IBM Innovate 2013 Open Standards For Social Business Apps

Ryan Baxter | Philippe RiandICS Development Labsrjbaxter@us.ibm.com | priand@us.ibm.com2493

© 2013 IBM Corporation

2

Please note the following

IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion.

Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision.

The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.

Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.

3

Agenda Open Standards Used Within ICS

ActivityStrea.ms

OAuth

OpenSocial

SAML

Bringing It All Together

Partner Examples

4

Most Used APIs (2012)

MappingSocialSearchPhotosShoppingVideoMusicTelephonyInternetMessaging

Source: Programmable Web 2012

5

Social API Growth

2005 2006 2007 2008 2009 2010 2011 2012

0

50

100

150

200

250

300

350

400

450

500

Source: Programmable Web

6

IBM leads with Open StandardsMaximizing integration possibilities

Enabling the next generation of socially-enabled solutions to enhance customers' existing investments and heterogeneous platforms

– Focus on open standards and “loosely coupled” web-centric architectures

A commitment to drive and leverage open standards

– Maximize choice, flexibility, and ease of integration

– Drive enterprise innovation and leverage rapid innovation on the public web

– Minimize incremental cost of targeting additional desktop and mobile platforms

– Leverage dominant skill-sets based around web technologies

7

HTML 5 and CSS3

As browsers evolve your apps can start to take advantage of the new features available in HTML5 and CSS3

– XPages, Gadgets, iWidgets, Portlets, etc

New structural tags

– new media tags, canvas, local storage, geolocation

File Access

– Access to the local file system

Presentation

– CSS3 include many native styles which could only be achieved with JS libraries before

Connectivity

– Know whether you are online or offline

Storage

– Local storage is available in the browser

8

Agenda Open Standards For Social Apps

ActivityStrea.ms

OAuth

OpenSocial

SAML

Bringing It All Together

Partner Examples

9

ActivityStrea.ms

The primary event propagation mechanism for Social Business

Streams contain events and the means to act upon them

Those means, for users to execute tasks without a sovereign pivot, include embedded experiences

The lead editor for the ActivityStream specification JSON is James Snell from IBM

Implementations Include: MySpace, Microsoft Windows

Live, Google Buzz, BBC, Opera, TypePad, Gowalla, Yammer, Gnip, SocialCast,

Superfeedr, Tibber, YIID

SmartCloud, Connections, Notes/Domino, Rational Team

Concert, Sterling . . .

10

Activity Streams Keep Your Users Up To Date

REST API and data model backed by the OpenSocial standard

– JSON data model - easy to use in your web apps

3rd party apps can post entries to the activity stream

– Inside and outside of Connections

Integrate the Connections activity stream into your apps

– This is how we integrate the activity stream into Notes

– If your app is an OpenSocial container you can render embedded experiences too!

11

Leveraging The ActivityStea.ms In Your App

Basic / OAuth

POST JSON

GET JSON

Your App

12

Agenda Open Standards For Social Apps

ActivityStrea.ms

OAuth

OpenSocial

SAML

Bringing It All Together

Partner Examples

13

OAuth

Delegated Authorization provides a means for interaction between gadgets

Can use a variety of authorization mechanisms (SAML, etc.)

Cornerstone of security in Social Business

Rapidly evolving specification Implementations Include: Facebook, MySpace, Microsoft Windows Live, Google, BBC,

Opera, TypePad, Gowalla, Gnip, SocialCast, Superfeedr, Tibber,

YIID, Cisco, Yammer, SAP, Jive, Atlassian, IBM SmartCloud,

Yahoo, LifeRay, Oracle, Magneto, Tibco Tibbr, Surfnet, Paypal . . .

SmartCloud, Connections, Notes/Domino Social Edition, Rational Team Concert, Tivoli,

Websphere, Sterling . .

