I'm pleased to announce the availability of a new client-side web control for accessing Windows Live services:  The Windows Live Spaces control!  This control enables web visitors to use photos stored in their Windows Live Spaces photo albums with third party web applications. 

It's a "photo picker" - the control is not for displaying photos on a third party site, but for selecting photos and obtaining URLs that point to the photos in Spaces storage.  You'd use it like a File Open common dialog to select photos to include in blog posts, web pages, documents, or to designate a photo to use with a third party vendor service such as printing photos on mugs or shirts.

Following the same pattern as the Windows Live Contacts Control, you use a pseudo HTML element tag "spacescontrol" to place the Spaces control on an HTML page and then fill in attributes to specify options and operations.  The JavaScript you need to include in your app has changed slightly:  you need to include http://dev.live.com/scripts/v0.2/live.js and http://dev.live.com/scripts/v0.2/controls.js on the page that has the "spacescontrol" control tag.  In previous releases of the Contacts control, the second file was control.js (singular) and was located in a different directory.  We've done a little housekeeping and consolidated the control discovery and bootstrap code into one file that will handle both the Contacts control and the Spaces control, and other controls in the future.

Also like the Contacts control, the Spaces control requires a privacyStatementURL as a parameter.  Many countries now have laws that require that application and web site developers must provide full disclosure to end users about how the app is going to use, store, or modify the user's personal data, including photos.

Specify what kind of data you want back in the "dataDesired" field.  Your field choices are fileExpiringURL and fileAccessControlledURL

A fileExpiringURL is a time-limited URL that enables the user to make a specific photo available to a third party, even if the photo is marked as private or only visible to the end user's friends.  You'd use this in scenarios where the third party needs to see the actual photo rather than just keeping track of a URL, such as when the third party is vendor who can print your photos on mugs or t-shirts.

A fileAccessControlledURL is a URL that respects the user's access control settings for a given photo.  Any app can keep the URL as long as they want, but if the photo is marked as visible only to the user's friend list, then only the user's friends will be able to see the photo, after logging in with LiveID.  If the user's photo is marked as visible to everyone, then of course there would be no restrictions on the URL.  If the user later changes the permissions on a photo after a URL has been handed out, the URL will respect the new permissions immediately.

You'd use a fileAccessControlledURL in situations where the third party app doesn't care what is in the photo, but only passes the URL through for others to use, such as when inserting photo URLs into a public blog post.

The rest of the Spaces control fields are pretty much the same as for the Contacts control - channelEndpointURL, onSignin, onSignout, onError, and market.

HTTPS Contacts Control

Also as part of this 0.2g release, we've updated the Contacts control to support end-to-end https, so that the control can be used on https web pages without raising any of those annoying "This page contains secure and nonsecure items" warnings.  With this update, the list view of the Contacts control runs "clean" in https in IE7, Firefox 1.5 and Firefox 2.0. The tile and tilelist views need more work before they'll be https ready, and IE6 still displays false positive security warning in the list view.

Anxiety of Activity

It's been a hectic two weeks.  Prepping an update to the Contacts control, an all-new release of the Spaces control (dependent on a new release of Spaces storage that went live only a few days prior), and writing demos and presentations for MIX07 (which, by the way, requires the satisfactory completion of the first two items) have taken their toll.  Naturally, just when we thought we were done, some gremlin runs amok through everything and we're back to doing line by line code reviews and destructive debugging to try to figure out what's failing and why.  I learned a lot about how to break https this round!

Time to MIX it up!

I'm actually blogging this from Las Vegas at MIX07, trying to catch up on my blog post backlog to clear the decks for MIX07 this week.  I'll try to post fast and frequent tidbits about MIX happenings and announcements as they happen this week.  I wonder if I could blog while speaking Monday afternoon?  Hmm....