» PseudoID: Enhancing Privacy for Federated Login

Contacts API Draft
Das W3C arbeitet gerade an einem „unified address book“ welches alle Adressbücher eines Users vereint und dieses über eine API auch wieder für dritte zugänglich macht.

Every operating system and a large number of web-based service providers have different ways of representing address book information. […] This specification defines the concept of a user’s unified address book – where address book data may be sourced from a plurality of sources – both online and locally. This specification then defines the interfaces on which 3rd party applications can access a user’s unified address book; with explicit user permission and filtering.

Hört sich ein wenig nach Synaptic bzw. Fedarated bzw. Distributed bzw. Decentralized Web an…

» Contacts API

CORS, Scraping, and Microformats
Michaels Mahemoff beschreibt wie man mit Hilfe von Cross-Origin Resource Sharing und Microformats das Web zu einer einzigen API machen könnte.

Cross-Origin Resource Sharing makes it possible to do arbitrary calls from a web page to any server, if the server consents. It’s a typical HTML5 play: We could do similar things before, but they were with hacks like JSONP. Cross-Origin Resource Sharing lets us can achieve more and do it cleanly.

Nicht ganz unbedenklich… aber definitiv ein interessanter Gedankengang!

via snirgel

» CORS, Scraping, and Microformats
» Cross-Origin Resource Sharing

Hey there, RSS reader! You’re cool. Keep being awesome! 😎

Genau diesen Bericht müssen auch Microsoft und Google gelesen haben bevor beide diesen Monat ihre Contacts-APIs veröffentlichten 🙂

Nach den Beschreibungen von Google:

• Import a user’s Google contacts into their web or desktop application
• Export their application’s contact list to Google
• Write sync applications for mobile devices or popular, desktop-based contact management applications

…und Microsoft:

To tackle the issue of contact data portability it is important to reconcile the larger issue of data ownership. Who owns the data, like email addresses in a Windows Live Hotmail address book? We firmly believe that we are simply stewards of customers’ data and that customers should be able to choose how they control and share their data. We think customers should be able to share their data in the most safe and secure way possible, but historically this openness has been achieved largely through a mechanism called “screen-scraping,” which unduly puts customers at risk for phishing attacks, identity fraud, and spam. Now with the Windows Live Contacts API, we have provided an alternative to “screen-scraping” that is equally open but unequivocally safer and more secure for customers.

…könnte man fast meinen, dass die Hürde des Datenaustauschs zwischen Desktop-Anwendungen und Web-Anwendungen überwunden wäre.

Nicht ganz… Leider basieren beide Systeme „noch“ auf proprietären Webservices und müssen unterschiedlich angesprochen werden, was eine Menge zusätzlichen Entwicklungsaufwand bedeutet. Die wesentlich bessere Lösung wäre natürlich eine einheitliche Contacts-API oder wie Carsten Pötter meint:

Of course, it was great if a more open protocol like OAuth was used, but the announcement might encourage more social networks and other corporations to pursue similar steps.

Immerhin gehören die Social-Network-Anti-Patterns durch diese Entwicklungen hoffentlich bald der Vergangenheit an…

Thanks for reading this post via RSS. RSS is great, and you’re great for using it. ♥️