Thursday, February 28, 2008

Announcing OpenFile

A small group of us at work came up with an idea for a new web API that we are developing and would like as much community involvement as possible. We're calling it "OpenFile" in the spirit of OpenID, OAuth, OpenSocial, etc. From our in-progress spec:

Users store more and more of their data in disparate services: photos on Flickr, SmugMug, Snapfish; files in Amazon S3,, Mozy; documents on Google Documents, Zoho, etc. At the same time there are more and more web web-enabled applications that would like access to these sets of data to offer additional value: online image editing, audio and video transcoding, remote access, etc. Often a client wants to perform relatively simple operations: open a file, save a file, but every service provider implements this in a different manner. For these basic operations there needs to be an easier way for clients to access the user's data from any kind of provider in a uniform way, and at the same time protecting the privacy and security of the data itself.

The OpenFile API is a vendor-neutral protocol for desktop and web clients to be granted limited access to users' data that is managed by an external service provider. Its specific goals are to:

  • Provide clients the web equivalent of "Open File" and "Save As" dialogs that are managed by a user's service provider rather than the client, avoiding the exposure of private data to a requesting client, such as the user's folder structure. This also encourages the user to authorize the minimum amount of data to the client, rather than granting carte blanche access to all possible operations.

  • Allow authorized clients to then "Open" (read) and "Save" (write) authorized files.

  • Interoperate with open standards such as OAuth to avoid disclosing a user's credentials for a service provider to a client.

Intended audience

This specification is intended for:

  • Data storage/backup providers who want to enable their users to access their data via numerous third-party clients in a standard and secure way.

  • Web services that want to simplify and extend their current methods of importing and exporting file data.

Community participation

Please join the mailing list if you are interested in contributing, editing, or implementing this specification. We hope to emulate the process used by the OAuth mailing list in developing this spec: mailing list membership by application to avoid extraneous posts, quick discussions and voting on issues, rapid progress towards implementation and adoption.


Photo editing web site

  1. Alice discovers a new web-based picture editing service and wants to try it out on some of her pictures which are stored in the OpenFile-enabled site at the URL

  2. On's Import page there is a textbox where Alice can enter her OpenFile provider URL ( so that can learn how to pull photos from it. Alice is then redirected to, which asks her to login if she's not logged in already, and then to select what photos she wants to grant access to.

  3. Alice chooses just one photo of her cat and is redirected back to, which then pulls the picture of her cat from Alice then starts editing the photo.

  4. When she's done she presses the "Save" button, causing to push the updated image back to where it will replace the previous version.

Online music store

  1. Joe just bought the final Daft Punk album missing from his collection on He can download it directly into his computer, but he also wants it available from his online-streaming service, and he wants it backed up to his offsite-backup service

  2. On Joe enters the OpenFile endpoint URLs for both his services: and

  3. First he's redirected to's "Save As" dialog, where he is asked if he wishes to allow to write some files. Joe navigates his folder structure and sets up a new folder for the album data, then is redirected back to

  4. Next he's redirected to where he goes through the same authorization process for

  5. Finally begins transferring the music files to both services, keeping Joe informed about the progress of the transfers.

Labels: , , , ,