By Gary Mc Manus (TSSG)
The central aspect of the contemporary digital economy is that of personal information. Many of the largest and most valuable Internet companies are harvesting user data in order to accurately facilitate the targeting of advertisements, and the influencing of consumer behaviour. This business model is also prevalent in the domain of smartphone and tablet applications. At present the privacy policies of these services generally operate on a take it or leave it basis; where users either reject the gathering of their personal information by not using a service or application, or they accept and use the service under terms and conditions which they have little control over. In addition, each service operates discreetly, generally in isolation, with separate user profiles being set up with each service. The use of each digital service is facilitated by personal information; social networking sites, search engines and apps usually incur no upfront monetary charge for the user and therefore appear for all purposes to be free. While this may on the face of it be the case, these services are harvesting user data as a monetary resource. The relevant adage here is that in the context of the internet, if something is for free then the user is not the customer but instead is the product being sold. Thus each digital identity which is created through using these services becomes a distinct saleable commodity which the range of organisations have free reign over without recourse to the disempowered user.
Within OPENi we are building a platform that will alter the dynamics of user control over their personal data, and allow the user to reclaim their digital identity. There are two main components in the platform to facilitate this, and they are the OPENi API framework and the cloudlet. The OPENi API framework allows for frictionless interoperability between cloud-based services, while the cloudlet is a virtual space that securely stores user data giving them primary control over it. As a virtual personal space the cloudlet will allow users to set clear parameters as to who may access their information. They can decide which aspects of their identity they are prepared to share, and which applications they are prepared to share with, thus providing fine grained authorisation and access control.
The OPENi API’s are designed to allow users to operate across a range of cloud based services, which means that from the users perspective there will be seamless movement between apps and services with an increase in user control. This centralising of user data into a set of OPENi enabled applications allows for the fine grained user control which is in sharp distinction to current practices.
One of the cornerstones of the digital economy is the use of personal data to facilitate advertising. Many of the services of contemporary Web2.0, which are on the face of it free to the user, are funded by gathering user data to use as a resource for targeting advertisements and influencing behaviour. Personalised advertising is a contentious issue and a common thread running through any attitudinal research on personalised behaviour is that people are uneasy about companies keeping such revealing information about them and their habits. However, there is still a need for personalised advertising; advertising is costly and the use of personalisation processes ensures that the message reaches its desired target, where the target is an individual who is likely to have some interest in it. The gathering of such information makes personalised advertising services possible and allows for the serendipitous discovery of new products and services by making accurate predictions as to what the user is interested in. For example, Google employs user histories to attempt to ‘learn’ what a user is interested in so it can improve search results by personalising them. Thus a blanket user ban on personal information gathering would have noticeable adverse effects on the operation of services. Under the current regime, control of the information gathered is in the hands of the service provider rather than the user, and the terms under which the information is gathered are also generally determined in a similar fashion.
OPENi has the potential to alter the dynamic of how personalised advertising operates. At present there is a global opt in by default which means that if anyone wishes to avoid information being gathered on them to facilitate personalised advertising they have to go through some type of opt out process. OPENi will provide the user with the means to see what type of information the services are requesting and to opt in or out as they see fit. It is envisaged that giving users this power will mean that advertisers will have to incentivise users to ensure that they opt-in for advertising. This will most likely take the form of some type of reward being made to the user in return for the permission to use their data, such as a straightforward monetary transaction, or an enhanced service where releasing personal data gains the user access to extra services or functions. The nature of the exchange will be ultimately decided by users and application developers, yet the core point is that the OPENi system will afford the users with the knowledge of where their data goes and its potential worth. As a result it is envisaged that this will make for more privacy conscious users who are more adept at leveraging value from their digital identity.
The operation of the personal information economy is one which is coming under increasing public scrutiny and regulation. As digital services become increasingly personalised and embedded in our everyday lives, the importance of effectively managing our digital identities becomes more apparent. At present the balance of power favours the service providers and application developers; yet systems which offer user control over where, how and with whom their personal information is shared will ultimately tip the scales towards the user. As a platform which will enable fine grained sharing, federated user identity, and greater control over personal information OPENi stands to be one of the systems at the forefront of this movement towards empowering the user to manage and control their digital identity.
