I recently talked about our experiences developing applications for the Yahoo Open Platform. Caja is a system used by YAP (and resumable others close to OpenSocial/Google) that transforms ordinary HTML and Javascript into a more restricted form.

At its heart, Caja enables platform providers like Yahoo! to allow developers to use Javascript in their applications safetly.  Caja solves a similar problem that Facebook solves with its FBJS (Facebook Javascript), albeit in a more flexible fashion. Facebook solves the problem by provided a limit set of Javascript-like functions, tries to mirror some of their functionality with that of its server-based API, and provides very decent support for AJAX. Caja tries to solve the problem by support regular Javascript with some limitations.

The Yahoo Application Platform (YAP) is new as is Caja, so there are still a lot of kinks that need to be worked out. Some developers, however, seem to prefer the limit, yet working, set approach that Facebook offers versus the every should work (but it doesn’t exactly) that Caja and OpenSocial may have to offer.

As I mentioned, Caja – like many other technologies that originate at Google, is open-source so expect more companies to adopt this approach to limit XSS style attacks on their site. As one post by a Google devleloper working on the project claims “With the lauch of My Yahoo! and Yahoo! Mail gadgets, we’ve got 275 million users.” – partially true (first they have got to see the applications..before they can use them), so developers need to start taking a serious look at Caja and what Caja will mean for them. Tim Oren makes a similar (even stronger) point in his post on Web 2.0, Javascript and Caja.

In working we Caja, we had to come up with serveral not so trivial work-around based on the current limitations of Caja (XML parser for AJAX calls, ie) so working with (and around) Caja may not be trivial but hopefully will become a lot easier as these kinks are ironed out in future YAP releases.

Other Resources:

• Google Caja
• Yahoo! YAP/Caja
• Tim Oren’s: Web 2.0 Investors -Pay Attention to Caja
• Wikipedia on the Caja Project

We recently developed a YAP app (I like the way that sounds) for a client. For those who are not familiar with YAP, Yahoo! describes the Yahoo! Application Platform:

The Yahoo! Application Platform allows you to reach our users and improve the Yahoo! user experience by building and deploying new experiences for them into Yahoo! pages, writing code the way you love to write it.

From a marketing perspective, it’s Yahoo!’s response to Facebook’s popular application platform and MySpace’s OpenSocial, but in many ways it is different (and it promises to be even more different in the future).

Here are some of the similarities and differences between YAP and other popular application platforms:

• Like Facebook, the YAP official SDK is PHP-based, and similarly both platform support development in Adobe Flash. Both also have their own markup languages (FBML,YML) and both support Javascript (FBJS,Caja).
• Unlike Facebook and OpenSocial’s “externally and internally facing” applications (seen by others and yourself), Yahoo! applications are “internally facing” (seen only by you) and thus are designed to work with My Yahoo! (and Yahoo Mail)
• Unlike Facebook and OpenSocial, very little interactivity is currently is supported on the front page/Small View
• The application metaphor behind YAP is probably more similar to those of “starting page” widgets for services like NetVibes and Pageflakes
• Sharing of applications is probably less intuitive than Facebook but comes “automatically” with each application (since it is built into the application chrome rather than the application itself for the most part)
• The YAP API supports OpenSocial 0.8, but in general its PHP API is less complicated (and less featured) than Facebook’s. Full support for OpenSocial is planned in the future

Developer Do’s and Don’ts:

• YAP’s Caja Javascript Sandbox is a bit unforgiving when it comes to spelling errors, and at the time we developed our application, there wasn’t a great way to debug these problems
• Be prepared to write your own XML parser (we did) since currently YAP’s flavor of Javascript limits some types of DOM manipulation. If you plan on using AJAX and XML, this may be an issue. I believe their JSON support is a lot better.
• Understand the limitations of different Views. The Small (front-page) View doesn’t support Javascript, Flash or IFRAMES, so interactivity is limited. If you want to update the Small View, you’ll need to periodically run a CRON job or use a Web Service. Plan on doing most of your “work” in the Canvas View, which does support Flash and Javascript (but not IFRAMES).
• AJAX and other communication and event-based calls will need to be done through OpenSocial 0.8, so previous MySpace development experience helps
• The Yahoo! developer forum does a fairly good job of answering questions so be sure to use it. The individuals responsible for evangelizing and supporting the platform did a phenomenal job in supporting our development efforts. The documentation was okay (navigation wasn’t great), sample code (at least when we used it) was okay as well but could have been organized a little better.

