During the Enterprise 2.0 event in Boston last year, I moderated a discussion between IBM and Oracle on the topic of portals and its relation to Enterprise 2.0. Somewhere during the discussion, I wondered aloud how OpenSocial should be compared/contrasted and put into perspective within the enterprise as the most viable widget/gadget effort around. I'm happy to see a session on the topic for the San Francisco event on Wednesday morning hosted by Chris Schalk, Developer Advocate at Google. Panelists include: Adina Levin, Vice President of Products & Co-founder, Socialtext, Benjamin Mestrallet, CEO, Exo Platform, David Johnson, Web 2.0 Senior Architect, IBM and Jay Simons, VP Marketing, Atlassian.
Developers considering social applications should track ongoing work to evolve OpenSocial so that it can be used within the Enterprise. You can get involved by following the OpenSocial blog, the OpenSocial Wiki, or the OpenSocial Forum. You should also be aware of the Apache Project SocialSite effort - since it builds on Shindig - I am surprised it is not mentioned more by those involved in OpenSocial.
We need to start designing and implementing social networking platforms that have capabilities to span internal and external audiences. While initiatives that started off in the consumer market may not have the necessary identity, security, and other necessary services - alternatives within the enterprise are often not viable for consumer environments - so we are left somewhere in the middle - with no one particularly happy. Given overall consumerization of IT trends, it seems to me at least, that it's more viable (in the social computing realm) to start with efforts like OpenSocial and ActivityStrea.ms and evolve them for the enterprise than the other way around.
However, to be a viable approach - more enterprise developers need to participate (not vendors - developers from end-user organizations). And to be fair - developers from the consumer side of the market, need to embrace the need for robust permission models, audit, and other capabilities that are critically important to many organizations - especially if they are in regulated industries. I'm sometimes amazed at the naivete of some consumer vendors when it comes to some of the more serious and complex requirements for identity, security, compliance, etc. that are fundamental within the enterprise.
Below, is a relevant post from Adina on enterprise opensocial:
The conversation centered on changes to OpenSocial that will make it a better fit for the enterprise.
* OpenSocial is planning to incorporate the ActivityStrea.ms standard to represent activity. The standard has a well-developed draft, and has already been implemented by Facebook, MySpace, Windows Live, and Opera. An important next step there is a JSON representation of ActivityStrea.ms content. The Enterprise group agreed to have representation in ActivityStrea.ms (disclosure, that's Ryan Boyd of Google and me).
* The definition of "friend" was updated to make it clear that it supported relationship definitions that make sense in the enterprise. The language about the "friend" representation the standard covered the symmetrical relationships that are common in consumer applications such as FaceBook and MySpace, and business applications that deal with loose ties, such as LinkedIn. But the symmetric friend model makes less sense within the enterprise. What does it mean to ask to be friends with a corporate VP, or for your boss to ack to be friends with you? The asymmetric model used by Twitter, where each individual chooses people to follow, to manage their own attention. It wasn't clear to the folk at the meeting - including the people from Google, that the Friend definition could actually be used to cover the asymmetric friending suitable in the enterprise. We updated the definition to make it clear that asymmetric friend lists were acceptable within the standard.
* Single Signon and Security. Security and trust models are not well agreed upon or understood by the vendors. There was lack of shared understanding about how or whether to use OAuth, and how authentication and single signon might work with a multi-layer model including gadget contents, container, application server, and corporate directories. In particular, there was a lot of discomfort with the assumption that the container (server side) could hold tokens for widgets to use to access external apps on behalf of a user. One person from Cisco said that they could basically not do that at all. The next step is for the conversation to continue on the OpenSocial mailing list.
* Intergadget communication. There was a fair amount of interest in intergadget communication, in particular the relationship between work done by the OpenAjax alliance and Google's work on pubsub. Mark Weitzel of IBM has the ball to submitting a spec proposal on this topic.
* Other technical development. There are ongoing development efforts with technologies such as Google secure data connect (which can be used for tunneling through firewalls), Shindig (the opensource server and client reference implementation of OpenSocial), and Caja (sandboxed JavaScript). The next step is for Chris Schalk of Google to arrange webinars on SDC, Shindig, and Caja development.
* Web standards are gaining adoption in the enterprise, and more information is needed for enterprise developers about the benefits and options available to them. The group took on a task to write a White Paper on OpenSocial in the Enterprise (Disclosure: Gabe Wachob is one of the authors)