opensocial.Activity activity - The activity to create - An ID, array of IDs, or a group reference; a single ID within one of those groupsopensocial.CreateActivityPriority priority - The priority for this requestFunction opt_callback - The function to call once the request has been processed.
<activity xmlns="http://ns.opensocial.org/2008/opensocial">
<id>http://example.org/activities/example.org:87ead8dead6beef/self/af3778</id>
<recipient>example.org:AD38B3886625AAF</recipient>
<recipient>example.org:997638BAA6F25AD</recipient>
<title><a href=\"foo\">some activity</a></title>
<updated>2008-02-20T23:35:37.266Z</updated>
<body>Some details for some activity</body>
<bodyId>383777272</bodyId>
<url>http://api.example.org/activity/feeds/.../af3778</url>
<userId>example.org:34KJDCSKJN2HHF0DW20394</userId>
</activity>
RESTful API(Atom):
<entry xmlns="http://www.w3.org/2005/Atom" xmlns:osapi="http://opensocial.org/2008/opensocialapi"> <category term="status"/> <id>http://example.org/activities/example.org:87ead8dead6beef/self/af3778</id> <osapi:recipient>example.org:AD38B3886625AAF</osapi:recipient> <ospai:recipient>example.org:997638BAA6F25AD</osapi:recipient>
<title><a href="foo">some activity</a></title> <summary>Some details for some activity</summary> <updated>2008-02-20T23:35:37.266Z</updated> <link rel="self" type="application/atom+xml" href="http://api.example.org/activity/feeds/.../af3778"/> <author><uri>urn:guid:example.org:34KJDCSKJN2HHF0DW20394</uri></author> <content> <activity xmlns="http://ns.opensocial.org/2008/opensocial"> <body_id>383777272</bodyId> <activity> </content> </entry>
Activity recipient control is an *option*. If nothing is specified (or
null is specified) for recipients, the activity will be public.
The idea here is to prevent activity viewer's confusion. When the
content is access restricted, activity shouldn't be visible to anyone
who is unable to see it.
Let me pick up another example of bookmark sharing:
1. Here's a bookmark service which can import social graph from SNS.
2. User A bookmarks a page with restriction: only friend B can see his bookmark.
3. B finds A's bookmark on his activity stream. B can see the
bookmark's title and link. So he can actually visit the site.
4. What if friend C finds A's bookmark on his activity stream? It's
just bookmark so, C can visit the site. But that's not what A wanted.
What if the site is public but hidden like Picasa's private photo
page?
Activity stream is like RSS aggregation. But current OpenSocial spec
only allows public feeds to be aggreageed. The good thing about being
social is to be able to change visible information depending on the
person viewing it.
This spec suits better on RESTful protocol use case than on gadgets I believe.
> But I'm afraid it decreases the chance that many users discovers a new
> application by your proposal. The activity stream is like a blog feed,
> and it should not have scope, I think.
The purpose of activity stream is to let friends know what you're up
to, not what application you are using.
Using message is not suitable for distributing your activity.
2008/10/2 yoichiro <yoic...@eisbahn.jp>
> Looking at this a bit more, I'm not convinced that this should be part
> of OpenSocial. The security models that a social network uses to say who
> can see what are typically part of the value add of that network.
I agree, the security model itself is part of value add of the network.
But why should it notify inaccessible update information to other service?
This spec only gives a chance for networks to choose who to notify activity.
And it's just an option.
> It's a good idea, but should probably be implemented as part of your
> larger offering. It feels like this idea is out of scope for OpenSocial.
I believe it's quite generic idea on social sites to choose who to
share information.
Social is all about relationship between people.
The good thing about being social is :
* being able to share information easily with your connected people
* being able to collect your friends' recent activity at a glance
* being able to choose privacy level depending on who to share
OpenSocial gives privacy choice on output. But why not on input?
Eiji
OK. In terms of multi-casting specific text, message and activity
stream seems to be the same.
Then, what is the difference?
In opensocial, message defines 4 types. Email, Private Message, Public
Message, Notification.
The common characteristics of them are "catching user's attension",
and "never disappear unless user explicitly indicates".
Then, what about activity stream?
Activity stream flows like feeds and not catching attension as much
like messages.
Activity stream pushes out old ones when newer comes.
The difference between message and activity stream resembles something
between RSS and email, i would say.
Would you like to receive your friends' blog update on email?
I wouldn't :)
Hi Scott,
I agree, the security model itself is part of value add of the network.
> Looking at this a bit more, I'm not convinced that this should be part
> of OpenSocial. The security models that a social network uses to say who
> can see what are typically part of the value add of that network.
But why should it notify inaccessible update information to other service?
This spec only gives a chance for networks to choose who to notify activity.
And it's just an option.
