2010/4/28 Mischa Tuffield <[email protected]> > Hello All, > > I have been lurking here on this mailing list for a while now, and should > really find some time to put together some thoughts I have having on ideas > around a decentralised social network, and yes it would be FOAF and RDF > based, but anyways. > > I have built a number of FOAF related web stuff over the last couple of > years, most of which you can find details of here: > > http://foaf.qdos.com/slides/london011209/ > > or > > on this page http://qdos.com/apps > > But anyways, I have a comment regarding OAuth and foaf+ssl which is > mentioned below (see comment inline) : > > On 28 Apr 2010, at 21:09, Lucas Stadler wrote: > > Hi > > > I take this opportunity to get some insight on something I was working > upon, > > which i think is somewhat similar to ideas discussed here. > > Cross posting one mail I posted earlier. > > > > Hello everyone, > > > I would like to get some suggestions on open profile idea. > > > We were thinking of implementing a open profile using open specs such as > > foaf and oauth. The aim is to let user makes his social profile just once, > > and get it be accessed everywhere. And the way is distributed, > > de-centralized. This is how it goes > > > 1. OAuth will handle authorization headaches. > > 2. User creates an account on one social networking website, which > > implements open profile . > > 3. The website generates a unique profile url for each user. > > 4. user goes to some other website, which also implements open profile > > and OAuth, the website > > provides user with feature to make account using his existing profile > > on other social network. > > 5. User puts in his profile url from other website, > > 6. Using OAuth for user authorization, which one completes, the remote > > website, sends a user > > profile xml file based on the open specs to the requesting website. > > 7. The network, gets the profile data, updates it into database, updates > > the open profile xml by adding its name into the list , which > > contains name and other information of all the websites which are > > seeing this data. > > 8. Then it sends an update request to all other services, with the > > updated xml, using the rest url of each service, > > specified in the xml file. > > 9. All the websites which receives the updated xml, updates their data. > > 10.Whenever user updates his profile in any one of the website, the > > website, after updating data, sends > > a update request to all other websites seeing it, they in turn > > updates their databases accordingly. > > 11. The data is hence updated every where and once and no one is > > controlling the data. > > > Its just an initial draft and certainly requires polishing. > > > Cheers > > I think you are a bit to fast for us, as there is no GNU Social protocol > at the time. But I was thinking about the problems we currently have and > support for having data not just within our network, but everywhere a > user wants it to have is something we certainly have to provide if we want > to be truly open. > > From this point of view, your draft is a possibility to achieve this. I > > do not think, however, that it is the sole possibility, as FOAF+SSL does > try to do something similar (at least to OAuth). > > > I don't think that foaf+ssl and OAuth are that similar. I will try to > explain, OAuth is (I could be wrong here) as a way of allowing two services > to setup trust between each other so that they can exchange data "offline" > i.e. no longer requiring the user to be around. The (complicated) OAuth > dance has an authentication setup which is not defined by the OAuth > protocol, which allows for one of the services to authenticate one of its > users so as to give the second service access to that given user's data. > > This is where I see foaf+ssl coming into play when thinking/talking about > OAuth. It is this authentication step in the OAuth protocol which a given > service could choose to use foaf+ssl as a way of authenticating a given > WebID (user). > > In summary, foaf+ssl is more akin to OpenID than to OAuth. foaf+ssl allows > someone to authenticate them self as the owner of a given WebID, again > similar to OpenID, but will a lot less to'ing and fro'ing. But, again do > correct me if I am wrong, but OAuth is a not a way of authenticating/proving > identity but a facility to get two services communicating with each other. >
Yes I agree. OAuth is the process of gaining an access token (delegated credentials) to a given URI (e.g. The Twitter API) OpenID tends to be a browser redirect oriented method for authentication. FOAF+SSL can authenticate you (or a machine / client / command line ) against any URI, and also has a delegated form, a cookie form and an apache mod form. One important side effect of FOAF+SSL is that once you're done with the authentication you have a pointer to a FOAF ... which means automatically having things like, avatar, nick, name, contacts, and highly structures pointers to a lot more data, in a RESTful way. I actually believe that it's the side effect that will prove to be more valuable than the authentication itself, particularly in distributed social networks. > I hope this helps, > > Mischa > > > I am not quite sure what you imagine with that 'XML profile', as this is > a rather difficult thing. But possibly this could simply be a RDF document > with whatever vocabulary that might be appropriate, such as FOAF, SIOC or > even relationships [1]. > Did you have more 'real-world' ideas about this? > > So, I think your idea is something rather interesting, but a little bit > too early, considering the state of our work. Nonetheless, it might be > added to the Ideas page on libreplanet [2]. > > [1] <http://purl.org/vocab/relationship> > [2] <http://groups.fsf.org/wiki/Group:GNU_Social/Ideas> > > > > > _________________________________ > Mischa Tuffield > Email: [email protected] > Homepage: http://mmt.me.uk/ > WebID: http://mmt.me.uk/foaf.rdf#mischa > >
