This week sees another milestone in W3C's effort to standardize the use of Widgets across platforms with the release of the Widgets v1.0 working draft documents. The specification aims to offer a single way of creating and distributing widgets on a range of platforms.

The current scope of the W3C work is set out in the Requirements document. W3C defines Widgets simply as:

mall client-side Web applications for displaying and updating remote data, that are packaged in a way to allow a single download and installation on a client machine, mobile phone, or mobile Internet device. Typical examples of widgets include clocks, CPU gauges, sticky notes, battery-life indicators, games, and those that make use of Web services, like weather forecasters, news readers, email checkers, photo albums and currency converters.

Another document, the Widget Landscape sets out the lay of the land in terms of what Widget platforms are out there, and how they approach the different aspects of Widget functionality.

The specification is targeting platforms such as Apple Dashboard, Microsoft Sidebar, Yahoo! Konfabulator, and mobile platforms such as WidSets. Web widgets, such as Google Gadgets, are not currently in scope, although when you dig into the details of the specification, its obvious that web widgets can potentially be developed in a similar manner.

After requirements, the first specification document is Packaging and Configuration which defines the zip-based format used to package the content of a Widget, the structure of the XML configuration document that goes inside it, and other aspects such as discovery and internationalization.

A surprising omission at this stage is the API specification. All Widget container platforms supply an API, typically accessed via JavaScript, that offers the Widget a way of storing and retrieving preferences, calling remote services, and executing various kinds of commands. Presumably this will be released next; currently there is only an Editor's Draft of "APIs and Events". Currently a developer of a Widget needs to make different API calls based on where the Widget is deployed to do very basic things like save and retrieve user settings.

Another aspect of a Widget API is extended features, especially in the case of web Widgets. The Google OpenSocial API is an example of an extended Widget API - in this case to enable Widgets to access things like friends lists and status information. Another is the widget collaboration API we developed here as part of our EU TenCompetence project, that enable things like activity-based chat and voting widgets to be developed using the draft W3C specification. (More on that in another post sometime).

Overall I think there is some great work going on in this W3C group, with a very practical focus that is based on taking a consensus view of "what is" rather than a more purist "what should be" approach (which has characterised some of the W3C's other recent work). I hope that once this spec is finalized the focus will move onto taking a similar approach to web widgets, for which there is an even more pressing need for interoperability. Our own work has shown that, with a few minor modifications (e.g. the addition to the API of a proxy method for safe tunneling of external Web API calls around cross-site script access restrictions), exactly the same model of packaging, manifest and API can also work within a web framework.

For more information on this and related activities, also check out the rest of the Web Application Formats Working Group pages.

While a lot of recent attention has focussed on the issue of social graph portability, there are a couple of other interesting developments in social metadata I've come across lately.

APML (Attention Profile Markup Language) is a means of sharing an individual attention profile. While other specs (such as the seemingly-dead AttentionXML) have focussed on the tracking of attention in terms of individual clicks, APML is concerned with the mobility of a more coarse-grained profile, consisting of a collection of weighted concepts, either self-asserted or aggregated from services.

The spec is generally simple enough to implement, despite a few odd design choices, consisting basically of a list of "concepts" (keywords or labels) and "sources" (URLs) that are of interest to the subject, all of which have a weighting from 0 to 1 and some additional metadata about where the weightings come from.

APML is currently undergoing revision to reach 1.0 status, and so we can see quite a few possible changes, but its worth having a look at if you're thinking of developing applications that make use of individual interest profiles for personalisation. It should be fairly trivial to support users exporting or importing such a profile.

ULML (User Labor Markup Language) is a specification for tracking the metrics of user participation in social web services. A ULML document provides statistics on a user's interactions with the service; as the developers put it:

"User labor is the work that people put in to create, improve, and maintain their existence in social web"

ULML provides a way of presenting the volume of user activities such as generating content, tagging, voting and commenting. It also allows for the sharing of metrics concerning reactions to their participation - incoming views, comments, bookmarks and so on. Overall the intent is to quantify in some fashion the economic value of social participation, potentially to enable greater transparency about how user's participation with a service is valued to advertisers and other services that support (typically free) social web applications and to power things like meta-markets.

Some rather simple metrics are already used on forums to rank the value of contributors and encourage more participation - typically based on the number of posts alone. Using the more comprehensive - yet still quite simple - metrics available in ULML may allow better comparisons of relative levels of commitment, engagement, and value generation with multiple social web services.