More details are available in the full OPENi whitepaper, where we provide a more in depth discussion on the above topics.
By Iosif Alvertis, Michael Petychakis, & Fenareti Lampathaki (NTUA)
It’s been a while since our last post about the API analysis, but it was a quite busy period for us to implement and test what has been designed during the first year of the project. During the last months, we have ended with a concrete definition about what a Graph API is; during our analysis on APIs Cloud Based Services and our study on existing research, no clear definition was available. Thus, combining existing research, empirical research and services modeling, we ended up with the following definition:
“A Graph API is a RESTful, user-centric, hypermedia API that organizes web resources under a unified meta-model of Objects, Aggregations of objects and Connections towards them which are created by users. It is based on a common dictionary and it includes a minimum set of properties in order to reduce time and cost of connection and integration with other APIs.”
In other words, when browsing an object, it should be clear for the developer how he should navigate through connections, through the response of the API itself, following the basic rules of how Objects, Aggregations and Connections are related.
Within the final definition and specification of the Graph API, the analysis of the Cloud Based Services (CBS) continued with a detailed, updated specification of the Generic APIs incorporating feedback from the OPENi platform implementation. In principle, the Generic APIs are categories of objects that provide similar objects and combine objects from related Cloud Based services. So far, the recognized categories are: Profiles API, Activity API, Location API, Media API, Products & Services API and Communication API. In the following figure, the CBS APIs are grouped based on how they have been mapped to objects of our Generic APIs (although there are cases in which a CBS API like Facebook spans more than 1 Generic API and in which more services and protocols have been studied, like Amazon and eBay modeling for the Product & Services API, or the XMPP protocol in order to model the Communication API, yet they have been excluded from the mapping due to the limitations put from such API methods and the need to give an object-based, RESTful API).
In this direction, the Generic APIs were integrated in the broader architecture of the project. In the figure below, it is visible how each Generic API is related with the Cloudlet API, the Context API (i.e. giving additional metadata on Graph API objects), and the Service Enablers that provide advanced logic to the OPENi platform. All these APIs together compose the OPENi API Framework, which can be described as:
“OPENi API Framework is the whole set of different APIs used by third party developers to build their applications over an OPENi platform.”
It’s definitely a long way towards an interoperable and clean design of modern services, even if REST as a protocol has significantly contributed in that direction. It is mainly a matter of proper design, agreed and followed by the community, to keep such services transparent and reusable. For that reason, we are planning to make available the detailed modeling performed on our Generic APIs, through the OPENi platform during the next months, in order to gather feedback and allow the community to validate, extend and reuse our work.
Finally, the Graph API is implemented in the integrated OPENi platform through the OPENi API component, which is addressed to developers and applications and constitutes the central point of reference for the OPENi API Framework at design time and runtime. The OPENi API Platform serves a two-fold purpose:
- To ensure that developers have access to the API documentation in which they are interested and may extend it according to their needs.
- To handle all requests from OPENi-enabled applications that utilize the OPENi API Framework.
Relative blog posts will follow, with instructions how to use the OPENi API platform and some demo applications.
More details are also available in our deliverables and, in particular, in OPENi APIs Specification – Phase 2 (D3.4) that will be soon publicly available! In the meantime, you may have a look at the draft OPENi APIs Specification – Phase 1 (D3.1).
Note: We are excited to announce that our work and research on a Graph API has been accepted in: (a) AICCSA’ 2014 and will be presented on November 10-13, 2014, in Doha, Qatar, under the title ““A Community-based, Graph API Framework to Integrate and Orchestrate Cloud-Based Services”, and (b) PROVE-2014 and will be presented on October 6-8, 2014, in Amsterdam, under the title “Enterprise Collaboration Framework for Managing, Advancing and Unifying the Functionality of Multiple Cloud-based Services with the Help of a Graph API”.
