The Windows Live Contacts API integrates easily with existing code bases to enable developers to take advantage of the Windows Live Contacts Address Book service. This API is platform independent and programming language neutral.
Developers can integrate Windows Live Contacts without investing in expensive infrastructure. The Window Live Contacts API uses simple authentication and authorization models to help protect the user's privacy. The user grants authorization through a security-enhanced interface.
The Windows Live Contacts API supports all aspects of a simple scenario for shopping sites that require easy access to, and management of, the user's address book. The infrastructure that is required to enable this scenario also applies to many other scenarios in which access to and management of the user's address book facilitates a community-based interoperability.
In this scenario, the user visits a Windows Live Contacts-enabled shopping site and selects items for a friend's birthday. The user signs in to the shopping site. When prompted for information, for example a shipping address, the user can select any contact from that user's Windows Live Contacts address book. Or, the user can add a new contact and save it to the Windows Live Contacts address book.
If this is the first time the customer has used this option, no user information will exist in the customer database. In this case, the user is redirected to a Windows Live sign-in page with parameters that specify the type of access that is required to the user's Windows Live Contacts address book.
On this sign-in page, the user is invited to grant permission for the shopping site to access that user's address book data. The kind of access (read/write or read-only) is specified in the call that the shopping site makes to the sign-in page.
After the user signs in using a Windows Live ID, the user can respond to the request and choose whether to grant the requested permissions. The user even can choose not to sign in. In this case, the user is assumed not to have granted the request.
If the user grants the requested permissions, Windows Live calls the Windows Live Contacts Roles and Sharing service and adds the shopping site's domain to the list of sites that have permissions to the user's Windows Live Contacts address book, along with the kind of access that the user has granted.
Window Live also generates a unique encrypted user identity token (a user handle) that contains sufficient information to identify the user.
After completing the opt-in step, the user is returned to the shopping site. As part of the information that is returned to the shopping site, Windows Live returns the user handle that represents this user. This token is unique per user per shopping site to ensure that shopping sites cannot accidentally or otherwise determine any behavior from multiple services on the same ID. This token will be stored by the shopping site alongside the shopping site's record for this user.
If the user handle that is returned to the shopping site is null, the shopping site can assume that the user did not grant any permissions, and the shopping site can handle this scenario appropriately.
When the shopping site has received and stored a valid user handle, the shopping site can call Windows Live directly by using an API request. The shopping site includes the user handle. Windows Live uses the user handle to authenticate the calling shopping site, validates the call, and passes the call onto Windows Live Contacts.
Windows Live Contacts accepts the call and uses the caller's domain to check for access control lists (ACLs). If there are no ACLs for this caller or if the caller is not authorized to make this kind of call, an error is returned. Otherwise, the API is executed on the user's Windows Live Contacts address book, and the response is returned.
At any time the user can revoke permissions for any shopping site or view calls that each shopping site has made against the user's own address book.
After this, whenever the user visits the shopping site, the user only has to sign in to the site, and not in to Windows Live. As long as the ACLs are current, the shopping site can use the user's Windows Live Contacts address book data.
With this infrastructure in place, the shopping site can make selecting or adding Windows Live Contacts a fully integrated part of its site experience.
Value to the Customer
Integrating Windows Live Contacts into the shopping site enables the user to supply required information only during the first visit to the shopping site. After the first visit, the customer only has to sign in to the shopping site to gain access to any of his or her address book information. In this way, the customer's address book is always available, and the user always has a trusted list of contacts with which to manage shopping experiences.
Value to a Third-party Application
Shopping sites enjoy many benefits of this integrated service.
-
Higher rate of order completion
-
Low setup costs
-
New application scenarios
-
More revenue