Social infrastructure is a general term referring to a class of internet services which allow websites or mobile devices to integrate social functionality into their application user experience. Such functionality includes social login, sharing, commenting, activity feeds, social identity storage, gamification and others.
Services & Technologies
The various technologies that make up the social Infrastructure are meant to provide content owners the necessary “social network hooks” to enhance content within a website or application.
- Social Login allows users to log in to a website or application using their existing credentials on identity providers such as Facebook, Twitter, LinkedIn and Google. Social login is a key technology of the social infrastructure since many of its services require establishing a valid identity before being used.
- Allows users to share or bookmark site content and send to friends on social networks. Popular social buttons such as Facebook Like, Twitter Tweet and Google +1 are commonly added to websites which lets users share content with a single mouse click or tap from a mobile device. Sharing “plugins” from vendors offer services that let users share content to multiple social networks at once.
- Gives users the ability to post their comments and have discussions about site content. Users often have the option of broadcasting their comment to their activity feeds on social networks which link friends back to the site content.
- Provides users a way to give feedback on an article, blog post, product or any other type of content across a site or application. This can range anywhere from simple ratings (3 out of 5 stars) to written reviews. Typically, users have the option of sharing this feedback on their social networks.
- Also known as an activity stream, activity feeds display to the user what their friends and other visitors have recently been doing on a site or application. The feed is typically updated when users do anything “social” such as perform share, post a comment, earn a badge, etc.
- Allows users to chat, comment and share activity in real-time. Live Chat is typically used for live events such as webcasts, web chats and webinars. Due to technical complexities of live streaming, live chat is generally offered to sites as a plugin hosted on an SaaS model.
- Gamification takes concepts often found in games (points, badges, challenges, progress bars, rankings, etc) and applies them to non-game websites and applications to make them more appealing. Pre-built plugins and GUI elements are often made available to display and manage the information.
Consumer Identity Data Storage
- Stores a combination of standard online profile data (name, city, email, gender, etc) with social data (friends, likes, posts, etc) to offer a more comprehensive picture of a user’s demographics and preferences. Vendors such as Facebook, Twitter and Google capture and store information with permission from the user whose identity is self-asserted. Some 3rd party vendors aggregate social identity information across multiple vendors.
- Pulls data from one or more social networks and identity providers to deliver metrics and reporting about user social activity such as referral traffic, demographics, shares, social logins, key influencers on the site, etc. These metrics provide insights concerning user preferences and site activity.
Securing the social infrastructure means offering protection against common security threats such as data tampering, replay attacks and unauthorized access. Some of the measures typically found within social infrastructure services include:
- OAuth is an underlying concept of the social infrastructure is that in exchange for a more social experience, users grant websites and applications permission-based access to the users’ social data. From a security standpoint, such permission is typically granted using OAuth. OAuth is a secure authorization protocol in which social networks provide a session token to 3rd party applications. Using this token, applications can make API calls to social networks on the user’s behalf. Along with websites, OAuth has built in support for desktop applications and mobile devices.
Application Secret Keys
- A secret key is a cryptographic random number used as a shared secret between an application and a specific social infrastructure provider. Secret keys are passed (in one form or another) between the application and vendor on every API and serve as a virtual handshake that both parties are who they say they are.
- Most vendors and 3rd party services offers ways to detect whether userIDs have been tampered with by including a digitally signed token which can be validated by the site or application. Applications verify both data integrity and authenticity by digitally validating this token.
- To prevent malicious users from tampering with friend list data and pretending to be friends of a user they’re not actually friends with, some providers offer "friendship signatures". These friendship signatures digitally sign specific user data which a site or application can use to verify that two users are actually friends.
- "Gamification: Insights And Emerging Trends" - Friday, May 11, 2012 - TechCrunch.
- "The Importance of Social Sign-On" - February 12, 2012 - Social Media Today.
- "Social APIs" - Programmable Web.
- "Analytics for Social CRM: The Best Options for Social CRM Analytics" - January 23, 2011 - Social Technology Review