The 1st Hackathon “Mobile Apps: From inspiration to implementation with… OPENi Cloudlets and APIs!”, organized by the OPENi Project, will be held on Saturday September 13th, 2014 in Innovathens, Peiraios Str. 100, Gazi, Athens, Greece.
By Dónal McCarthy (TSSG)
OPENi isn’t all about APIs, in fact the OPENi Platform is composed of four major components, only one of which is the API framework. The three others are 1) the Cloudlet Storage framework which is responsible for storing users’ data, 2) the Security Framework which handles authentication, authorisation, and much more, and 3) the mobile client libraries which provide generic building blocks that allow the development of applications that utilise OPENi services.
As outlined in previous blogs the OPENi API framework will be capable of interoperating with a variety of cloud-based services. It will abstract the integration challenges to a single open standard without losing any service features. It is our belief that it will promote innovation by offering application developers an advanced framework that enables them to design and build complex applications involving the combinations of independent cloud-based services.
The OPENi cloudlet storage framework will provide application consumers with a single location to store and control their personal data. With control mechanisms that are inherently secure and trustworthy it empowers the consumer to remain in control of their data. As an open technology, the OPENi Platform will be validated by the open source community, therefore consumers are afforded greater confidence that the data stored in their Cloudlet is not being used without their consent when compared to closed-source alternatives.
The OPENi Security framework contributes the security and privacy mechanisms to the overall Platform. The features that it provides are authorization, authentication, fine grained sharing and access control, and data encryption.
To provide convenient access to the OPENi APIs and cloudlet storage we will provide a mobile client library. This library will abstract and simplify access to the OPENi services across multiple mobile platforms and will take the form of a lightweight developer SDK. This library will be designed to promote rapid application development and easy developer on-boarding.
The combination of these four components creates a powerful platform which is beneficial for consumers, application developers and service providers alike. The vision for OPENi is to provide a platform that could be deployed and operated by many different application hosting or service providers looking to add value to their existing offers. These ‘OPENi hosting providers’ will take advantage of various facets of the OPENi platform in ways that best suit their business model.
To accommodate hosting providers who wish to use a subset of OPENi’s full complement of components we have structured the Platform as a number of discrete services, each one capable of functioning on their own. The Cloudlet Storage framework can serve mobile applications that do not utilise the OPENi API framework; likewise the API Platform’s integration with Cloud Based Services and Graph API can function just as well with another data storage mechanism. To extend this idea further both frameworks could use a 3rd party security frameworks once they are API compliant with OPENi’s. It is important to remember that this is a logical separation, of course all components work best when used together.
By Iosif Alvertis, Michael Petychakis, & Fenareti Lampathaki (NTUA)
Today, an emerging trend to expose functionalities through publicly available APIs (Application Programming Interfaces) has not only redefined how software and services are delivered, but also indicates how business value is moving towards a thriving high-paced mobile application ecosystem. Along these lines, the OPENi focal research contribution lies on the cloudlet concept and on an open API framework that will be capable of interoperating with any cloud-based service, abstracting the integration challenges to a single open standard without losing any service features.
During the first months of the OPENi project, we docused on an analysis of the underlying state of the art in the cloud-based services landscape in order to provide concrete recommendations and guidelines to drive the forthcoming design and implementation of the OPENi APIs Framework.
By Leigh Griffin, Lukasz Radziwonowicz, Dónal McCarthy, Robert Kleinfield and Eric Robson
Attitudes towards computing have changed dramatically in the last ten years with technology becoming affordable and more mobile, bringing about a generation of technology savvy users. The availability of technology is complemented by advances in the underlying network, with consistent connection speeds and coverage reaching saturation levels. This has ensured a smooth experience for users and consequently expectations about what technology can do for a user’s life have risen. This expectation has been facilitated by a multi-billion dollar industry, delivering applications and services for user consumption. This industry has culminated in the rise of modern social networks, instantly connecting friends and family regardless of geographic location and allowing a heretofore unseen level of interaction. Users are therefore offered a plethora of applications and services to meet their demands. This choice can cause confusion around where their data is stored and what provider may have access to it