This post originated from an RSS feed registered with Java Buzz by Bill de hÓra. Original Post: Observations on Portable Contacts 1.0 Draft C Feed Title: Bill de hÓra Feed URL: http://www.dehora.net/journal/atom.xml Feed Description: FD85 1117 1888 1681 7689 B5DF E696 885C 20D8 21F8 Latest Java Buzz Posts Latest Java Buzz Posts by Bill de hÓra Latest Posts From Bill de hÓra

The specification is here: http://portablecontacts.net/draft-spec.html. My overall observation is that it's a good idea, but the spec needs a lot work. Herein my initial observations

I'm surprised that a data format spec is tied to XRDS and Oauth. This seems unneccasary and brittle, apart from my opinions, which are XRDS is complex, even when it's called "simple", and Oauth is not a general purpose auth protocol (it excludes user agents). I'm not sure how the "intended goal of widespread adoption" is met by depending on Oauth.

It doesn't define a posting variant. Dear format designers, please learn one lesson from Atom - think about how a resource exposing your format can be created, don't just assume a singularity. This is valid criticism as there is a design intent to be a protocol - "This API defines a language- and platform- neutral protocol for Consumers to request address book, profile, and friends-list information from Service Providers. As a protocol, it is intended to be easy to understand and implement, either as a Service Provider or Consumer, using any language or platform of choice."

The XML root element is "response". Why not "result"? Or "foo"? If it's a protocol, shouldn't there be a symmetric "request" format?

It doesn't have a schema. There are two formats, but no model. How will we add new formats , or will there only ever be two? It doesn't define a procesing model for the JSON result. or the XML. It refers to xs:string, but doesn't reference WXS.

For any address/contacts spec, I always want to know how it maps (or does not map), to vcard. It's a goal, but not explained how it's been achieved - the vcard mappings need to be stated.

The last time I looked, none of these were standards - OpenSocial, OAuth, XRDS-Simple, or, etc.

The "password anti-pattern" is referred to, but not referenced. Why is this a goal anyway? As with subsetting methods, this seems like a layer violation. What a format spec needs to do is state security issues known to be introduced by the format.

"We started with a review of all the major existing contacts APIs and targeted common capabilities that they all share and provide." Which ones? References?

It's clearly tied to HTTP, so more layering problems. It refers to methods - "All requests to the Service Provider are made as HTTP GET operations on a URL deriving from the Base URL specified in Section 5 (Discovery)." This is dubious as it breaks protocol layering and subsets HTTP, while being utterly dependent on HTTP. It subsets the response codes - "Service Providers MAY return additional codes to indicate additional information, but are discouraged from doing so and should instead augment the reason text with existing codes, if possible" - that's not good technical advice. Don't even start me on the path mappings. Also, any serious attempt at unifying contacts formats needs to work over phones, and in/out of directory/mail services.