The main focus of our discussion thus far has been on the construction of applications to exist within the container itself. But this isn’t the only context in which social networking applications can exist.

Most containers offer access to their social and container data through a series of URI endpoints. For on-container application development, these endpoints are generally wrapped within an easier-to-use method, such as OpenSocial JavaScript requests or container-specific tags that allow secure access to users’ social data and are processed when the application is rendered. In the context of off-container application development, however, these endpoints provide a means by which developers can leverage the container’s social data to enhance their websites and applications without needing to build them on the container itself.

To provide this access layer safely and protect their users’ social data from attacks, many containers use security implementations such as OAuth. Many of the most popular social networking containers—including Facebook, YAP, iGoogle, Orkut, MySpace, and others—currently implement OAuth in some capacity.

Leveraging a container’s social features can help developers extend their reach far beyond the silo of the container itself and build out a rich social graph for their web applications or sites immediately, instead of having to build their own custom relevant graph during their website’s inception.

In addition to being able to capture social information from a container off-site, developers can use other technologies to allow users to sign in to a website using the username and password login structure of the container. One open source technology that allows developers to implement such a login structure is called OpenID (Open Identification). By not requiring users to create a new login for your particular site, you can help further socialize your web-based application and decrease the amount of drop-off during the registration process. Once a user logs in using OpenID, the site can then implement a facility to allow users to customize their profiles.

Combining these two technologies (OpenID and OAuth) into a sort of hybrid authorization process, developers can construct a login structure to prevent drop-off during registration (OpenID) and then use the container’s social URI endpoints to prepopulate a user’s profile and leverage whatever rich social data the container provides (OAuth).

We will discuss the implementations of OAuth and OpenID in the context of an off-site application or website in later chapters.