nathanfish.com » Data Portability

Data Portability

nathan — Tue, 09 Feb 2010 23:52:47 +0000

This Wired article touches on the issues associated with SaaS and data portability. The problem extends into the enterprise further, with significant business decisions being based on the lack of data portability. Business will many times build a solution in-house, investing significant time and money in a non-core business component because of the importance of the data long term or the strategic nature of the data. Data portability is far from being solved and while much of the discussion is around consumer data, we should not forget the significance of data portability in B-to-B based SaaS business models. Businesses talk about lock in as a strategy, but is that really a business strategy? The goal of a business is to offer value to the end user at an acceptable price. Lock in is nothing more than a feeble attempt to retain customers. In fast it most likely does more to prevent them from becoming a customer in the first place. A quick look through the Data Portability member list shows the limited representation of data portability thought leaders in the B-to-B SaaS space.

Transparency, Trust, Authenticity

nathan — Wed, 06 May 2009 02:33:12 +0000

Being transparent with your customers is important for success. It is simple but sometimes overlooked. Honesty, integrity, transparency. But at times transparency can be dangerous. It’s important that your customers trust your actions, and believe you are acting in their best interest. That can only be done by building trust through a history of transparency and authenticity. The recent set of events in the OAuth community highlights this.

The community has shown its strength and value. Twitter’s management was a very active and valuable participant in that community. Their actions have increased my trust in their decision making and I will be more tolerant of future decisions they may make when I don’t agree with them.

A security issue was discovered. The issues was brought to the attention of the OAuth folks. They quickly discussed the issue with key customers (Google, Twitter, Yahoo, Plaxo, others). They worked as community to come up with a short term solution. They short term solution was distributed to broader customer group. The solution was implemented. A major risk was adverted.

The official post is here http://blog.oauth.net/2009/04/22/acknowledgement-of-the-oauth-security-issue/.

I am more confident in the OAuth community and its ability to provide a very important solution to the API ecosystem. I also have to give a major amount of credit to the Twitter team for their actions, they took a lot of heat at a time when they are being scrutinized by everyone.

Negative press here http://www.techcrunch.com/2009/04/22/twitter-oauth-temporarily-disabled-leaves-developers-hanging/

Twitter’s post issue post on the problem and why they handled it the way they did http://blog.twitter.com/2009/04/whats-deal-with-oauth.html

The OAuth more the OpenID is critical to the growth and opportunities API’s provide online. The success of OAuth and its adoption are critical to data portability. Hopefully the events will increase the development communities confidence and accelerate its adoption.

Myspace launches Myspace ID and gets it very right

nathan — Fri, 27 Mar 2009 19:00:00 +0000

I have already posted what I don’t like about Facebook Connect. Yes its a great in some ways but very wrong in others. Myspace has recently launched their Myspace ID and they clearly understand the needs of the businesses that would integrate it. They are using an “open stack” which consists of OpenID, OAuth, and OpenSocial. They also give businesses greater access to the users information, email, etc. They also seem to understand that the user, when they sign up for the third party site, is a customer of that site, regardless of which method of credentialing they use. The third party site gets to have a direct conversation with the user. These are big distinctions and I believe they will result in greater adoption by much larger entities then the uptake Facebook Connect has seen.

The challenge with Facebook Connect

nathan — Tue, 17 Mar 2009 19:05:31 +0000

Facebook connect offers a very real value. It allows third party web applications like Citysearch to interact with a users Facebook account. It means the user doesn’t have to create a Citysearch account to be a Citysearch user, and the user only needs to login to their Facebook account to use Citysearch functionality. Oauth and Open ID combined provide similar functionality in an open standards way, but they have some limitations that businesses should consider before jumping on the bandwagon.

Data portability with Facebook connect or OAuth doesn’t extend to third party applications. In the example above a third party Facebook connect developer that would like to access a Facebook users data on Citysearch doesn’t have many options. The current method would be to have the user first login to the Facebook Connect through the third party application then go through another set of prompts to authenticate the third party application to access their Citysearch data. While this isn’t the end of the world it does create numerous steps for the user, each of which creates complexity and limits adoption. In the OAuth world its called the four-legged scenario and to date there hasn’t been an user centric way to solve for it.

What would the ideal world look like? I think it would be great if Facebook could acts as a proxy for the many services that connect to it. For example MySpecialReviewApplication which mashes up my Facebook photos with my reviews from Citysearch and shares them with all with my friends on Twitter using TwitPics was able to simply call Facebook and Facebook could negotiate and manage service access. I only need to deal with one service to get access to the many different services available for the user. If the user needs to create accounts for those other services, let Facebook deal with that too. Open ID and OAuth don’t remedy this situation either.

As more and more services begin to be available, this problem with magnify itself. We need a standard that includes service discover and service management through a proxy. Preferably and open standard that plays well with Open ID and OAuth. Anyone know of a solution to this problem? Is there a remedy out there?