14

OAuth Step 1

User Partner Application OAuth Provider

Register application Provide client ID and secret

15

OAuth Step 2

User Partner Application OAuth Provider

Open applicationRedirect browser to OAuth

provider

Login to OAuth provider

Append authorization code to URL

Redirect browser callback URL

16

OAuth Step 3, 4, 5

User Partner Application OAuth Provider

Request access and refresh token

Exchange authorization code for access and refresh tokens

Request API access using access token

Grant access to API

Make API call with access token

Allow API access

Step 3

Step 4

Step 5

17

OAuth...Authorization NOT Authentication• It is important to remember OAuth stands for Open Authorization NOT Open

Authentication

– It allows you to authorize 3rd party apps (like yours!) to access information on a user's behalf

– Don't reinvent the wheel, there are plenty of open source OAuth client implementations to use

• XPages Social Enabler

• IBM Social Business Toolkit

• Connections 4 is both an OAuth 2.0 provider and client

– All Connections APIs can be access via OAuth from your application

• IBM SmartCloud for Social Business is an OAuth 2.0 & 1.0a provider

– All SmartCloud for Social Business APIs can be access via OAuth from your application

• Notes and Domino Social Edition is an Oauth 2.0 & 1.0a client

18

Agenda• Open Standards For Social Apps

• ActivityStrea.ms

• OAuth

• OpenSocial

• SAML

• Bringing It All Together

• Partner Examples

19

OpenSocial

• Social APIs and Mini Applications (Gadgets)

• IBM has a leadership role including – On the Board of Directors

– Committers on Apache Shindig

– Has been instrumental in drafting the OpenSocial 2.0 & 2.5 specification

– Invented and gave to the community Embedded Experiences and many, many more capabilities

– Provided enterprise extensions

Implementations Include: Cisco, SAP, Jive, Atlassian, IBM SmartCloud,

Google, Yahoo, MySpace, LifeRay, Oracle, Magneto, Tibco Tibbr,

Surfnet, Paypal . . .

SmartCloud, IBM Connections, IBM Notes/Domino®, Rational Team

ConcertTM, Sterling. . .

20

Using OpenSocial• OpenSocial is used today in Connections, Notes and Domino Social Edition, and IBM

SmartCloud for Social Business

• You can use OpenSocial gadgets as your application model or as a component to your application

• The same gadgets will render in Notes, iNotes, and Connections....build it once run it across the portfolio!

• Embedded experiences give you an enhanced notification model for your applications and they are backwards compatible!

• Technology agnostic, its just web technologies use what you want!

– Dojo, JQuery, and other JavaScript libraries

21

Notifications With Embedded Experiences

GadgetAction

Taken In Your App

Your App

Standard MIME Email

Activity Entry

EE Data Model

22

Embedded Experiences• Changing the way you get notifications

– The goal is to make notifications more useful and interactive

– Supported in email and activity streams

• IBM Connections, IBM Connections Mail, IBM Notes 9, IBM iNotes 9

• JSON + XML

• Two types

– Gadget + Context data

{

"gadget" : "http://www.socialnetwork.com/embedded/commentgadget.xml",

"context" : 123

}

– URL

{

“url” : “http://domino.com/myxpage.xsp”

}

23

Email Embedded Experience From: notifications@socialnetwork.com

To: johndoe@example.com

Subject: Social Network: Mary Has Commented On Your Status

MIME-Version: 1.0

Content-Type: multipart/alternative; boundary="XXXXboundary text"

Mary has commented on your status.

--XXXXboundary text

Content-Type: text/plain

Mary has commeneted on your status.

--XXXXboundary text

Content-Type: text/html

<html>

<!-- HTML representation here -->

</html>

--XXXXboundary text

Content-Type: application/embed+json

{

"gadget" : "http://www.socialnetwork.com/embedded/commentgadget.xml",

"context" : 123

}

24

Activity Stream Embedded Experience

{

"postedTime": "2011-02-10T15:04:55Z",

"actor": {...},

"verb": "post",

"object" : {...},

"openSocial" : {

"embed" : {

"gadget" : "http://example.org/AlbumViewer.xml",

"context" : {

"albumName": "Germany 2009",

"photoUrls": [...]

