Running with Code Like with scissors, only more dangerous


Windows Live Platform Airlift: Thoughts

So as I sit in the airport, hoping that one of the beyond-overbooked flights has an opening so I can get home early and not have to go through Vegas, I thought I’d share my thoughts about the Windows Live platform that we picked up during partner training here in Redmond.

Single Sign-On

Without a doubt, the coolest feature enabled by the platform is single sign-on.  And, while we’re at it, the way it’s implemented is really cool.

When a user goes to a site that uses the single-sign-on feature (that is, Windows Live ID integration), the user is presented with a user login screen that is typically fairly consistent across sites.  I’ve seen two user experience-style screens that present it: has a themed version of the older, Passport-style login screen, while others (particularly those that host Live Controls) display a more Windows Vista-style login screen. 

When a user needs to login, they are redirected to to provide the authentication credentials via HTTPS.  Once authentication is complete, they are redirected to the original website with a login token which provides information about that user.  The cool thing is that the login token is the same for that user on that site across sessions, but not the same across sites, so you’re able to identify the same user during multiple visits.  This makes integration with the profiling API fairly straightforward.

Unfortunately, I can see issues with it; signing up or signing in can make it unclear to the users that they’re still logging into the site, and people who are not Live ID users might be hesitant to sign up for a service that might not be directly related to the site they’re working on.  The sites aren’t particularly customizable right now, either, so they might not really get the user to trust that they’re still working with your site.

Contacts and Contacts Control

The Contacts control is an easy way to drop your Windows Live contacts onto a web page.  It’s branded for Windows Live, and uses a similar authentication mechanism to Live ID, but it requires that the user grant access to his or her information to the site.  In that respect, it’s similar to Facebook, but Microsoft doesn’t put restrictions on what you can do with that data once you have it (it’s the onus of the user to read your privacy policy).  I can see the pro’s and con’s of that particular implementation, and I can’t say which I like better.

The Control may or may not be appropriate for a given site, but fortunately, you can also simply query the data via a REST interface.  Very slick, and definitely usable.  A good example in which this was appropriate was Buxfer – a site that helps you track your money.  You might notice along the top of the page:

Buxfer login options

Clicking on the Windows icon pops up a dialog asking you to enter your Windows Live ID credentials.  Very slick!  I believe that, using this information, you’re able to invite other friends (maybe the site was an example of single sign-on – it’s starting to blur together).


Also cool (but in this case, probably more for the "cool to nerd developers" factor) is the ability to include a fully functional Windows Live Messenger client in your website.  Want to sign in?  No problem!  Just pop open a new window with your account information and new windows for your conversations, just like the Windows client.

I don’t really see the value in this for most websites, but there are a couple great exceptions:

  • A site that wants to support Live Chat support can use this service to allow even anonymous guests to present the user with a chat window to the support person who is signed into Messenger.  There are scalability concerns for this, but all told, it’s a pretty neat way to do it.
  • Message board or other community software might allow users to allow access to the user’s Live Messenger account so that users can contact them through the web.  The actual Live ID is shielded and not presented; an obfuscated, site-specific ID is used in its place.

Other Stuff

I was a bit unsure about using Live Spaces, but the way it’s discussed for example sites makes it sound like a bit of an easy storage solution similar to SharePoint.  It might be worthwhile, especially for our clients who want to focus on virality.

Silverlight Streaming currently seems a little limited to us; 22mb max file size is quite restrictive, but as our trainers pointed out, the Terms of Use are not finalized.

We got some cool info that we can’t talk about (nor can the Microsoft guys in charge), but it’s really exciting nonetheless.

Final Thoughts

I’m not sure that Terralever can use the platform effectively, but it depends on seeing what kinds of technologies our clients can leverage, and how much Microsoft is willing to work with us.

Another one of the attendees voiced this concern, and it was something I’d thought about before we even got here – a lot of this technology is too late-to-market (my thoughts were "too little, too late").  People are sharing their thoughts on Digg, their photos and profiles on Facebook, photos on Flickr, documents on Google, and a lot of other stuff is already done.  Single sign-on is GREAT – but I’m not sure that it’s enough to make people buy-in to Live.  Still, maybe it’s a moot point; with 400MM monthly Live ID users and 100MM monthly Live Spaces users, perhaps greater propagation doesn’t matter.

For more information about the Windows Live development platform, check out their website!

Comments (0) Trackbacks (0)

No comments yet.

Leave a comment

ERROR: si-captcha.php plugin says GD image support not detected in PHP!

Contact your web host and ask them why GD image support is not enabled for PHP.

ERROR: si-captcha.php plugin says imagepng function not detected in PHP!

Contact your web host and ask them why imagepng function is not enabled for PHP.

No trackbacks yet.