"We announced today that five partners have already signed up to Plaxo-enable their Web sites and applications using our SOAP API: ColSpace, Global Systems, Greenlight Wireless, ModoMail, and Trekmail. This means that our members can access their Plaxo address book, calendar, tasks, and notes from within these services. While we’ve focused so far on integrating with Outlook and Outlook Express, our goal is that your up-to-date Plaxo information should be available to you in all of your favorite apps. […]
For security, all API calls are made over SSL so the user’s password and data are encrypted during transport. We authenticate both the partner and the Plaxo member, so no one can touch your account without your permission."
Apparently there’s no public documentation about this API which was released back in May, I guess the people at Plaxo are too busy writing crap such as "The Plaxo Network is fast becoming an important new layer of the Internet, like e-mail, instant messaging and Web browsing."
Ludicrous PR claims aside (what next, comparing a walkie talkie toy with the ability to place intercontinental phone calls?), I’ll cut them some slack since the API came before a yet-to-come developer program. It’s interesting to see an encrypted service that is nonetheless interoperable (unlike, notes Jon Udell, the big VOIP vendors).
One thing I’m curious about is proper performance under SSL. Maybe there’s hardware acceleration going on on Plaxo’s side (Westbridge?). Besides they use SSL on their web site and with Outlook anyway, so they must have sized their infrastructure to handle the extra processing load, but what’s the impact for their partners? All I’m saying is, SSL + SOAP doesn’t sound like a recipe for speed. This pdf file mentions running web services over https but doesn’t even touch performance questions, while these articles list the limitations of SSL in a web service context.
Aside from the operational questions that only outline my crass lack of knowledge, this discussion about how to implement FOAF support in a way that respects privacy raises another scalability issue, this time human. How do you move private data around (the purpose of FOAF) without drowning people under authorization requests? (Note to self: find the question I posted about that point on Marc Canter’s blog a couple of days ago. Also, gotta keep an eye on Clink.) I’d also like to know how the Plaxo partnerships announced today work from a business perspective. Are these revenue-sharing deals to push Plaxo VIP, or is this a way to get more people to use the free service and Plaxo will worry about converting them on its own? (Guys, can’t you come up with better than technical support to justify the paid product?)
Taking a step back to the bigger picture, I don’t know much about the whole SOA hoopla. I need to educate myself in order to come up with a unifying theory about how this is relevant to the internet at large, not just corporate IT. Another question: is Moore’s Law going to allow every online application to be encrypted by default with no noticable performance cost? Discuss the ramifications. (Oh wait, aren’t Moore’s Law and distributed computing eventually leading to the end of encryption?)