Barking

The Dell/Walsh Western post I put together seems to be getting a reasonable amount of traffic and the comments are hotting up.

Tactile CRM has been available for just over a month now. We currently have over 700 pages linking to us (according to Google), and have just reach our 300th signup.

We were discussing graphing and reporting today for Tactile CRM and related products we are working with. I got home and lo and behold Google had read my mind and released a graphing/visualisation API. Thanks Google.

As Jake has already mentioned, the latest update we rolled out for Tactile CRM included functionality that allows you to import contacts from your Google Address Book. This has been made possible in a secure manner thanks to the release of the new Google Contacts API. The new API allows you to tell Google that you trust us enough to access your data without having to give us your password.

The release of such an API should mean that cases such as that reported by Coding Horror (an application developer was havesting users GMail username and passwords) recently won’t happen again. However, unless users know that giving 3rd parties their passwords isn’t the only option there isn’t going to be a change anytime soon. Facebook still ask for your password rather than using Google’s preferred “AuthSub” method and if such a popular application is working in this way, then there isn’t going to be pressure on anyone else to change how they do things.

This was picked up back on disambiguity in November:

But do we really realise what we’re handing over when we give this log in information away? Do we realise how much we are trusting Facebook, for example, to play nicely with that information? Think of all the email and IM conversations you’ve had that are accessible using these login credentials… now think about the level of security at somewhere like, say, HM Revenue & Customs (where they recently ‘lost’ the personal information of millions of UK taxpayers), and now think whether somewhere like Facebook would have better or worse security… both now, and potentially in the future.

So how long before Facebook joins in and starts, as the author puts it, “Encouraging Responsible Behaviour”? Regardless of how secure Facebook itself might be, by getting people used to handing over such details, they’re not being very responsible. Should Google be more proactive in telling its users that giving away their passwords to anyone, no matter how much they trust them at that moment in time, is a really bad idea when there are alternatives? Will users pay attention if they do?

As web-application developers then, how do we go about making this work?

In Google’s words:

Web applications that need to access Google services protected by a user’s Google account can do so using the Authentication Proxy service. To maintain a high level of security, the proxy interface, called AuthSub, enables the web application to get access without ever handling their users’ account login information.

and a pretty picture:

Thankfully, there are Client Libraries in a number of languages that make this negotiation pretty straightforward. The PHP Client Library is actually the Gdata package from the Zend Framework. We use various components of that elsewhere and we’re pretty familiar with it and so it dropped right in.

Unfortunately, given how recently the Contacts service was announced, there isn’t (yet) a Zend_Gdata_Contacts service but after taking a look at how the code was structured for the other APIs, adding the necessary components for reading the Contacts Feed wasn’t too difficult – credit to whoever developed it for coming up with such a flexible architecture.

The various Google feeds make use of the ATOM protocol but with a number of extensions for the representation of the many properties that make up an ‘entry’ that aren’t part of ATOM itself – things like email addresses and phone-numbers for Contacts; recurrence rules and time zones for Calendar events; and the many free-form attributes that Google Base items can be given.

Within the ZF code each API has a ’service’ class that knows the URL of the feed and which XML namespaces are used inside it and determines what type of Feed is going to be returned. The Feed acts as a collection of Entry objects that are the result of a Query against the service. Each Entry knows about the types of properties that it can contain - a number of “Extensions” that have a number of attributes. It all follows the hierarchy of the XML quite nicely, with each level knowing what to do itself and what to pass up or down the chain.

From a technical point of view, it’s easy enough to make it work but from the user’s point of view it is a little confusing, the context-switch going from the Tactile branding to that of Google is quite jarring and while such transitions are becoming more common, it’s still not mainstream. It’s helping that Banks and credit-card companies have started using 3DAuth that works in a similar way, and OpenID is slowly becoming more popular and so hopefully people will start to appreciate that the extra couple of clicks are worth it for the increased security.

Getting back to the original point, systems such as Google’s AuthSub mean that our customers can give us access to their data without giving us their passwords - they still have to trust us, but they don’t have to trust us quite so much. It’s a shame that the only options they are presented with are ‘Grant’ and ‘Deny’, and that ‘Grant’ gives access to delete and add contacts, as well as just grab the list. It would be nice if there was a little more granularity in what you could grant access to. We’d be content with a ‘Grant Read Only’ option (or ‘Grant’ to a read-only feed), as we have no plans to do anything other than retrieve the list of contacts and put them in the Tactile database.

