MIX07: POST/GET/PUT/DELETE Your Way To Windows Live Data
Martin Heller posted an article on Infoworld, "Data Wants To Be Free," about the Windows Live Data "secret session" at MIX07. The Windows Live Data service (probably not its final name) enables a deeper level of integration and data access than the devlive web controls, but still maintains user control over access to user data.
The Windows Live Contacts Control and Windows Live Spaces Control are designed to be super simple to drop into an HTML page and wire up with a minimal amount of JavaScript code. Easy easy easy. The controls provide prepackaged UI, take care of user login, and pass back to your page just the data that the user has chosen to use with your web app. The controls are stateless in that they don't remember any sort of relationship between your web page and the end user. Each time the user selects data to send to your web app, the controls will prompt the user to confirm the data transfer. The controls require nothing from you but an http file server - no server side execution required, so they can be used on even the most minimal, shoestring budget hosted domain.
Windows Live Data enables your web application to establish a lasting relationship with the end user. The user can choose to allow your application to access their Windows Live data without constant confirmation prompts. Your web app can make server-to-server calls to read or write the user's Windows Live data. To prove that you have the user's permission to do this, your app includes a token in the request that was issued to you by the Windows Live Data service when the user approved access for your app. The user can revoke that permission at any time by going to a Windows Live page and removing your app/domain name from their approved list.
Windows Live Data imposes no UI on your application other than the initial granting of access permission. (Your site directs the user to Windows Live to approve access for your app, then Windows Live redirects back to you) Your app is trusted by the end user, and has unhindered access to the data the user has granted your app permission to use.
More Control, More Work
The price for this deeper data integration is that you need to write more code than the super easy Windows Live web controls require, and you'll need more from your web server than just http file serving. It's pay for play. If you want full control of the UI and seamless integration of the user's data into your web app, you'll need to work a little harder to get it. Because you'll need to remember the user's id and the authorization token issued to you by Windows Live Data, you'll most likely need server side storage for your web app. You definitely don't want to leave that token lying around in persistent browser cookies. You'll probably use server-to-server calls to access the user's data via Windows Live Data service, so that means you'll need code execution capability on your web host. If you're running your own server farm, that's probably a no brainer, but if you're on a shoestring budget using a hosting service you'll probably pay a little more for your web hosting to include server side script execution. Windows Live Data does not require ASP.NET on the server - it's usable from anything that can drive http requests and responses.
There are multiple ways your app can present itself to the Windows Live Data service to prove that you are indeed the app that the user authorized for access to their data - authorization tokens are one path. Mutual SSL (server to server) is another option.
Knowing Your Costs At Scale Before You Get There
How much will direct access to the user's Windows Live Data cost you? Nada. Nothing. Under the new unified terms of use announced at MIX07 this week, you can use Windows Live Data service for the Contacts API in your application for noncommercial and commercial purposes for free up to a threshold of one million unique users per month, averaged over 3 months. That's not one million API calls, not ten thousand users visiting your site a thousand times each, not even a million unique users accessing your site - it's one million different user ids seen by the Windows Live services in API calls from your site. You may have 2 million users running around on your site, but if only 1/3 of them are using a feature that touches Windows Live Data services then you're not at the 1Muu threshold yet.
What happens as your app grows in popularity to beyond that 1Muu threshold? That's the point at which you'll need to have a chat with Microsoft about a suitable "exchange of value". One way for your app to provide an exchange of value with Windows Live is to serve Microsoft AdCenter ads in your app. If you aren't interested in putting ads on your pages, or you feel you can get better return from some other ad system, you could choose to just pay for your service usage outright: 25 cents per unique user per year, calculated quarterly. Other options are possible, but those are two baseline examples.
Worried that these terms may change in the future? Lock the terms in with a service contract. Microsoft also announced this week that service level agreements including multi-year service contracts will be available for Windows Live services in 2008. So you can bet your business on a set of Windows Live services, get a commitment in writing from Windows Live, and use that contract as an asset in growing your business. Venture capitalists, for example, like to see supply chain contracts in place in a startup to minimize the risk of costs spiraling out of control as the startup scales up in volume. A multiyear service level agreement is not going to be free, but it's cost effective way to hedge against future unknowns and establish a beachhead of stability in this chaotic industry. It's also what entrepreneurs have been asking for - a way to lock in service guarantees and pay down business risk.
The specific details mentioned here are for the Windows Live Contacts API, a service of Windows Live Data services. The thresholds for other Windows Live services such as Silverlight Streaming, Virtual Earth maps, or Windows Live Search queries will vary slightly due to the different nature of the services (Search doesn't involve logged in users, for example), but the concept across the board is the same: free usage for noncommercial and commercial purposes up to a well-defined threshold of "significant" activity beyond which an exchange of value is needed. Simple baseline terms for exchange of value (such as serving ads or paying for usage) are clearly defined well in advance so that you don't have to worry about shakedowns just as your business begins to take off.
mix07