}

}

}

}

25

26

Agenda• Open Standards For Social Apps

• ActivityStrea.ms

• OAuth

• OpenSocial

• SAML

• Bringing It All Together

• Partner Examples

27

SAML• SAML is a SSO standard published by OASIS

• XML-based framework for communicating user authentication, entitlement, and attribute information

• The user is then authenticated with every application that also uses the IdP

– Domino and Websphere both support SAML

– Use an IdP such as IBM Tivoli Access Manager, Tivoli Federated Identity Manager or Microsoft Active Directory Federation Services

• Benefits

– Platform neutrality

– Loose coupling of directories

– Improved online experience for end users

– Reduced administrative costs for service providers

– Risk transference

28

SAML For ICS Developers

WAS AppDomino

App

Idp

3rd Party App

3rd Party App

Login

SAMLAssertion

29

Agenda• Open Standards For Social Apps

• ActivityStrea.ms

• OAuth

• OpenSocial

• SAML

• Bringing It All Together

• Partner Examples

30

Common Standards Based Use Cases• HTML 5

– Leverage HTML5 (if you can) in your web apps, XPages, iWidgets, OpenSocial Gadgets, J2EE apps

• ActivityStrea.ms

– Apps should try to leverage the activity stream in Connections 4 as a notification mechanism for your users social network

– Provide embedded experiences to make your notifications more interactive

• Use OAuth instead of basic auth

– OAuth is more secure than basic auth so where possible take advantage of it in Connections 4 and SmartCloud

– Use the IBM Social Business Toolkit SDK, the XPages Social Enabler to make using OAuth easier

• OpenSocial

– Use gadgets for embedded experiences in email and activity stream notifications to make them more interactive

– Build a gadget for your app to allow cross product integration

31

Bringing It All Together

SAMLAssertion

Cookie

Social Networking

Social Messaging

Social Apps

Idp

32

Agenda• Open Standards For Social Apps

• ActivityStrea.ms

• OAuth

• OpenSocial

• SAML

• Bringing It All Together

• Partner Examples

33

Kudos Badges for IBM Connections

Kudos Badges - Measure, Reward & Drive Adoption of IBM Connections

Kudos Thanks - Peer to Peer Recognition

Kudos Analytics – Report & Measure Connections usage and behavior

Native Integration for Connections with iWidget, OpenSocial, Mobile & Embedded Experience Support

kudosbadges.com sales@kudosbadges.com

34

iEnterprises / Social Smart Software

Social and Mobile Software

i-Comply Social Media Compliance Software

i-Comply Social Media Brand Management

Extends IBM Connections To Facebook To LinkedIn To Twitter

IBM Notes 9 Integration Embedded Experience Widgets

John Carini, CEOjcarini@ienterprises.com

35

36

Daily Apple TV giveaway Complete your session surveys online each day at a conference kiosk or on

your Innovate 2013 Portal!

Each day that you complete all of that day’s session surveys, your name will be entered to win the daily Apple TV!

On Wednesday be sure to complete your full conference evaluation to receive your free conference t-shirt!

37

Acknowledgements and disclaimers

© Copyright IBM Corporation 2013. All rights reserved.

– U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

IBM, the IBM logo, ibm.com, Rational, the Rational logo, Telelogic, the Telelogic logo, Green Hat, the Green Hat logo, and other IBM products and services are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml

Other company, product, or service names may be trademarks or service marks of others.

Availability: References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates.

The workshops, sessions and materials have been prepared by IBM or the session speakers and reflect their own views. They are provided for informational purposes only, and are neither intended to, nor shall have the effect of being, legal or other guidance or advice to any participant. While efforts were made to verify the completeness and accuracy of the information contained in this presentation, it is provided AS-IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this presentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.

All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.

38

© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, Rational, the Rational logo, Telelogic, the Telelogic logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.