I want to share a new architectural pattern for web applications and services that Mozilla has been using to empower the user and put them back in control of their data and their web.
I use’a the Gmail,
I use’a the LinkedIn,
Why they no’a work’a together? — Mario
Well Mario, if Google and LinkedIn used the IUSEA pattern, they would!
- Mario’s browser requests
- That page includes a script tag to
- Mario starts typing ‘Al’ in the To: field
- If Mario’s session with LinkedIn.com has timed out, he is prompted to login in a new window. This is the same login screen as he sees everyday
- LinkedIn asks Mario if he wants to expose his contacts
- Mario clicks yes
- Gmail receives rich contact data for Al and Alice, including a picture, degrees of seperation from Mario, etc
- Gmail uses this rich data to improve their contact picker
- Mario clicks Alice and finishes writing his email
IUSEA – Intentional User Service Exposure Architecture
If your building a web application or service, you should continue to provide REST APIs for public data, but user data should be exposed via IUSEA where possible.
contacts_include.js defined a
autocompleteContact function. How is it implemented?
It opens a hidden iframe to
https://linkedin.com and uses a
postMessage based protocol to ask for contacts that have a first, last name, or email that start with ‘Al’.
LinkedIn.com hosts a page that is the iframe’s target. It authenticates the user, makes sure the user wants to expose this information, and delivers the data back Gmail via
Isn’t this just OAuth?
As a developer, your thinking “Congrats, you’ve re-invented the OAuth wheel.”
OAuth is about server to server data sharing:
Value in this diagram means value for the user and the service provider, such as a user’s contacts.
IUSEA puts the user back into the center. Value resides in each server but also is controlled by the user and flows through the user at their discretion.
Did you notice that all happened in the browser? Technically, Gmail doesn’t need to upload this new LinkedIn data to their servers, since all the user benefit was provided directly in the Gmail web UI.
Going one step further, LinkedIn could provide this API with a TOS that forbids Gmail from importing this user data… wow.
Google can fulfill it’s mission to to organize the world’s information and make it universally accessible and useful. LinkedIn can fulfill it’s mission of connecting the world’s professionals to make them more productive and successful. The user wins as they gain more control of their data, while being able to reap the benefits across the web.
IUSEA (a term I made up to help explain this concept) is the secret sauce we’re applying liberally, and you can start using this pattern in your products.
IUSEA and U should too’a.