Why f8 was good for the open web

Disclosure: I joined Facebook last Fall. Over a year ago I predicted that they would open up.

It’s easy as a technologist to think about openness solely in terms of technology, but openness is broader than that. Openness of technology means that others can build using the same tools that you do. Openness of data means that developers can build innovative products based on APIs that weren’t previously possible. And openness between people is what happens when when all of these things come together to give people better ways to share information.

Sure, some things Facebook launched are more “open” than others, but here is what’s exciting me:

1) No 24-hour caching limit: Developers have found that one of the most annoying policies was only caching data from the Facebook API for twenty-four hours at a time. At Six Apart this meant that we had built infrastructure that allowed us to comply with this restriction in a way that wouldn’t impact site performance. Today developers can store data from Facebook’s API as long as they’re keeping it up to date and agree to remove it at a user’s request.

2) An API that is realtime and isn’t just about content: Part of why it’s possible to remove the 24-hour caching limit is because Facebook’s API now supports the ability for developers to subscribe to changes. This means that developers do not need to continuously fetch data from Facebook to see if it has changed, but rather will have those changes pushed to their applications in realtime.

Now the first question you’re probably asking is if Facebook used PubSubHubbub; at least that was my first question to our engineering team a few months ago. Given that PubSubHubbub models a feed of public entries, it doesn’t work for subscribing to arbitrary social data (and doesn’t support JSON either). I think this is another example of how Google thinks so differently from Facebook. The web started as a collection of documents, but people are becoming even more important.

So instead, Facebook’s realtime API uses WebHooks and borrows from PubSubHubbub where possible. This is a first step toward a World where I no longer need to manually update my mailing address at every site I buy stuff from!

3) The Open Graph protocol benefits the web, not just Facebook: At f8, Facebook made two technology announcements using the term “Graph”, in addition to talking about the Open Graph as a bi-directional combination of many different social graphs. The first is Facebook’s Graph API and the second is the Open Graph protocol.

Here’s what I wrote yesterday when Chris Messina asked me what “open” meant in regards to the Open Graph protocol:

First of all it is designed to increase openness between people based on being able to connect with things all around the web. Within Facebook this means that people can like any web page anywhere, not just those on facebook.com.

Second, the Open Graph protocol increases the amount of semantic data on the web in a manner that isn’t specific to Facebook or any single social network. While we can all disagree about where the quotes and angle-brackets should go, at the end of the day I think we all can agree that this sort of metadata is good for the web.

Third, it was created and implemented by more than one company. We’re now broadening that group of people (right here) and are interested in evolving the spec in a meritocratic fashion.

Finally, it’s licensed from day one under the Open Web Foundation Agreement. As Jesse Stay wrote, this means that it, “is under a completely open license agreement that other platform creators can adopt, use, and freely distribute.”

While the technology is still evolving, it dramatically increases the amount of semantic data on the web and does so in a fashion which builds on RDFa and Microformats that anyone – including Google, Twitter, and the OpenLike project – can make use of.

4) OAuth 2.0: Back in January I wrote What’s going on with OAuth? where a few of us laid out the path toward OAuth 2.0. Last week Twitter used OAuth 2.0 under the covers of @anywhere. At f8, Facebook shipped OAuth 2.0 as the only way to interact with the new API. Earlier today the chairs of the OAuth working group within the IETF asked for a consensus call to publish the first official draft.

While I was involved in creating OAuth 1.0, I’m even more excited about 2.0. It’s so simple! No signatures. No request tokens. And distinct flows for web browsers, traditional web applications, living room devices, etc versus one flow that tries to do everything. Want my public data, fetch http://graph.facebook.com/davidrecordon. Want private data, just switch to using SSL and add access_token as a parameter. That’s how it should be.

I don’t think we could have picked a more interesting time to work on the web than during its transformation to being about people at the core.

tags: ,