[foaf-dev] Re: privacy and open data

Anthony Steele anthony.steele13 at ntlworld.com
Thu Mar 27 19:38:41 GMT 2008 

 > http://www.voidstar.com/foaf.php foaf.php returns one of two FOAF files. 
> A small public one or a large private one. I decide that you get the 
> large private one if you can prove you are one of the people in my 
> foaf:knows list. Behind all this I've got an app for maintaining this 
> list.
>
I'm thinking of being much more granular than "A small public one or a large private one" but the essence is correct. I don't think of this data as "files"; they are resources generated on the spot with current data from the backend and identity confirmation coming in. Very few pieces of html data that you see on the web these days are "files", they are the output of server-side programs.

>So this looks to me like exactly the 
> scenario that oAuth and OpenID were designed for. OpenID proves their 
> identity. They can use AX or sReg to verify once that the email address 
> or OpenID on the foaf:knows list belongs to them. I can then give them 
> an oAuth token so they're app can verify its still them for ever after. 

Yes, I'm slowly coming around to this way of thinking.


> As others have mentioned, it doesn't attempt to deal with the problem 
> that once you've got your copy of my private FOAF you can do whatever 
> you like with it. Like smush it with other data you've got, upload it to 
> gmail, plaxo, linkedin, etc etc. It's not going to stay private for 
> long.
> 

This is a social problem, technology can't fix it. However despite the theoretical holes, it seems to work well enough in practice.

If you look at livejournal.com, one of their selling point is that blog posts can be visible to public, all friends, or  specific friends groups. In addition to the the predictable gossip and drama, people *can and do* make friends-only posts containing their phone numbers, residential address, etc. Of course, you need to have and use a livejournal account in order to play at present.  Will the level of automation that RDF:Foaf brings break this? I don't know.

I envisage this kind of access control applying to content other than FOAF data; items in RSS feeds particularly. Almost all of the interesting non-foaf parts of social networks can be modelled as RSS feeds :)


Anthony


-----------------------------------------
Email sent from www.virginmedia.com/email
Virus-checked using McAfee(R) Software and scanned for spam

More information about the foaf-dev mailing list