Portable Contacts


The vision for Portable Contacts has been around for a long time. Sites large and small share the goal of providing users a secure way to access their address books and friends lists without having to take their credentials or scrape their data. But only in recent weeks has it begun to feel that now is the right time to rally the community and the industry to work together to make this vision real by developing an open spec for exchange of contact info that everyone can embrace.

Why now?

The momentum began building for 'data portability' last year, and we are now at a point where there is strong support for the principle that users should be in control of their data and have the freedom to access it from across the web. And the major players have all recognized that they and their users are better off with secure contacts APIs (rather than having third-party services ask for users' credentials in order to scrape their data). As a result, we're seeing major Internet companies making contacts APIs available, such as Google's GData Contacts API, Yahoo's Address Book API, and Microsoft's Live Contacts API (with more to come). Not surprisingly though, each of these APIs is unique and proprietary. We believe this creates the ideal conditions for developing a common, open spec that everyone can benefit from. Just as OAuth has provided a standard to unify the various proprietary schemes for delegated authorization, we believe we can do the same thing for securely sharing address book and friends list data.


The goal of Portable Contacts is to make it easier for developers to give their users a secure way to access the address books and friends lists they have built up all over the web. Specifically, we seek to create:

A measure of our success will be the elimination of the "password anti-pattern," by making it far easier to implement Portable Contacts than to engage in scraping, as well as a dramatic increase in the number of sites that both provide and consume who-you-know data.

Our Approach

Our design is focused around ease of adoption, which means a few things. First, our emphasis is on simplicity of design and targeted use cases. For example, version 1 is simply about access, and defers for now on the more complex issues around update and sync. Second, we're taking a modern approach to who-you-know data by unifying traditional contact info and social network data, in order to properly represent the current diversity of the social web ecosystem. Third, we're using existing standards wherever possible, including vCard, OpenSocial, XRDS-Simple, OAuth, etc. And lastly, we're designing something that should be easy for current service providers to adopt. We started by reviewing all the major existing contacts APIs and targeting the capabilities that they all share and provide. We believe this pragmatic balance is the best and quickest way to achieve our shared goal of widespread adoption.

Here is the current draft spec, the wiki, and the mailing list.