Distributed Social Networking, Internet identity and trust

tola — Mon, 05 Mar 2007 23:00:00 +0000

Distributed Social Networking

Social networking is a huge phenomenon on the Internet and web sites such as Facebook, MySpace and Orkut have enormous user bases. All of these social networks are currently centralised and controlled by a single company and do not allow users to interact between different networks. This can be frustrating for users who may have to sign up to several social networking web sites just to keep in touch with different groups of friends. Several efforts are in place to attempt to cross the boundaries between social networks, but most of these efforts work on the basis of another centralised system which aggregates all of the networks together using their respective proprietary APIs where they exist.

Open standards like FOAF and XFN already exist for expressing the relationships between people on the web, using semantic markup. In fact, I would argue that an open standard exists for every aspect of current social networking sites. By creating applications which use these open standards we can form a distributed social network which uses the web itself and does not require users to sign up to an isolated network. Each user need only create a personal home page using a service which supports the open standards to be part of the worldwide network.

I have started a new design concept on my web site listing common social networking features and corresponding open standards which could be used to implement them in Distributed Social Networking.

It's worth noting that services like Videntity are already supporting standards like FOAF.

Identity and Trust on the Internet

An interesting article in the New York Magazine a couple of weeks ago described how social networking sites are creating the biggest generation gap since Rock and Roll as teenagers are developing a completely separate concept of privacy to their parents. Teens can be very willing to talk about their personal lives and post pictures on public web sites. I don't even believe this is because they don't understand the issues of privacy, I just think they have a different attitude to privacy and are perhaps more open about their feelings than previous generations.

However, this did get me thinking. Whilst compiling this list I realised that one thing I wasn't sure how to achieve was the privacy features of social networking sites. Many of the sites allow you to define which information will be visible to which users. In a distributed system with no central authority to authenticate against it can be very difficult to define trust and granular permissions for information.

I searched the web for a solution and came up with OpenID, SAML and XDI.

OpenID

Being an ex-LiveJournal user I'm familiar with OpenID but hadn't realised how big it has become. AOL and Yahoo have now adopted the standard and even Microsoft are talking about integrating OpenID into Windows Vista.

"OpenID starts with the concept that anyone can identify themselves on the Internet the same way websites do-with a URI". Once someone has confirmed that they own a particular URI and they come across a web site which supports OpenID, they can use their URI to identify themselves. They are simply redirected to their URI's OpenID authentication if they need to log in. No more signing up for an account on every. site. you. visit!

XDI

An article called The Social Web: Creating An Open Social Network with XDI describes an ambitious project to create a new system of unique identifiers for information resources to create a Social Web of people, or more generally, a Data Web. The new scheme uses eXtensible Resource Identifiers (XRIs) to identify resources independent of a specific physical network path, location, or protocol - in a way which is compatible with URIs and IRIs. XRIs are then linked with "link contracts" which express authority, security, privacy, and data sharing rights in a machine-readable format.

Analogies are drawn with the identification and authentication system used in banking where "I-brokers" are "a trusted third party that helps individuals and organizations share private data the same way banks help exchange funds". The XDI project also has ambitious aims like anti-spam protection and identity theft protection.

SAML

According to Wikipedia, SAML is an "XML standard for exchanging authentication and authorization data between security domains, that is, between an identity provider and a service provider." Google are using SAML for Google Apps. Basically it allows a service provider to assert that a user has the permission to access a certain resource, by querying a separate identity provider (which could be common across all service providers).

Converging

It turns out that all of these technologies are converging and moving towards the holy grail of system administration - the "Single Sign On". OpenID can now use an XRI to identify a user and there is talk of using SAML in conjunction with OpenID to assert privledges.

Distributed Social Networking

tola — Fri, 15 Dec 2006 15:56:59 +0000

Synopsis

A distributed social network using open standards and the semantic web.

Rationale

The current breed of social networking sites are all based on centralised isolated systems run by single companies. Users on one social network can not easily interact with users on another and people will often have to sign up for an account on several networks to keep in touch with different groups of friends. By using existing open standards, we can create a distributed social network which does not require a user to sign up with multiple isolated networks but allows all social networking services to interact to form a unified network. With a distributed system, anyone could potentially host their own profile, friends list, blog, events etc. and still be part of the same network.

Features

Below are examples of common social networking features which could be implemented in a distributed way using existing open standards.

Individuals

Profile - vCard
Friends - FOAF (plus XFN or relationship schema for finer grained relationships.)
Messages - Email!
Mediablog - RSS/Atom
Events - iCalendar
Privacy - OpenID (plus XDI & SAML)

Groups

Blogroll - OPML
Discussions - Mailing lists

Use Cases

Jack registers with a social networking site which includes an OpenID server, fills out his contact details which can be downloaded as a vCard, writes a list of friends which is published as a FOAF file, starts a blog which has an RSS or Atom feed and a calendar which can be subscribed to using iCalendar.
Jill writes a blog entry on her own web site and Jack syndicates her blog along with a list of his other friends, Jack comments on Jill's blog, authenticating with his OpenID.
Jack arranges a party around his house and clicks an "invite" button which sends an email off to Jill with an embedded iCalendar file. Jack's friends who are already subscribed to his calendar already know about the party.
James adds photos to his mediablog and tags Jack and Jill in a photo using foaf:depicts in his FOAF file.
Jack looks through James' friends list and finds the homepage of someone he knows from school but hasn't spoken to for years, he adds them to his FOAF file and sends them and posts a comment on their blog.
Company X sets up a service which crawls the web for FOAF files and displays a graphical representation of a network of friends. They have services for searching for people by their FOAF files, creating mailing lists and blogrolls (using OPML) for groups of people.

tola - social networking

Distributed Social Networking, Internet identity and trust