[foaf-dev] Re: privacy and open data

[Julian Bond]

A slightly different take. Let's say I give out voidstar.com, we use 
auto-discovery (header, YADIS, HEAD section) to find 
http://www.voidstar.com/foaf.php foaf.php returns one of two FOAF files. 
A small public one or a large private one. I decide that you get the 
large private one if you can prove you are one of the people in my 
foaf:knows list. Behind all this I've got an app for maintaining this 
list.

So what this reduces to is how does someone prove that they own the 
email address that is behind the mbox_sha1sum in an entry in my 
foaf:knows list. Now they shouldn't be reading the FOAF directly, an 
application should be doing that. So this looks to me like exactly the 
scenario that oAuth and OpenID were designed for. OpenID proves their 
identity. They can use AX or sReg to verify once that the email address 
or OpenID on the foaf:knows list belongs to them. I can then give them 
an oAuth token so they're app can verify its still them for ever after. 
They're app can then come and get the full private FOAF as often as they 
wish. Or we could use pubsub to push a change to their app whenever I 
update it.

The best thing about all this is that we don't have to invent anything 
new. All the pieces are in place, they're all standard and there's 
libraries in all common languages to help us build it. Its an 
application development problem not an infrastructure standards problem.

As others have mentioned, it doesn't attempt to deal with the problem 
that once you've got your copy of my private FOAF you can do whatever 
you like with it. Like smush it with other data you've got, upload it to 
gmail, plaxo, linkedin, etc etc. It's not going to stay private for 
long.

-- 
Julian Bond  E&MSN: julian_bond at voidstar.com  M: +44 (0)77 5907 2173
Webmaster:          http://www.ecademy.com/      T: +44 (0)192 0412 433
Personal WebLog:    http://www.voidstar.com/     skype:julian.bond?chat
                       Coupons Cannot Be Combined