The Open Stack: An Introduction

Last week Digg hosted a great introduction to the Open Stack at their offices in San Francisco. The event included a ton of well-known speakers and advocates of the Open Web like David Recordon, Joseph Smarr, Eran Hammer-Lahav, and Chris Messina. Video coverage should be going up on the Social Web TV shortly, but until then, here's Tom's 5-minute intro to the Open Stack.

The "Open Stack" refers to a set of technologies that work together to make it easier for web developers and users to manage access to user data across the Web. The Open Stack looks like this:

A stack of technologies. Open ID is at the top.  Working down the stack, XRDS-Simple is next, followed by OAuth, Portable Contacts, and finally Open Social. The layer along the top of the diagram includes some implementors of the Open Stack: MySpace - DataAvailability, Yahoo! Y!OS, Google FriendConnect, and Plaxo Pulse.

As you can see, the technologies depicted are being implemented by a number of major players and leading companies developing open and social web applications.

At the top of the stack, Open ID is a specification that allows people to log into a web site using credentials provided by another web site. One example: people using 37signals's Basecamp service can sign up for multiple accounts using a single Open ID. 37signals allows them to switch between their accounts using their OpenID as proof that access is permitted. This is a great feature for contractors who use Basecamp to work with multiple client accounts.

At the next level, XRDS-Simple is a discovery mechanism. This means it allows a site to figure out the location of the other services you want to use. For example, if you signed into a site with your Open ID the site knows your user URL. It can use that user URL to figure out where your address book is because the XRDS-Simple on that page tells it. The site can then go and use that address book service to import your address book without you having to do a thing.

Eran Hammer-Lahav speaking about "discovery"

This helpfully segues into OAuth, a mechanism to grant permissions. OAuth comes in two flavors: 2-legged and 3-legged. Each leg represents a different party involved in web service access. Two-legged OAuth consists of a web service and a web service client. Both the service and the client each have a key that identifies them. In 3-legged OAuth, the third leg refers to the user. There is a key that can be loaned to the web services client to let that client access a user's private data. Effectively OAuth allows users to control access to private data, such as a personal address book.

On the Social Web, people are at the center of everything. PortableContacts provides a common protocol to share address book and other contacts data. Portable contacts allows the example above to work. Since both sites have a common protocol to use to operate on address books they can talk to each other. Without PortableContacts, you would have to implement a new system for each web site with contact data you wanted to integrate.

The final layer of the stack is probably the most famous. OpenSocial is a framework for describing social activities on the Social Web. This framework can be freely implemented by a site to add social features which are interoperable with other sites. It also provides the description and scope of portable social applications that can be run from network to network.

We'll be featuring some more pieces on the Open Stack here on the YDN blog, so keep your eyes peeled!

Tom Hughes-Croucher
Yahoo! Developer Network

Photo-credit: Silverisdead on Flickr