16 June 2006

JSON Presentation by Yahoo at WebGuild

On Wednesday night, I headed to Google to listen to Yahoo's (no irony there is there?) presentation on JSON, Yahoo web services, and mash-ups. This was a presentation setup by the Sillicon Valey WebGuild. This turned out to be quite good. In particular, Doug Crockford's presentation on JSON. I also, by complete coincidence (it took both of us a bit of discussion to figure out the connection), ran into a colleague from my original days at Adobe (he was one of the Pagemill folks, and I worked on Pagemill and related stuff very briefly when I was first hired).

Doug first went over the basics of what JSON is, and then got into what the advantages were, why you'd use it, etc. One of the things he mentioned, was that folks have been using JSON, or something extremely close for some time now, but it's only now that it's being recognized and more formalized. I couldn't agree more. I was using JSON about three years ago in a project, yet I'd never heard of JSON. I simply took the JavaScript object literal notation as an easy way to serialize data between C++ and JavaScript code. I parsed it myself on the C++ side (no clue about JSON, so I don't even know if C++ JSON parsers existed then), and obviously just eval'ed it on the JS side.

Here are some of the bits of info I found interesting from the JSON portion (mash-up and web service stuff is below):

  • Yahoo uses JSON to bridge C/C++ and JS code in their web apps
  • There is a MIME type, which is application/json. Doug tried to get a plain type, but application is all they'd allow.
  • There are two ways to parse JSON in JSON, first with eval, and then with parseJSON (see below). One person commented that they've used eval to parse 100MB JSON strings with no problems. The main difference is that eval is not strictly safe, but parseJSON is, and should be used when you don't necessarily trust the source.
  • You can use iframes, or the dynamic script tag hack to deal with cross domain and other security issues.
  • There is a proposal for a new JSONRequest, which deals with the security/cross-domain issues in a non-hackish way.
  • JSON.org/json.js is a JS library that adds JSON parsing and handling methods to strings, arrays, and objects. Use this until they get this stuff into the ECMAScript standard.
  • There is a neat template system, that lets you create JS templates, and then substitute into them using JSON. See the supplant method in json.js. Also, going further is the JSONT (JSON transform, vaguely like XSLT) system.
  • I liked their mention of the fact that JSON has no version numbers. There are no plans for changes, and it's totally stable. It's not extensible, so basically, it's what it is now, and that's what it'll be "forever".
  • JSLint is a lint tool for JavaScript, that also does a variety of other code validation, verification, and check-ups. This looks very interesting.
I'm quite sold on JSON myself. I've recently been using Atom, and something similar to gData in my REST web services, but JSON just makes more sense, and would be a lot easier to use from the apps that are using these services. For example, I have apps that are in Ruby, as well as ActionScript (Flash/Flex), both of which can easily parse JSON (Ruby has YAML, which is a superset of JSON, and Adobe has a library for JSON (and other things) for AS). Atom is great, but even though it's extensible, it just seems like you are shoehorning things into it at times, and that raises a flag for me.

After the JSON portion, Dan Theurer of Yahoo spoke about their web services and related developer bits and mash-ups. In particular he showed their browser-based authentication system that lets mash-ups have their users authenticate with the Yahoo services that are being mashed in, but without the user ever supplying passwords or account info to the mash-up itself. There was also some discussion including Bill Scott of Yahoo, and some of us in the audience around Yahoo's JS UI toolkit (YUI). Bill is also one of the Rico guys (a competing JS UI lib). Some notes from this portion of the talk:
  • Some specific reasons mentioned to do web services: extend the reach of your apps/services; enable people to work with their data in their own ways; etc.
  • Driving web service adoption: make it free, support it, get feedback, create a community around it, provide sample apps, good docs and API's, etc.
  • The YUI has interesting widgets like a calendar, status/loading, image animation, etc. It is very well documented, but not as extensive as Rico or similar. They will be adding more high level items in the future. There is also the YUI blog.
  • There is a gallery of third party apps that use Yahoo web services.
  • Yahoo's web services use JSON of course, or at least some do, but also Atom, RSS, serialized PHP, SOAP, REST, yREST, RESTful, and more.
Van also mentioned to me that if looking at YUI, to also check out Rico's LiveGrid component, which is pretty cool way of lazy loading data into a table that lives in a scrollable area (i.e. load as data comes into view, using AJAX).