LinkedIn Tech Talk: Kevin Brown on Shindig

July 16, 2008

Guest Author - Matt Raible

Last Thursday, Kevin Brown visited LinkedIn's Mountain View office to do a presentation on Shindig, an OpenSocial Reference Implementation. Below are my notes from his talk.

In September 2007, Google started thinking about Social APIs. Google Gadgets would be better with access to Social Data ... but that's just Google. It was recognized that this is something that many others would like access to. OpenSocial was announced in November 2007. It's an open standard for developer platforms that has a strong emphasis on "social" data. It's based on gadgets which is now covered by The Open Social Foundation.

In November, many Googlers started working on a Google Code project based on Java and iGoogle. However, there was too much proprietary code. In December, Brian McCallister of Ning created an ASF Proposal for Shindig. It was a rough port of iGoogle but with Ning's PHP code. This turned out to be a great starting point. It immediately got interest from Google, Hi5, MySpace and others. While most committers are still from Google, there are 12 developers that work on it full time and they're adding 2 committers each month. Shindig is a Java/PHP implementation of OpenSocial. Open Campfire is an Apache-licensed .NET implementation that hopes to eventually merge into Shindig.

Shindig has extensive use of existing open source components, including Abdera, Jakarta Commons, Guice, ICU4J,, and It's largely well tested (developers use TDD), especially for the newer code. There's a heavy emphasis on DI (Guice helps tremendously) and the builds are done with Maven (Apache recommendation, Kevin hates it).

3 Parts of Shindig:

  1. Gadget Rendering: Fetches/parses gadget XML documents. It also provides a robust proxy to implement requirements (including OAuth and Signed Fetch). It acts as a "glue" between JavaScript libraries, remote sites and social data. It's built for medium to large deployments and has robust HTTP support. Lastly, it's very flexible so all major components can be replaced.
  2. Social API: Handles RESTful API calls and interacts with social data. It provides a backend for opensocial.* JavaScript APIs. It's mostly a serialization/de-serialization layer that delegates to your social data. Currently evaluation two implementation options (Dave Primer's AtomPub version or JSON version - lengthy explanation on shindig-dev). Currently, developers are creating an entirely new version because of REST and its JSON support. REST has a lot of issues when it comes to JSON. It works great with AtomPub, but AtomPub has too much verbose XML.
  3. Client Code: The first issue that comes up with client code is Security.

For security, iframes cover most of the problems. Cross-domain communication requires special effort - gadgets.rpc has to be implemented using a variety of techniques: window.postMessage in HTML5, document.frameElement in Firefox and window.opener in IE (still in development). Retrieving third-party data is covered by OAuth and Signed Fetch. Getting OAuth / Signed Fetch credentials can be done by passing an encrypted blog of data to the server and treating it as a cookie equivalent. Caja is the future.

Caja (pronounced ka-ha) makes it possible to run third-party JavaScript alongside existing code. It's not quite ready yet, but significant process has been made. It has limited support in Shindig today, which requires "taming" JavaScript APIs and DOM testing.


Full support for 0.6-0.8 gadget rendering specification (both versions). Full support for 0.6-0.8 JavaScript APIs. REST mostly done (both versions, PHP is closer). Deployed (or in progress) on many sites: Orkut, hi5, iGoogle sandbox, Hyves, CyWorld, Ning and hundreds of others. It has a very active mailing list and they're very interested in finding folks with more Maven experience to help out.

The project's next priority is a stable release. Shindig 1.0 will be OpenSocial 0.8 Compliant. It must have full support for REST. The Java and PHP implementations should be released around the same time. Priority #2 is graduating from Apache Incubator (goals are currently on target). One of the main things they need is more committers, especially those that aren't from Google. Priority #3 is future enhancements, including:

  • 0.9: "proxied" content type
  • 0.9: OpenSocial templates
  • HTTP Performance Improvements
  • "out of the box" shared caching
  • More social data implementations (e.g. JDBC)
  • Better Documentation

We have many more Tech Talks planned in the future at LinkedIn. Please stay tuned to this blog to learn about new and exciting technologies that we're learning about.

NOTE: This entry was published with Kevin Brown's permission.