Conclusions:

• Developing on YAP!, as is the case with any new developer platform, was challenging but fun!
• YAP! holds a lot of promise as soon as Yahoo! was more aggressively promoting.
• Remember that for the most part, the platform is still in beta, so some of these issues have probably addressed.

Open Applications are Yahoo!’s answer to Google’s iGoogle widgets and OpenSocial platform.   Yahoo Open Apps are part of the Yahoo! Open Strategy (or Y!OS for short) – Yahoo!’s push to “deliver open, industry-leading platforms that attract the most publishers and developers.”

Positioned as “Social Platform for Yahoo”, Y!OS really represents a set of open API (Flickr, Yahoo! Mail, Yahoo! Maps, Yahoo! Search/BOSS, ie) along with the “new” Yahoo! Application Platform (YAP) that allows developers to build applications that plug directly into Yahoo! (social) pages (MyYahoo, Yahoo 360, i.e.) and presumably other Yahoo! properties (Flickr, MyBlogLog, i.e.).

Although the language of what Yahoo! is offering make be confusing – Yahoo! Social Platform (YSP), Yahoo! Application Platform (YAP), Yahoo! Open Strategy (Y!OS) and a whole bunch of other three letter mnemonics that start with Y – the idea is not! Yahoo! wants to compete with Google and Facebook to be the start page for the Internet and needs social media and networking application that captivate a Internet-savvy audience to pull it off! It has the popular email client, a bunch of popular media services (Flickr), good IM presence, it has most of the basic API’s, and all it needs is the glue. Can Yahoo! do it? Perhaps.  Here is my initial feedback:

• The strategy makes sense – why site around waiting for Facebook, Google (perhaps MySpace) to take over the world – fight back!
• Yahoo! has all the basic API’s you need to deliver a compelling social platform.  The same can be said for Google, but not for Facebook or MySpace.
• Yahoo!’s approach to user interface design, SDK and architecture design and platform support has generally been better than those of its competitors. Yahoo! Mail is a lot nicer/cleaner/intuitive than Gmail.  Yahoo! was first with a Flash-based Map API that still looks a lot more polished. From a UI perspective, Yahoo! kicks butt!
• Yahoo! vision appears more comprehensive (think 360) and well thought out than some of the others. Google seems to have a lot of small disparate APIs but nothing to really pull them together to deliver real power. OpenSocial (which appears to be the only available glue) will probably never be Google-centric enough (given it’s an “open” standard) to pull this off, without becoming even more complicated than it currently its!
• Yahoo!’s once owned the Internet’s start page. The MyYahoo! personalized portal used to be the starting point for most user’s online experience in the late 90’s when I was busy starting Epicentric – the enterprise portal builder, before the dawn of social networks like MySpace and Facebook.
• Yahoo!’s traffic and network cannot be underestimated. Yahoo! is ranked #2 in traffic by Alexa (Google is #1) and Yahoo Mail has $275M global users. If Yahoo! pulls this off you can expect some powerful social applications that live and interact in such Yahoo properties like Yahoo TV, Yahoo Music, Yahoo IM, Yahoo Toolbar, Yahoo 360%, Flickr and the list goes on!
• Yahoo! has some innovative services in the works including Yahoo TV Widgets and are currently scouting out some some rather interesting acquisition opportunities, and is playing around with third-party APIs and technologies like Adobe AIR for new product/service extensions and concepts.

As far as the platform is concerned: Applications support both a small and canvas yiew. Similar to Facebook, YML – Yahoo Markup Language Platform gives developers access to social data and features. Its Caja JavaScript sandbox eliminates threats posed by rogue Javascript code. It comes with a presence API and supports OAuth. The YAP SDK has great support for PHP and did I mention that it YAP supports OpenSocial 0.8 – pretty sweet! The platform comes with a web-based development environment (that’s nice) and apps will off course be featured/listed in the Yahoo App Gallery!

More to come on this subject later on this week as we embark on a handful of Yahoo Open Application development projects!