To quickly summarize the discussion, there are essentially three major ways to bucket "open" APIs, agreed those I contacted.
- The first, "open access", means that anybody can use the API, but all the data in or out of the services is owned or controlled by the company whose service you are using. The Facebook Open Graph API "is open insofar as you do not violate their ToS", one developer wrote. "Here, 'open' is superfluous -- no (question) you're giving people open access to it, how else would they use it?"
- The second type is that of an API that leverages open standards, including those such as XML, HTTP, and others. But that doesn't mean APIs that leverage those standards are open by definition. For example, Twitter's API is proprietary, even though it is built on open standards. The developer adds, "Here 'open' is just saying they've tried to incorporate best practices from other engineers -- it would be stupid if they didn't."
- The third type is the most "open", including open standard APIs like OpenSocial, OpenID, PubSubHubbub, AtomPub and others. These APIs have a clear definition that can be utilized by multiple providers in a way that is interoperable, decoupling providers and consumers.
Chris Saad, VP of Product and Community Strategy at JS-Kit, well known for his efforts in the data portability space, concurred, writing over e-mail:
"Facebook in particular has made a concerted effort to dilute the word open and use it in reference to a human/cultural thing when talking about the platform and their products."So who cares? Historically, services like Facebook and AOL have been characterized as walled gardens, meaning their information is sealed within, beyond the reach of the standard Web. Other services are known as "data roach motels", where data gets in, but never gets out. As the first developer said, the Web is built on open standard APIs and protocols, so sites can work well with each other, and activities operate in a similar manner, regardless of service.
He added, "In reality there is a VERY big difference between having an 'Open API', an 'Open Standards API' and an 'API'. An API is just a thing you poke and you get data back. When you get FaceBookPropietaryXMLData using FacebookPropietaryAuthMethod and you can only cache the data for 24 hours - that is NOT an open API - it is an API."
Jesse Stay, a friend of mine, fellow blogger, and well-versed developer for both the Facebook and Twitter platforms, agreed that there is a tremendous amount of confusion around the definition of "open". In fact, just last month he wrote a post on his site, "The Open Web – Is it Really What We Think it is?"
Today he said Facebook's move gave full access to "users' walls, comments, likes and social graph... accessible from any Web site, desktop application or mobile application, using open API access protocols." Meanwhile, Facebook users can now opt into letting their status updates indexed by search engines, and the company is open sourcing architecture like the Tornado Web server (acquired as part of the FriendFeed buy) so other developers can make new platforms.
Jesse is more optimistic about Facebook's goals than was Chris. He said that the site lets users decide how open they want to be with their data, and that they are "working to give users full power" in that regard. But he also states frustration with the company's restricted access to search, and a lack of access to the entire network in aggregate, with the exception of their fan page directory. And he didn't address the core issue with Facebook in terms of them owning your data bidirectionally, and yes, them having the option to block your access if they felt you had violated the terms of service. (Remember this one? Scobleizer: Facebook Disabled My Account)
Web standards are very well known and we usually recognize them by their acronyms. JSON. HTTP. XML. POP3. Atom. Open means that developers can tap into the standard and use it as they wish, both procuring data and pushing it elsewhere. When we start to blur the lines about open and associate them with specific companies, like Twitter, Facebook, Yahoo! or others, you can usually guess that the solution is slightly less open. Somebody has the option to change their proprietary code and block you from having full access.
As stated more than a few times here, I have chosen to trust companies with my data. I put a lot of data into the Web and move it around. I expect standards to work the same way across sites, and I hope that those services that I use treat developers as well as they do their users. I recognize I am not as technical as folks like the developers I pinged today, and thus I need to trust their comments at times once my expertise is surpassed. But we need to be more knowledgeable about what is "open" and what is "sorta', kinda' open". Maybe Facebook can help us all understand their level of openness as time progresses.