> It's a good idea, but should probably be implemented as part of your> larger offering. It feels like this idea is out of scope for OpenSocial.I believe it's quite generic idea on social sites to choose who to
share information.
Social is all about relationship between people.
The good thing about being social is :
* being able to share information easily with your connected people
* being able to collect your friends' recent activity at a glance
* being able to choose privacy level depending on who to share
OpenSocial gives privacy choice on output. But why not on input?
> It shouldn't.
> A key point of OpenSocial is that managing the complexity of who gets to see
> what is delegated to the Containers by the App. If every App has to manage
> the authorization model, OpenSocial gets way more complicated, the Apps get
> more complicated, adn the chance of personal data going astray goes up, not
> down.
I understand that opensocial manages complexity for the sake of applications.
But as I've mentioned earlier, my proposal adapts more on external
application than gadget application. In other words, RESTful API is
assumed to be used more than JS API for this.
External applications are outside container's control, so they have to
deal with complexity anyway.
Think about architecture on DataAvailability, FriendConnect (I don't
know as much as you may know, though :P)
>> OpenSocial gives privacy choice on output. But why not on input?
>
> As Scott says, the difference between message and activity show the
> difference of scope. Deciding which activities to show to whom based on a
> derived user model that makes users happy is what containers do.
As I mentioned above, even if container is the one who decides which
activities to show, it has to know who to share if application is
external. This proposal gives a way to accomplish this.
I think your idea is one of the solutions for accomplishing my aim.
But wait, there must be various demand. Doesn't anybody need activity
receipent control per each activity?
I don't know what restrictions or guide lines DataAvailability exactly
have, but once integrated site receives social graph out of MySpace,
they can use it for example, as privacy restriction scope, don't they?
Do you want its activity public?
I'd like to hear more opinions from application developers regarding this.
Hi Kevin,
I understand that opensocial manages complexity for the sake of applications.
> It shouldn't.
> A key point of OpenSocial is that managing the complexity of who gets to see
> what is delegated to the Containers by the App. If every App has to manage
> the authorization model, OpenSocial gets way more complicated, the Apps get
> more complicated, adn the chance of personal data going astray goes up, not
> down.
But as I've mentioned earlier, my proposal adapts more on external
application than gadget application. In other words, RESTful API is
assumed to be used more than JS API for this.
External applications are outside container's control, so they have to
deal with complexity anyway.
Think about architecture on DataAvailability, FriendConnect (I don't
know as much as you may know, though :P)
As I mentioned above, even if container is the one who decides which
>> OpenSocial gives privacy choice on output. But why not on input?
>
> As Scott says, the difference between message and activity show the
> difference of scope. Deciding which activities to show to whom based on a
> derived user model that makes users happy is what containers do.
activities to show, it has to know who to share if application is
external. This proposal gives a way to accomplish this.
> No, through OAuth, the Container knows on whose behalf the request is being
> made, and so can constrain the info returned accordingly.
Through OAuth, yes, the container knows on whose behalf the request is
being made, but it is not directly related to whom the activity is
visibile. Visibility is just an attribute of the activity.
> The key difference
> is that in Request* APIs inside a Gadget, there is a opportunity for the
> Container to put up UI for the user, whereas for REST Activity stream API
> calls, the user may not be present, and so can't make additional choices.
>
> Containers can choose to apply defaults, set up options at the Auth point,
> or defer interaction until the user next logs in.
I'm fine if i can accomplish what i want, but you don't sound like
giving me right clue. Do you mean that user can choose restriction
level on OAuth dance phase?
Mapping recipient control on OAuth sounds rediculous. They should be separate.
>> As I mentioned above, even if container is the one who decides which
>> activities to show, it has to know who to share if application is
>> external. This proposal gives a way to accomplish this.
>
> But you're presuming that the external application knows this and has
> constructed UI for it; that is a big assumption.
Defining APIs always need some extent of assumption. External services
(using REST API) have to create their own UI when showing friends list
etc anyway.
REST API is just API. UI design should be up to the consumer.
The UI I'm assuming resembles to what you can see at vox.com.
Say Vox.com can integrate with external SNS.
If they could import social graph out of for example Orkut, you can
write blog post to your Orkut friends.
Vox.com already has ability to share your blog post only with certain
friends like neighbors, friends, families for each entries. So you can
make the post visible only to part of Orkut friends if they are logged
into Vox.com and Orkut (using OAuth) at the same time.
On the other hand, on Orkut, the ideal is that your friends can see
your blog posts on their activity stream if it's visible also on
Vox.com.
To accomplish this, I need API to control recepient of activities.
Hi all
While deadline for proposal voting getting close, my proposal doesn't
seem to have enough +1s.
To make it easier for people to understand what I'm proposing, I've
made a presentation on Google Docs.