Its an interesting concept, and could possibly have some use in evaluating engagement and participation in more general terms for services without such an economic rationale such as elearning applications. For example, to quantitatively compare the relative commitment of students to VLEs versus Facebook, or to measure the value generated by staff in shared services. It may also be possible to find a way of using it to quantize the work of researchers who share their work by blogging and using social networks as well as by traditional academic publishing.

I think its fair to say neither APML or ULML is going mainstream anytime soon, but are sufficiently simple to implement that they may be worth exploring if you're developing applications that have a social angle.

I've waxed on about fabbers and the like for some time on this blog and elsewhere, so I was suitably impressed by this presentation on open source hardware by Limor Fried and Phillip Torrone. It sets out the various aspects that make up the "source" of an object, from bill of materials to circuit design, and the standards for exchanging them.

Of course this is at the rather more technical end of the fabject continuum. At the other there is the amazing Ponoko site, which enables users to create their designs from regular EPS files, pick the materials, and then have them laser-cut to order. Designers can choose to sell the cut and/or assembled product, or to sell or give away the design as EPS files.

Currently the custom fabjects are a little pricey compared to their mass-produced compatriots, and the processes limited in terms of materials and processes. But add in cheaper 3D printing and other fabbing technologies, and simple programmable wireless platforms like SPOT and Bug, and we'll soon be churning out spimes on demand.

I'm not sure what I'd use this for, but its certainly cool and very cybernetic. Pachube is a service for tagging objects that share data from their sensors.

Services like Pachube could be useful for some kinds of very high-level business intelligence, particularly analyses that cross organisational or national boundaries.

At the moment, however, it does have the feel of a webcams site with graphs and XML, but as more objects, places and devices get wired (or wireless) then something like Pachube becomes an inevitable evolution.

Perhaps someone will find some interesting way of using some of these sensors in one of the many mashup competitions making the rounds currently.

I've been talking about oAuth a lot to colleagues recently; I'd had it vaguely on my radar for a while, but a conversation with David Recordon from SixApart at EduServ last year convinced me to take a more serious interest in the specification. oAuth is essentially a user-centric authorization mechanism for enabling services to talk to each other.

Currently some services enable interoperability by getting the user to delegate authority to the service to interact with another, essentially by enabling it to impersonate the user. For example, you give Flickr your LiveJournal account details so it can cross-post your photos.

With oAuth, the same functionality is enabled without the security, trust and privacy compromises: the user talks to both services and explicitly grants permission for the services to talk, but without revealing any account details.

There are a great many service-to-service contracts that could benefit from this user-centric approach: employers and universities, for example. Or between employers and applicant's portfolio services.

But is oAuth actually being adopted? Well, the evidence suggests it is, with Google announcing adoption, and discussing integration with its OpenSocial and Google Gadgets technology. For Google this replaces its proprietary AuthSub mechanism with one that can be shared across providers.

For eLearning, the oAuth spec is an important building block in developing distributed as well as federated elearning architecture. With oAuth, users can choose to connect together services that have no existing relationships using a common authorization method.

Even better, oAuth is completely agnostic with regard to identity and authentication protocols and models - it doesn't need single sign-on or any kind of shared identity or authentication model between service providers.

The bottom line - if you are developing an application that needs to talk to an external service API on behalf of the user, then you may need to start looking into oAuth.

Yesterday I gave a presentation for the Sakai working group on authoring about the work we've been doing on Widgets. I'm including it here as its got some more of the technical details.

I think a major implication of widgets is that it challenges the idea of writing tools as plugins just for one platform (e.g. Moodle, or Sakai) rather than as generic widgets usable in any "container", which can include personal as well as institutionally-offered web spaces. For example, a Moodle course can include things like a chat, voting, and forum widget - which you can then drag off into your personal site.

Perhaps make your own personal "dashboard" out of the widgets you've taken from several different courses you are participating in, originally offered in different LMS's by different organisations.

What's happening in the UK VLE/LMS world? Some pictures based on survey results from UCISA and others.

It was a great week for course advertising in Europe last week as CEN (Comite Europeen de Normalisation - European Committee for Standardization) endorsed both a Workshop Agreement and a commitment to develop it into a European Norm (EN) for Metadata for Learning Opportunities (MLO). MLO defines a common model for expressing information about learning opportunities such as the courses available at a university such that they can be aggregated by other services such as advice centres, search engines, or brokerages.

An EN is a formal European Standard, whereas the CEN Workshop Agreement (CWA) agreed on 13th October represents an interim specification that can be referenced immediately by implementers while the formal standardisation process - which may take up to two years - goes ahead. Once a European Norm (EN) is agreed, it becomes a de jure standard throughout the community, replacing any similar standards in place in member states.

