Boris Mann

Open Source. Community. Decentralized Web. Building dev tools at Fission. Cooks & eats.


Social Graph applications: why not for every community website?

One of the outcomes from my trip to Victoria last week is some thinking about the social graph.

More specifically, you may recall that I've been using Flock. As it turns out, I recently upgraded my laptop to Leopard, and made Flock my main browser. This has given me increased exposure to their "people bar" -- a side bar that supports a variety of big community websites, like Facebook, Flickr, Twitter, and so on.

As I've been using this feature, and seeing the way that Flock "detects" features of different websites, I started thinking about how every community website could enable this functionality. Right now, the Flock team has to pre-integrate with the specific website's API to enable this functionality. But, just as they "detect" the presence of site-specific search engines, there is no reason that one couldn't expose a link header that indicates the presence of a social graph.

I know what you're thinking: "But Boris, how many people use Flock? Isn't this just browser specific functionality?" Well, no. First of all, Google has a Social Graph API that is already being crawled -- looking at FOAF and XFN.

Secondly, I got to thinking about all these site-specific applications -- like Twhirl that was bought by Seesmic. So, if we had some basic standards about this stuff, it would be simplistic to have one app that let us monitor / notify / update any of these systems. Yes, there will ALWAYS be websites that have more complex APIs with more features -- that are only accessible by implmenting *their* API to talk to them.

But for thousands of other community websites, built in Drupal, WordPress, Joomla, or what have you -- you suddenly have the same rich access to applications as the big guys. How many websites would encourage their users to install Flock or Twhirl if it supported *their* website?

Oh, and I'm completely skipping the linked data / RDF / Semantic Web factor of having community websites expose some part of their social graph, or at least make it available for querying by people that have the right credentials.

OK, so how does this look to the end user? I'll use Flock as an example, since I've got agreement in principle from them that they'll work with me on this, including help in defining some of the formats.

  1. User surfs to community website where they already have an account (for simplicity's sake, we'll pretend a session is still open)
  2. Flock detects a website that has a social graph available because of a header link that looks something like this:
    <link rel="socialgraph" href="/user/4426/socialgraph.rdf" type="application/rdf+xml" />
    (Note the user ID in there, because the user already has a current session open)
  3. Flock does it's fun in browser slide down that says something like "This website supports a people bar. Would you like to add it?"
  4. If the user clicks on "yes", then Flock initiates an OAuth request to be allowed to a) fetch the current user's social graph file and b) take actions on behalf of the user such as setting their status or sending a message/poking/whatever another user on the site
  5. The user acknowledges the OAuth request and clicks some allow buttons
  6. Voila! A fantastic site specific "people bar" right in your Flock browser
So, that was a VERY Flock specific flow, but as I mentioned with Twhirl up above, absolutely no reason that you couldn't do the same thing with those type of people notifier on your desktop apps / widgets / etc. -- just start by typing in the URL of the website, the app would go and discover the social graph link and/or initiate an OAuth request to authenticate, and all of a sudden you're directly monitoring the different community websites you're a part of directly. Bonus points to websites that expose the social graph as an XMPP Pub Sub endpoint so these apps don't need to poll constantly.

Now, I know the first thing we're going to have to do is fight a religious war over the format of the socialgraph file. I'm going to suggest some minimal FOAF format, since I'm a born again RDF fan.I don't want to go spraying email addresses all over the place, so perhaps either local unique user GUIDs or OpenID could be used as identifiers for each person. We actually don't need full "person" information -- a username, avatar, status message, and date stamp for last activity sorting should be the minimal set. Even status message could be option for smaller, less complex sites so almost anyone could support this out of the box: just show everyone on the site (yes, that's right...ignore any sort of "friend" connection) sorted by last active -- which could be a post / comment, or (again, simple support by many sites...) just date stamp of last login.

I'd like to think that the choice of OAuth as credentials for acessing this info isn't controversial at all. Feel free to layer OpenID in here somehow, but for the action-at-a-distance on which cool functionality can be built, this kind of a token system looks to be ideal.

What next? Well, surprise, surprise, I'm going to take a crack at getting this implemented in Drupal. Raincity Studios is already working on the OAuth module, which would be one of the main pre-requisites. Once the format of the social graph file is defined (calling Joshua, Arto, and maybe RalphM...), building the next piece shouldn't be too hard.

Ideally, something like the Gnomepal Drupal distribution would ship with this out of the box (for the really ambitious, Drupal 7 core!). And other systems like Marc Canter's People Aggregator could easily expose this social graph info as well.

I'm excited at the continuing growth of every website as a dynamic web application, and also of the exposure of data and APIs by this web of sites. This feels like the right path we're travelling on to get everything a little bit more interconnected.