OpenCI: The current state

Open-CI currently implements the following features:

• Trust-network of Sister sites
• Rationale
• Implementation in AnyMeta
• Service Discovery
• Logging in to other sites: OpenID
• Implementation in AnyMeta
• Content-sharing
• Rationale
• Implementation in AnyMeta
• Phoning home ("Teleport")
• Implementation in AnyMeta
• Cross-site updates
• Profile merging/migration
• Implementation in AnyMeta
• Update notifications
• Cross-site messaging

Trust-network of Sister sites

Rationale

Open-CI is about federating social networks by enabling users to share information between sites and use one account to do stuff on other websites.

If you connect your website to an Open-CI network, first thing that you do is specify which sites you want to include in your network: which sites you trust.

Typically, this would form a fully-connected graph of social networks, but it does not need to be: an Open-CI lite site could choose just to enable logons from some other sites, and not to provide user registration themselves. The IkRip and Mediamatic Travel sites are example of such satellite sites.

[image]

Implementation in AnyMeta

In AnyMeta, this functionality is implemented as a list of sister sites (as seen on the screenshot). For every site, a title is provided and the base URI for the other site. Besides that, an OAuth relation is made to the respective site. This OAuth relation is used for notification and cross-site messaging (see below).

Every connected site shows up on the logon screen as an OpenCI sistersite, and from your site you can choose one of the other sites to login with.

Service Discovery

For the discovery of whether Open-CI sites have implemented a certain feature, we use XRDS-Simple. This is a simple protocol which basically allows you to retrieve an endpoint URL given a "service" you want to use.

The command

curl -s -L -H 'Accept: application/xrds+xml' http://mediamatic.net/

will give you the XRDS document for the mediamatic.net domain.

In the rest of this text, for every service that needs it, the service type URI will be given and AnyMeta's default endpoint URI as well.

Logging in to other sites: OpenID

When you use the dropdown box to login to the current site using an account from a connected Open-CI site, the OpenID 2.0 protocol is used. The "official" protocol requires that for an OpenID logon, you need to specify your OpenID URL in a text box, but to enhance the user experience we decided to add the dropdown box which just submits the hostname of the sister site. XRDS is then used to discover the actual OpenID endpoint.

Implementation in AnyMeta

In AnyMeta, every person has automatically an OpenID identity, because every Open-CI site is an OpenID provider at the same time.

Content-sharing

Rationale

The idea behind content sharing is that public information can be shared, so that semantic links can be made between items on different sites.

Implementation in AnyMeta

I

Phoning home ("Teleport")

When you click a link on an item that is non-local (denoted by the little Open-CI icon next to the item's title), you are being redirected to the site the item originated from, the so-called "authoritative source".

You are being redirected because the only place where the full item can be viewed is at the authoritative site. Although its information (e.g., title) is being shared to other sites, an information item only has its own web page on the site it originates from.

In the redirection of the authoritative source, we let the site you are redirected to know on which site your profile is located. This is done so that in the event that you want to do an action on that site (e.g. click the "I like it" button), that site knows where you are coming from, and thus will not attempt to log you in with a local profile, but will try an automatic OpenID logon at the originating site first.

Implementation in AnyMeta

When visiting a non-authoritiative link, say www.mediamatic.net/id/51627, AnyMeta does the following:

• It will look up the authoritative resource URI, which is www.picnicnetwork.org/id/d5a12234-ba3e-102a-b311-0014385010dc
• Then it will check if it finds a "Teleport" service by looking at the XRDS service document which is related to this URI
• This service is indicated by the service type of mediamatic.nl/ns/anymeta/2008/service/teleport/incoming.
• If such a service is found, it redirects to the found URI with the following arguments:
  • 'uri' argument with the original resource URI, to redirect to
  • 'home_site' argument with the URI of the site on which the current user's profile is located
• The other site then records this 'home_site' argument in its session, and redirects to the 'uri' argument.

The next time the visiting user wants to do something on www.picnicnetwork.org and needs to logon for that action, this site knows that he was coming from www.mediamatic.net, and thus will start an OpenID logon process at the home site.

Cross-site updates

Cross-site updates come into play when a user wants to do things on a site on which he does not have an authoritative profile. In this section, we are always referring to a user which is logged in at www.picnicnetwork.org with his www.mediamatic.net account.

The "I like this" button is a typical form of where a cross-site update will take place. In AnyMeta terms, an edge (connection) with the label "interest" will be made. This edge will be connected from the user with the www.mediamatic.net account to an item on the www.picnicnetwork.org site. Since the user is currently at www.picnicnetwork.org, this site needs to "ask" www.mediamatic.net to create this edge for him, since in AnyMeta only outgoing connections can be made, and edges are always owned by the outgoing party (the "subject"). The actual update URI is discovered over XRDS and executed using a on-the-fly acquired OAuth relation.

For a cross-site update, AnyMeta now does the following:

• It will detect that an update is to be done on a non-authoritative item.
• It will then check if it finds a "Cross-site update" service by looking at the XRDS service document which is related to the item's URI
• This service is indicated by the service type of mediamatic.nl/ns/anymeta/2008/service/cross_site_update
• If such a service is found, AnyMeta can continue with permission checking.
• In the OAuth registration it will lookup an OAuth key for the domain of the non-authoritative item (www.mediamatic.net in this case).
• If no such key is found, it will discover the static consumer key on www.mediamatic.net, and will redirect to the OAuth authorization URL
• Because www.mediamatic.net has www.picnicnetwork.org in his list of "trusted sites", a request for the static consumer key will be automatically approved, without user interaction.
• The OAuth key is used in a call to the cross site update URL previously discovered, to do the actual update.
• After the update, a notification is shown to the user to let him know that it can take some time for the update to appear on www.picnicnetwork.org; because this update needs to be published over the XMPP channel.

Profile merging/migration

Within the OpenCI network, it is possible to move an account to a different web site. Besides that, it is possible to see on which Open-CI sites there are accounts similar to your current account, and merge those accounts into one. All of this can be done using a convenient drag 'n drop interface in which you can select which account you want to move or merge where.

Implementation in AnyMeta

Update notifications

Cross-site messaging