So what is MLO? MLO is a standard model and vocabulary that represents the common subset of several existing specifications used for advertising courses. This includes XCRI from the UK, CDM from Norway, CDM-FR from France, EMIL from Sweden, and PAS1068 from Germany. The common subset consists of four classes and 13 properties that are common to all or most of these existing specifications, plus references to other properties commonly used from Dublin Core (see below).

Rather than replacing the existing specifications, MLO standardises a common model that is then implemented by specifications as a conformant binding. This means that, in practice, each specification has to be slightly modified to conform to the same common core, but retains its local extended properties and implementation architecture. So developers already using these specifications can become MLO-conformant very easily by adopting the updated version when it becomes available, which should itself be a very minor update as the standard is based on the existing commonalities. It also opens the door to other communities or consortia developing their own bindings for different applications or markets - for example using a different base technology specification such as RDF, JSON or Atom Syndication Format. Any specifications, though they may have a very different technical implementation, will still share common concepts and properties that developers can use to make transforms between them.

Why did MLO take this approach rather than standardise a binding? Well, one of the key considerations is the lifetime of standards. A standard has to stand for a much longer period of time than a specification, enough time for new technologies to come into play and become the preferred implementation approach.

Another consideration is the need for different kinds of implementations in different situations - for example, mobile applications, distributed applications, centralized systems, REST, SOAP and so on. Again, architectures also have trends that evolve over time, and can easily overtake a standard.

Finally, there is the need for communities to define their own vocabularies, extensions, and conventions. One approach to this is to define a very large standard of what is hoped to be all possible properties and classes and to then constrain this model in application profiles. Another approach is to define a common core and then allow communities to extend this common core in any way they wish. This largely maps to the difference between the approaches taken by Learning Object Metadata and Dublin Core; MLO takes the latter approach.

So what impact will MLO have? The initial impact is to some extent psychological - implementers can go ahead and commit to using specifications that are going to conform to MLO with greater confidence, as they are based on a standard that is going to be around for a long time. We will also see transforms and crosswalks becoming available between the existing course advertising specifications, and this may lead to new opportunities for services that operate across European countries such as Ploteus. As more learning opportunities are advertised in MLO-conformant formats new services that aggregate this information for different purposes become viable.

In the longer term there is a commitment from all the specification communities involved in MLO to continue to work together and seek further opportunities to adopt common models. However the preferred approach is to see what emerges as common use in implementation communities rather than to design new models from first principles.

The MLO document is still awaiting editorial comments before being prepared for formal publication by CEN; however a draft is currently also available here.

Yesterday I presented at an online seminar on Personal Learning Environments. The organisers - the Evolve project - also made a recording of the session so you can see how it went.

Thanks to everyone who took part and asked lots of difficult questions!

To download the recording, you need to click this link and let the Java weirdness happen. I guess a regular movie wouldn't have captured the chat backchannel, which is nice as I missed some of the comments while busy talking.

oAuth is a mechanism by which users can authorize websites to grant third party applications access to user's information without sharing their credentials. This is increasingly important for things like iPhone applications, widgets, and other applications that connect to online services. oAuth itself isn't new, but moving towards IETF standardisation is a significant step.

The announcement was very brief; there isn't even any mention of it on the actual oAuth website, just a thread on the discussion forum, but in October a draft of the oAuth core specification was submitted to IETF as an Internet Draft for development into an Internet Standard.

This is one of the first steps in what can be a long process; however, oAuth Core 1.0 is now a mature community specification, with a large number of implementations now available, which should make the process much easier than with a relatively untested concept.

oAuth solves a common problem in mashups and services, which is that in order to perform a service for the user, you require access to something of theirs on another site - their photos on Flickr, or their buddy list on AOL, or some other set of privileged access.

Typically applications have handled this by getting the user to share their login information, and have then acted as the user. For example, if you wanted to have Flickr announce your photos on your LiveJournal, you did this by telling Flickr your LiveJournal username and password.

oAuth replaces this with a process whereby the application directs you to your account and lets you login there, granting a "valet key" to the application that lets it access particular services or information. Importantly. this "valet key" enables the application to act as itself, distinguishing its actions on your behalf from your own use of the service.

oAuth is already implemented in a surprising number of places; its a testimony to its effectiveness that for the most part users are completely unaware of it. For an example of how it works, take a look at how Pownce on iPhone uses oAuth. Developers may also be interested in Google's oAuth Playground for using oAuth support in GData applications.