In an attempt at a conclusion then, AuthSub is a really nice idea but for it to really succeed end-users need to know it exists. Application developers need to be more responsible, and not ask users to hand over login details. The Zend Framework is really quite good and the components really do just drop in to existing setups, give it a try.

So we finally got a mention on one of the big blogs today - ReadWriteWeb mentioned about our Google Contacts API integration (Greg is putting the finishing touches to a tech post on this which will be up tomorrow) in one of their articles and a link through to the Tactile CRM. Next stage is an article about just Tactile CRM!

I also learnt a new word today - Socialprise - social tools + enterprise = “socialprise”. Thanks Sarah for that one too! I feel honored to think of Tatile CRM breaking these new boundaries!

Senokian are pleased to announce the latest version of their web-based contact and sales management system, Tactile CRM. Following customer requests for new ways to easily integrate their existing data into the system new features have been added to import the popular vCard format and GMail via the new Google Contacts API.

With several program’s making recent headlines by ‘capturing’ user details in a way that could be used maliciously. Senokian have made sure that the new version of Tactile uses the secure Google Contacts API to ensure users details are safe and secure.

You can signup for a Tactile free trial which allows organisations to test the system. With several payment plans (start from as little as £6 per month), Senokian have already signed up clients across the UK, US, Canada and Australia.

So Pot Noodle have done a spoof of the excellent Guiness advert

This is one of those viral marketing ideas at its best - 160,000 hits in a week.

So how do we do the same thing for Tactile CRM? Well we can’t do the same for Tactile, but we are trying to build buzz and links with things like links and articles from Web Worker Daily. TechCrunch (UK) and Read Write Web are still proving elusive!

We get through a fair few RSS/blog posts/articles at Senokian. Below are some of the main sites that we read on a daily basis (in no particular order other than alphabetically!).

• 451 CAOS Theory
• Bit-Tech
• Boxes and Arrows
• Code Meets Music
• Coops weblog
• Daring Fireball
• DELTA TWO ZERO
• Euro Gamer
• How to Change the World
• Indexed
• Joel on Software
• Johnson Banks Thought for the Week
• jonobacon@home
• Joyeur
• Kottke
• MacRumors : Mac News and Rumors
• Magic Milestones
• Mercian Labels
• Open Source Weblog
• open…
• OpenBusiness
• Opera Desktop Development
• PistonHeads
• Planet PHP
• Positive Churn
• Revengeful Lobster
• RouterGod
• SEOmoz Daily SEO Blog
• Seth’s Blog
• Signal vs. Noise
• Slashdot
• Steam News
• TechCrunch
• TechCrunch UK
• Telegraph Blogs : Motoring
• The “Blog” of “Unnecessary” Quotation Marks
• The Open Source Advocate
• The Register
• Thinking Digital
• townx
• UnderStated
• Zeldman

Are there any we are missing?

Tactile CRM has been live for a month now and we now have over 275 people using the system.

We want to carry on improving our CRM system and this is where we need your help. We want to start incorporating some of the new features from Tactile CRM into our Open Source product, EGS, and find out what new features and improvements we can make to Tactile. As an incentive to those of you who help us out with the improvements on the system (just sign up check it out, and leave comments, suggestions and feedback on our forum) we are offering three free months subscription to the Tactile plan you use.

We do value and listen to feedback that we receive, we have already implemented several new features that have been suggested by users since we launched, including:

• Internationalisation (opportunity values)
• Date formatting
• Timezones
• ‘Quick Complete’ for activities (one click to complete)
• Searching on Town and County/State fields
• and many others

and we are just putting the finishing touches to vCard imports and Google Contacts import using their new API which will be available shortly.

We know the importance of building communities around software (we have worked hard to do this with our Open Source Software EGS, and don’t worry we have some major new functionality coming including a new release and a full ERP/Accounting module for it) and we want you our users to take the lead and help make Tactile a powerful, easy to use system.

So Tactile CRM didn’t get chosen for Web Mission 2008, but the list of those going is now up so best of luck to all of those involved, should be a really good event.