey Todd, there’s a mailing list for the group at http://groups.google.com/group/portablecontacts where mainly technical discussion is going on. It feels to me you’re asking a lot more about policy and best practices which the Data Portability group is focusing on. You can find out more about what they’re doing for users at http://wiki.dataportability.org/display/dpmain/DataPortability+for+Users.

  • The distributed social network and the power of combining open standards is already real. Try out the PICNIC site: http://www.picnicnetwork.org/

    Or follow the links from: http://www.flickr.com/photos/alper/2862317199/

  • I think it’d be a lot of fun to include support for bloom filters in the future of this API. I want to publicly distribute a variable-byte-size (let’s say 1K or something where you have a 5% failure rate) bloom filter of OpenIDs. That way, I’d be able to have plausable deniability.

    Encode your friendslist (in terms of their openid URI) into the bloom filter.

    Let’s say Alice is friends with Bob AND Carl. She logs into Carl’s site. Carl’s site can then say: “Looking at the bloom filter, Alice.com is probably friends with Bob.com”. You could then verify with Bob (and other probable friends). This is fantastic because Alice doesn’t tell Carl who her common friends probably are, without telling who their uncommon friends are. This is obviously useful if you want to allow friends-of-friends access, and increases the probability of trusted serendipity.