MIX07: POST/GET/PUT/DELETE Your Way To Windows Live Data
Martin Heller posted an article on Infoworld, "Data Wants To Be Free," about the Windows Live Data "secret session" at MIX07. The Windows Live Data service (probably not its final name) enables a deeper level of integration and data access than the devlive web controls, but still maintains user control over access to user data.
Windows Live Data enables your web application to establish a lasting relationship with the end user. The user can choose to allow your application to access their Windows Live data without constant confirmation prompts. Your web app can make server-to-server calls to read or write the user's Windows Live data. To prove that you have the user's permission to do this, your app includes a token in the request that was issued to you by the Windows Live Data service when the user approved access for your app. The user can revoke that permission at any time by going to a Windows Live page and removing your app/domain name from their approved list.
Windows Live Data imposes no UI on your application other than the initial granting of access permission. (Your site directs the user to Windows Live to approve access for your app, then Windows Live redirects back to you) Your app is trusted by the end user, and has unhindered access to the data the user has granted your app permission to use.
More Control, More Work
The price for this deeper data integration is that you need to write more code than the super easy Windows Live web controls require, and you'll need more from your web server than just http file serving. It's pay for play. If you want full control of the UI and seamless integration of the user's data into your web app, you'll need to work a little harder to get it. Because you'll need to remember the user's id and the authorization token issued to you by Windows Live Data, you'll most likely need server side storage for your web app. You definitely don't want to leave that token lying around in persistent browser cookies. You'll probably use server-to-server calls to access the user's data via Windows Live Data service, so that means you'll need code execution capability on your web host. If you're running your own server farm, that's probably a no brainer, but if you're on a shoestring budget using a hosting service you'll probably pay a little more for your web hosting to include server side script execution. Windows Live Data does not require ASP.NET on the server - it's usable from anything that can drive http requests and responses.
There are multiple ways your app can present itself to the Windows Live Data service to prove that you are indeed the app that the user authorized for access to their data - authorization tokens are one path. Mutual SSL (server to server) is another option.
Knowing Your Costs At Scale Before You Get There
What happens as your app grows in popularity to beyond that 1Muu threshold? That's the point at which you'll need to have a chat with Microsoft about a suitable "exchange of value". One way for your app to provide an exchange of value with Windows Live is to serve Microsoft AdCenter ads in your app. If you aren't interested in putting ads on your pages, or you feel you can get better return from some other ad system, you could choose to just pay for your service usage outright: 25 cents per unique user per year, calculated quarterly. Other options are possible, but those are two baseline examples.
Worried that these terms may change in the future? Lock the terms in with a service contract. Microsoft also announced this week that service level agreements including multi-year service contracts will be available for Windows Live services in 2008. So you can bet your business on a set of Windows Live services, get a commitment in writing from Windows Live, and use that contract as an asset in growing your business. Venture capitalists, for example, like to see supply chain contracts in place in a startup to minimize the risk of costs spiraling out of control as the startup scales up in volume. A multiyear service level agreement is not going to be free, but it's cost effective way to hedge against future unknowns and establish a beachhead of stability in this chaotic industry. It's also what entrepreneurs have been asking for - a way to lock in service guarantees and pay down business risk.
The specific details mentioned here are for the Windows Live Contacts API, a service of Windows Live Data services. The thresholds for other Windows Live services such as Silverlight Streaming, Virtual Earth maps, or Windows Live Search queries will vary slightly due to the different nature of the services (Search doesn't involve logged in users, for example), but the concept across the board is the same: free usage for noncommercial and commercial purposes up to a well-defined threshold of "significant" activity beyond which an exchange of value is needed. Simple baseline terms for exchange of value (such as serving ads or paying for usage) are clearly defined well in advance so that you don't have to worry about shakedowns just as your business begins to take off.