Using OpenID to Power MySpace’s Open Platform

Published April 7, 2009

About two weeks ago, MySpace released an update to MySpaceID taking advantage of OpenID combined with OAuth to provide a sign in and profile sharing with a user-experience at parity with Facebook Connect. Max Engel is MySpace's Product Lead for their Open Platform and took the time to write this post, providing some more details about how MySpaceID works. At MySpace, we recently released several critical new feature enhancements to MySpaceID, a product under the MySpace Open Platform. We delivered OpenID support, an OpenID/OAuth Hybrid experience, and support for syndicating “Friend Updates” via the emerging Activity Streams specification. These new components to the MySpace Open Platform allow us to not only provide developers with new tools to create distributed applications that are built on top of our social platform, but also to deliver an identity solution that builds on top of the “Open Stack” to provide flexible an extensible options that embrace open standards. OpenID aligned perfectly with MySpaceID as an authentication technology. As a social portal, we already embraced the notion of representing identity with a URL. An overwhelming number of our users have setup vanity URL’s (i.e. and so we knew that OpenID would align well with our users. In addition, we wanted to make sure that we were working with the flow of the web, and we strongly believe that collaborating on open standards is critical to this mission. As we worked on our OpenID solution for MySpaceID, we knew that we had to rollout the technology in a way that emphasized a lightweight and simple interface design and user experience. OpenID has wrongly been maligned by a stigma that the technology can’t be easy to use. Our aim was to break that label and demonstrate with our MySpaceID product that OpenID and usability aren’t conflicting terms. Luckily, there was a community ready and willing to help. The progress made at two OpenID Usability Summits helped us refine our implementation and allowed us to leverage the collective knowledge of other OP’s. This is the strength of open standards: the ability to work together to forge ahead and work together to solve a problem.
When working on the MySpaceID design, we embraced a pop-up window for login to help make the user experience even easier, and to help the integrating relying party offer a clean hand-off. We support both directed identity as well as standard URL-based discovery, and ultimately feel that by offering modular options to developers we are creating the most value for our users. In addition, by rolling out the OAuth Hybrid extension with this, we can allow our users to provision web service access to their MySpace profile, friends, content, and activities in the same step. Beyond our new enhancements around single-sign on with OpenID, and the rollout of the Hybrid protocol, we are supporting the new Activity Streams specification. A core part of the DNA of MySpaceID is empowering the user to take their data with them. By offering API’s for sharing activities, we’re enabling our users to take their own activities and share them through aggregation and lifestreaming services. In addition, developers can provide a user with a window into their life on MySpace by incorporating the API in Dashboard-style widgets, such as our implementation with the new Yahoo! homepage. With activity sharing, we wanted to go beyond just offering the functionality and ensure that we were working with the community to implement something that could be standardized. We embraced this philosophy when collaborating on the Portable Contacts spec and worked to align it with OpenSocial, and so we were quite comfortable with this model of development. I hope that we have shown that our choice for the technological piping which powers MySpaceID (OpenID, OAuth, Portable Contacts, OpenSocial, and Activity Streams) didn’t negatively impact the experience we could provide. In fact, it was quite the opposite. Our choice to embrace these open standards has given us a more powerful and flexible platform. We’re excited to prove that a MySpace user can visit any site that has integrated MySpaceID and go from a button click to bringing their identity with them, all while doing it in a way that has a clean user experience and puts the user in control of their privacy, security, and data. As an OpenID community, we’ve all worked to make tremendous progress over the past year, and I think we’re only beginning to realize the real potential to empower users through open standards for the social web.