Distributed Social Networking, Internet identity and trust

Distributed Social Networking

Social networking is a huge phenomenon on the Internet and web sites such as Facebook, MySpace and Orkut have enormous user bases. All of these social networks are currently centralised and controlled by a single company and do not allow users to interact between different networks. This can be frustrating for users who may have to sign up to several social networking web sites just to keep in touch with different groups of friends. Several efforts are in place to attempt to cross the boundaries between social networks, but most of these efforts work on the basis of another centralised system which aggregates all of the networks together using their respective proprietary APIs where they exist.

Open standards like FOAF and XFN already exist for expressing the relationships between people on the web, using semantic markup. In fact, I would argue that an open standard exists for every aspect of current social networking sites. By creating applications which use these open standards we can form a distributed social network which uses the web itself and does not require users to sign up to an isolated network. Each user need only create a personal home page using a service which supports the open standards to be part of the worldwide network.

I have started a new design concept on my web site listing common social networking features and corresponding open standards which could be used to implement them in Distributed Social Networking.

It's worth noting that services like Videntity are already supporting standards like FOAF.

Identity and Trust on the Internet

An interesting article in the New York Magazine a couple of weeks ago described how social networking sites are creating the biggest generation gap since Rock and Roll as teenagers are developing a completely separate concept of privacy to their parents. Teens can be very willing to talk about their personal lives and post pictures on public web sites. I don't even believe this is because they don't understand the issues of privacy, I just think they have a different attitude to privacy and are perhaps more open about their feelings than previous generations.

However, this did get me thinking. Whilst compiling this list I realised that one thing I wasn't sure how to achieve was the privacy features of social networking sites. Many of the sites allow you to define which information will be visible to which users. In a distributed system with no central authority to authenticate against it can be very difficult to define trust and granular permissions for information.

I searched the web for a solution and came up with OpenID, SAML and XDI.

OpenID

Being an ex-LiveJournal user I'm familiar with OpenID but hadn't realised how big it has become. AOL and Yahoo have now adopted the standard and even Microsoft are talking about integrating OpenID into Windows Vista.

“OpenID starts with the concept that anyone can identify themselves on the Internet the same way websites do-with a URI”. Once someone has confirmed that they own a particular URI and they come across a web site which supports OpenID, they can use their URI to identify themselves. They are simply redirected to their URI's OpenID authentication if they need to log in. No more signing up for an account on every. site. you. visit!

XDI

An article called The Social Web: Creating An Open Social Network with XDI describes an ambitious project to create a new system of unique identifiers for information resources to create a Social Web of people, or more generally, a Data Web. The new scheme uses eXtensible Resource Identifiers (XRIs) to identify resources independent of a specific physical network path, location, or protocol – in a way which is compatible with URIs and IRIs. XRIs are then linked with “link contracts” which express authority, security, privacy, and data sharing rights in a machine-readable format.

Analogies are drawn with the identification and authentication system used in banking where “I-brokers” are “a trusted third party that helps individuals and organizations share private data the same way banks help exchange funds”. The XDI project also has ambitious aims like anti-spam protection and identity theft protection.

SAML

According to Wikipedia, SAML is an “XML standard for exchanging authentication and authorization data between security domains, that is, between an identity provider and a service provider.” Google are using SAML for Google Apps. Basically it allows a service provider to assert that a user has the permission to access a certain resource, by querying a separate identity provider (which could be common across all service providers).

Converging

It turns out that all of these technologies are converging and moving towards the holy grail of system administration – the “Single Sign On”. OpenID can now use an XRI to identify a user and there is talk of using SAML in conjunction with OpenID to assert privledges.

Leave a Reply

Your email address will not be published. Required fields are marked *