UPDATE2: Great News! Right while I had been thinking about this issue yesterday, looks like Google released its official AJAX Client library for its Contact API. So after all Google is becoming a universal contact list? Now, with these tools and APIs available, third party sites have no excuse whatsoever for continuing to insist on asking for username and password to import contacts!
UPDATE1: As it turns out, I totally forgot about the recent announcement of Google Friend Connect and the controversy that soon followed. This is the kind of approach I was thinking of just that it slipped my mind while writing this post late into the night. I think I had signed up for the private beta as well and am awaiting an invitation. Here is the video that explains Google Friend Connect.
Gmail has almost become a universal contact list. Atleast all social network sites think it is so..
I just dont understand why every time I am asked for my gmail user ID and password (to find friends on a network) I cringe but then finally give in -- only to get burnt, burnt and burnt (ouch!) What drives me nuts is when some of these sites get away with sending your password in plain text! Why do we put up with this nonsense, in this day and age?
One suggestion I have for this problem is to build a Gmail Friend Finder API that would allow Yet Another Social Network (YASN) to access our universal contact list. What I mean by this is: Gmail knows everyone I know and interact with. I trust Gmail and am generally more willing to let Gmail be the arbiter of my social information. Why is this a good idea? for starters third party apps neednt ask users for their password. I just ask them to go and talk to gmail to see if there are others in their site whom I might know and might be interested in connecting with me.
Yesss! I am aware of OpenID and Social Graph API. Here is a small glitch, though. Social Graph API relies on FOAF/XFN and not everyone has that information published online. OpenID is more for authentication and IMHO, its kinda unintuitive and difficult to explain even to tech savvy folks -- let alone my grandmother! Gmail on the other hand... everyone has an account there and we all 'get it'! To be fair here.. Microsoft passport account in some sense was a precursor to all this, perhaps even a little too early for its time!
Following is an illustrative example of how I see this working:
The approach that I think might work better would involve developing an API for Gmail. When I first join YASN, instead of sending me an email directly, it outsources the verification process to the Gmail API. Gmail sends me an email to verify that it was actually me who signed up on YASN. Once I confirm, it sends YASN a confirmation that it has verified it is me. In addition it sends a secret identifier that it requres YASN to send over SSL when asking for any of my data. Note that at this point Gmail already knows for certain that I am a member on YASN. Now, I want to check if any of my friends are on YASN. So YASN will connect once again with Gmail friend finder along with the token/secret code that was sent to it when I completed the email verification. Now the only friends that Gmail API sends to YASN are the ones who are connected to me on Gmail AND are also members of YASN.
Since YASN can only access limited information via the Friend Finder API, it cannot spam everyone on my email account. Additionally, since it does not have my password, it minimizes the risks of my account being hacked or YASN doing something malicious. Ofcourse all this is just conceptual -- unless Google/Gmail team actually implements some such API.
[Thanks Audumbar Chormale, for the discussions and the question that led to this post]