[foaf-dev] Re: privacy and open data
Julian Bond
julian_bond at voidstar.com
Thu Mar 27 11:07:56 GMT 2008
A slightly different take. Let's say I give out voidstar.com, we use
auto-discovery (header, YADIS, HEAD section) to find
http://www.voidstar.com/foaf.php foaf.php returns one of two FOAF files.
A small public one or a large private one. I decide that you get the
large private one if you can prove you are one of the people in my
foaf:knows list. Behind all this I've got an app for maintaining this
list.
So what this reduces to is how does someone prove that they own the
email address that is behind the mbox_sha1sum in an entry in my
foaf:knows list. Now they shouldn't be reading the FOAF directly, an
application should be doing that. So this looks to me like exactly the
scenario that oAuth and OpenID were designed for. OpenID proves their
identity. They can use AX or sReg to verify once that the email address
or OpenID on the foaf:knows list belongs to them. I can then give them
an oAuth token so they're app can verify its still them for ever after.
They're app can then come and get the full private FOAF as often as they
wish. Or we could use pubsub to push a change to their app whenever I
update it.
The best thing about all this is that we don't have to invent anything
new. All the pieces are in place, they're all standard and there's
libraries in all common languages to help us build it. Its an
application development problem not an infrastructure standards problem.
As others have mentioned, it doesn't attempt to deal with the problem
that once you've got your copy of my private FOAF you can do whatever
you like with it. Like smush it with other data you've got, upload it to
gmail, plaxo, linkedin, etc etc. It's not going to stay private for
long.
--
Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173
Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433
Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat
Coupons Cannot Be Combined
More information about the foaf-dev
mailing list