Social infrastructure is a general term referring to a class of internet services which allow websites or mobile devices to integrate social functionality into their application user experience. Such functionality includes social login, sharing, commenting, activity feeds, online identity storage, gamification and others. The technologies and services comprising social infrastructure are made available by a variety of sources including social network providers such as Facebook, Twitter, LinkedIn, and Google. Third-party providers like Gigya, Livefyre, Hull, Echo, BazaarVoice, Janrain, Loginradius, AddThis, and ShareThis provide services that allow applications to integrate social functionality using multiple social networks. While each provider offers a different range of social functionality to applications, all providers offer their own set of tools, plugins, SDKs and APIs to ensure their platform is accessible across as many devices as possible. Using standard programming languages (HTML, JavaScript, PHP, Java, Objective-C, etc.), applications can interface with social infrastructure from desktops, laptops, mobile phones and tablets. Indian ICT company United Telecoms Limited has implemented social infrastructure projects targeting health exchanges, tsunami warning systems, city surveillance, broadband and communication systems for rapid transportation systems.
1. Services and Technologies
The various technologies that make up the social Infrastructure are meant to provide content owners the necessary “social network hooks” to enhance content within a website or application.[1]
Social login
- Social login allows users to log into a website or application using their existing credentials on identity providers such as Facebook, Twitter, LinkedIn and Google. Social login is a key technology of the social infrastructure since many of its services require establishing a valid identity before being used.
Sharing
- Allows users to share or bookmark site content and send to friends on social networks. Popular social buttons such as Facebook Like, Twitter Tweet and Google +1 are commonly added to websites which lets users share content with a single mouse click or tap from a mobile device. Sharing “plugins” from vendors offer services that let users share content to multiple social networks at once.
Comments
- Gives users the ability to post their comments and have discussions about site content. Users often have the option of broadcasting their comment to their activity feeds on social networks which link friends back to the site content.
Ratings/reviews
- Provides users a way to give feedback on an article, blog post, product or any other type of content across a site or application. This can range anywhere from simple ratings (3 out of 5 stars) to written reviews. Typically, users have the option of sharing this feedback on their social networks.
Activity feeds
- Also known as activity streams, activity feeds display to the user what their friends and other visitors have recently been doing on a site or application. The feed is typically updated when users do anything "social" such as share, post a comment, or earn a badge.
Live chat
- This allows users to chat, comment and share activity in real-time. Live chat is typically used for live events such as webcasts, web chats and webinars. Due to technical complexities of live streaming, live chat is generally offered to sites as a plugin hosted on an SaaS model.
Gamification
- Gamification takes concepts often found in games (points, badges, challenges, progress bars, rankings) and applies them to non-game websites and applications to make them more appealing. Pre-built plugins and GUI elements are often made available to display and manage the information.
Consumer identity data storage
- Stores a combination of standard online profile data (name, city, email, gender) with social data (friends, likes, posts) to offer a more comprehensive picture of a user's demographics and preferences. Vendors such as Facebook, Twitter and Google capture and store information with permission from the user whose identity is self-asserted.[2] Some third-party vendors aggregate social identity information across multiple vendors.
Social analytics
- Pulls data from one or more social networks and identity providers to deliver metrics and reporting about user social activity such as referral traffic, demographics, shares, social logins, or key influencers on the site. These metrics provide insights concerning user preferences and site activity.
Social APIs
- Along with plugins and GUI elements, social networks generally allow sites to access raw social data more directly via an API. Most social networks provide REST and JavaScript APIs as well as mobile SDKs to their data. Some third-party services offer an abstracted API which accesses social data across multiple providers in a single call.
2. Security
Securing the social infrastructure means offering protection against common security threats such as data tampering, replay attacks and unauthorized access. Some of the measures typically found within social infrastructure services include:
OAuth
- OAuth is an underlying concept of the social infrastructure is that in exchange for a more social experience, users grant websites and applications permission-based access to the users' social data. From a security standpoint, such permission is typically granted using OAuth. OAuth is a secure authorization protocol in which social networks provide a session token to third-party applications. Using this token, applications can make API calls to social networks on the user's behalf. Along with websites, OAuth has built in support for desktop applications and mobile devices.[3]
Application secret keys
- A secret key is a cryptographic random number used as a shared secret between an application and a specific social infrastructure provider. Secret keys are passed (in one form or another) between the application and vendor on every API and serve as a virtual handshake that both parties are who they say they are.
Encrypted channels
- Websites can load JavaScript libraries over a secure, encrypted channel (SSL). This helps to protect the social login process from exploits like man-in-the-middle attacks or eavesdroppers who use tools to capture session cookies.
Digital signatures
- Most vendors and third-party services offers ways to detect whether userIDs have been tampered with by including a digitally signed token which can be validated by the site or application. Applications verify both data integrity and authenticity by digitally validating this token.
Friendship signatures
- To prevent malicious users from tampering with friend list data and pretending to be friends of a user they're not actually friends with, some providers offer "friendship signatures". These friendship signatures digitally sign specific user data which a site or application can use to verify that two users are actually friends.
The content is sourced from: https://handwiki.org/wiki/Social:Social_infrastructure