Do We Need A Bill of Rights for Web Services?
 | ||
 | Email weblog link | |
 | Blog this |
Tim O'Reilly
Jun. 04, 2003 05:53 PM
Permalink
This "paradigm failure" can be seen in the discussion of Linux and ease-of-use. When Linux is criticized as hard to use, Linux advocates point proudly to progress with Gnome and OpenOffice, but fail to point out that many of the killer applications of the Internet era -- applications like google, amazon.com, and maps.yahoo.com -- all run on top of Linux or FreeBSD. And yes, these applications are incredibly easy to use.
But even though they run on Linux, and may make heavy use of other open source stalwarts like Apache, MySQL and PHP or Perl, these applications are not themselves open source. But it's also not clear just what it would mean for them to release their source code. After all, these applications are not just software, but vast databases that are constantly being updated. While the source code to an Amazon or a google might be nice to have, it wouldn't give you a complete working application without a major investment of time, storage, and money.
The most forward thinking of the next-generation internet applications, like google and amazon, have have realized that the best way to enable re-use of their functionality is not to distribute their source code, but to release web services APIs (google; amazon). The result has been a ferment of innovation, with developers creating all kinds of cool google- and amazon-based hacks and even full-featured applications.
You can think of these APIs as a kind of "open data" initiative, and optimistically, as fellow travelers with open source. Like open source, they lower the barriers to innovation and re-use of existing functionality. But unlike open source and free software, they leave all the control in the hands of the original developer.
You can think of open source as a kind of "bill of rights" outlining key protections for software users and developers. As we move into the world of web services, in which software is no longer distributed as either binaries OR source code, but instead performed on a remote server, what kind of bill of rights is required to protect users? What kind of agreements will provide web services users and developers with some of the freedoms that we have come to expect from open source? In short, how do we translate the open source definition to the new paradigm?
I'm planning to do a panel discussion on this subject at the upcoming O'Reilly Open Source Convention, and I'd like your help. What kinds of terms of service do you think would create open-source-like freedoms in the web services world?
Tim O'Reilly is the founder and CEO of O'Reilly Media, Inc., thought by many to be the best computer book publisher in the world. In addition to Foo Camps ("Friends of O'Reilly" Camps, which gave rise to the "un-conference" movement), O'Reilly Media also hosts conferences on technology topics, including the Web 2.0 Summit, the Web 2.0 Expo, the O'Reilly Open Source Convention, the Gov 2.0 Summit, and the Gov 2.0 Expo. Tim's blog, the O'Reilly Radar, "watches the alpha geeks" to determine emerging technology trends, and serves as a platform for advocacy about issues of importance to the technical community. Tim's long-term vision for his company is to change the world by spreading the knowledge of innovators. In addition to O'Reilly Media, Tim is a founder of Safari Books Online, a pioneering subscription service for accessing books online, and O'Reilly AlphaTech Ventures, an early-stage venture firm.
Showing messages 1 through 5 of 5.
-
Which end is the service?
2003-06-06 18:31:18 khote [View]
-
When the service goes away
2003-06-05 16:04:44 David Sklar |
[View]
There are a lot of interesting (and untested) issues and concerns here. One that I worry about is what happens when the service disappears. A frequently touted virtue of conventional open-source software is that source code access provides an insurance policy against a vanishing vendor. With sufficient expertise (which may be difficult or expensive to gain), a client company can continue to maintain and/or upgrade a software package even if the original vendor is no more.
With a Web Service, this is a more difficult proposition. If SomeFreeWebBasedEmailProvider.Com decides to shut down tomorrow, what practical or legal recourse do users have to get at their saved messages, let alone have mail forwarded to a new place? Creditors, lawyers, and the IRS all have a legally mandated place in the money queue when a company goes bankrupt. Is it time to introduce the idea of a "data creditor" who has certain rights when a company goes belly up?
As pointed out in the weblog entry, this is an even more difficult proposition when the value of the one user's data is integrated with other databases. My e-mail living on a remote server is a relatively self-contained chunk of stuff. A list of "favorite locations" or point-to-point driving directions on a mapping site, or an Amazon-style wishlist or favorites list are a little less easily exported. A list of places could be keyed to longitude/latitude, and a wishlist (for books) to ISBN, so there is some externally referenced standard that would let you make sense of the data.
This is harder when the user data is even more ill defined. When I was CTO at TVGrid.Com, users stored lots of television-related preference data on our servers, such as shows they had recorded, wanted to receive reminders for, had rated, or other attributes. There's no ISBN for television programs, which means that even if we were able to provide users with a way to download their account data when we went away, they wouldn't have much use for it.
Maybe there is a business model here for user data escrow.
-
User Contributions
2003-06-04 18:28:02 chromatic |
[View]
Remember the controversy over GraceNote restricting access to the publicly-populated CDDB? Any web service that aggregates my content (whether journal entries on a weblog site, project data on SourceForge, or reviews on Amazon) as a major source of revenue ought to let me export or remove that content. It's a sign of good faith that a business built on contributions from a community is willing to let the community remove those contributions if the business lets it down. -
User Contributions
2003-06-05 00:18:20 pwainewright [View]
Users have responsibilities too, and that includes not abritrarily withdrawing postings that form part of a published archive. For example, I don't think it would be a good idea to allow companies to retrospectively withdraw press releases they'd previously posted to my site, just because they decide they want to rewrite their corporate history.
The solution here is not to give users the right to withdraw content, but for aggregators and publishers to be clear upfront about how they'll use the content; and for users to refrain from posting if they disagree with those policies.
When it comes down to it, this is all about getting a service mentality; which means getting used to the idea that it's bad business practice to offer a service without publishing details of service commitments and caveats. -
User Contributions
2003-06-06 17:36:41 chromatic |
[View]
Agreed, the service mentality is the right approach. I just want some guarantee of data accessibility. If I'm storing my information on your server to some benefit to you, I want an export mechanism.
I still think it's important that I can take my ball and go home, but it's definitely an action of last resort. It's a lot like the freedom to fork, in code terms.
| Showing messages 1 through 5 of 5. |
Return to weblogs.oreilly.com.
Weblog authors are solely responsible for the content and accuracy of their weblogs, including opinions they express, and O'Reilly Media, Inc., disclaims any and all liabililty for that content, its accuracy, and opinions it may contain.
This work is licensed under a
Creative Commons License.
This web application is being designed with a great concern for extensibility, and here's why.
Who are we serving with a newspaper? Readers, people who consume the newspaper. In addition, we are serving customers - people who post ads in the classifieds section, event managers who want to post in an events calendar, advertisers who want to appear in specific sections, that kind of thing.
We will extend this periodical system in the near future to allow, for example, and online Anthropology periodical. Here our primary customer is the author. In the publish-or-perish world of the university, this is likely to be the first (and possibly only) location where a creator of original work may be published. The reader is more like a target audience in this case, though they are also being served.
If one person wants to refer to a paper in an email or an article on oreilly.net, how long do we maintain that URI?
What kinds of legal protections are there for original work? What kinds of permissions are needed for reprints of original work? Is there a mechanism, a complex interaction or just a permissions object of some kind, that can handle this front-end access filtering?
Do we allow this request, do we accept credentials, do we deliver content? What does a preexisting contract look like? Can dynamic contracts be negotiated, what does this look like?
Can we trade service-for-service as a medium of barter, how does one assign valuations to a service?
A periodical may not keep its own persistent storage, but rather access it as another service. I can see a whole tree of services or service nodes involved in the production of a particular service.
How far up the tree does responsibility go? How far down the tree does blame go?