|
Size: 8961
Comment:
|
← Revision 8 as of 2009-12-23 14:50:46 ⇥
Size: 9124
Comment: converted to 1.6 markup
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 3: | Line 3: |
| Propriocept is a tool to manage your online identity, presence and privacy. The backronym will be worked out later. [http://trs80.ucc.asn.au/2007/proposal.pdf Original proposal]. | Propriocept is a tool to manage your online identity, presence and privacy. The backronym will be worked out later. [[http://trs80.ucc.asn.au/2007/proposal.pdf|Original proposal]]. |
| Line 7: | Line 7: |
| A GPG key is created with the OpenID in the email field (which has to be done in batch mode). This key is then [http://golem.ph.utexas.edu/~distler/blog/archives/000325.html published] at the OpenID URI. FOAF is generated and signed with this key, listing the user's public information, friends and default trusted groups. A foaf:seeAlso link to an XMPP URI is included, which resolves to an agent that reports more information to trusted users and websites. A website's agent is specified by a FOAF file linked from its homepage with a foaf:agent entry. Content generated by the user is harvested implicity (by MicroID, RSS/Atom) or explicitly (user pastes URI), and the user is asked to confirm it's them. If so, SIOC is generated for the content and signed with the GPG key. | A GPG key is created with the OpenID in the email field (which has to be done in batch mode). This key is then [[http://golem.ph.utexas.edu/~distler/blog/archives/000325.html|published]] at the OpenID URI. FOAF is generated and signed with this key, listing the user's public information, friends and default trusted groups. A foaf:seeAlso link to an XMPP URI is included, which resolves to an agent that reports more information to trusted users and websites. A website's agent is specified by a FOAF file linked from its homepage with a foaf:agent entry. Content generated by the user is harvested implicity (by MicroID, RSS/Atom) or explicitly (user pastes URI), and the user is asked to confirm it's them. If so, SIOC is generated for the content and signed with the GPG key. |
| Line 11: | Line 11: |
| The RDF will be signed with straight GPG - XML Security was considered, but the OpenPGP signature type is underspecified and only [http://giftfile.org/software/debian/sarge/ one implementation] exists. Grabbing the raw DSA/RSA keys out of the private key was tried with success, but only after wasting a day or two before realising [http://pyxmlsec.labs.libre-entreprise.org/ PyXMLSec] wasn't 64bit clean. This combined with the [http://www.isecpartners.com/files/iSEC_HILL_AttackingXMLSecurity_bh07.pdf exploits in XML Security] due to too many features resulted in its rejection. | The RDF will be signed with straight GPG - XML Security was considered, but the OpenPGP signature type is underspecified and only [[http://giftfile.org/software/debian/sarge/|one implementation]] exists. Grabbing the raw DSA/RSA keys out of the private key was tried with success, but only after wasting a day or two before realising [[http://pyxmlsec.labs.libre-entreprise.org/|PyXMLSec]] wasn't 64bit clean. This combined with the [[http://www.isecpartners.com/files/iSEC_HILL_AttackingXMLSecurity_bh07.pdf|exploits in XML Security]] due to too many features resulted in its rejection. |
| Line 13: | Line 13: |
| If [http://code.google.com/p/oauth/ OAuth] is publically specified support might be added, but HTTP auth sucks, and XMPP is more organic and [http://www.saint-andre.com/jabber/Security.pdf secure]. | If [[http://code.google.com/p/oauth/|OAuth]] is publically specified support might be added, but HTTP auth sucks, and XMPP is more organic and [[http://www.saint-andre.com/jabber/Security.pdf|secure]]. |
| Line 20: | Line 20: |
| [http://tools.ietf.org/html/rfc4622 XMPP URIs] [http://www.w3.org/TR/rdf-concepts/ RDF Concepts] [http://www.w3.org/TR/2004/REC-rdf-primer-20040210/ RDF Primer] [http://xmlns.com/foaf/spec/ FoaF vocabulary] [http://xmlns.com/wot/0.1/ WoT schema] [http://microid.org/ MicroID] [http://www.dajobe.org/2004/01/turtle/ Turtle] [http://www.w3.org/TR/swbp-vocab-pub/ Best Practice Recipes for Publishing RDF Vocabularies] [http://sites.wiwiss.fu-berlin.de/suhl/bizer/pub/LinkedDataTutorial/ How to Publish Linked Data on the Web] [http://www.w3.org/TR/grddl/ Gleaning Resource Descriptions from Dialects of Languages (GRRDL)] [http://www.w3.org/2003/g/data-view GRDDL Data Views: RDF expressed in XHTML and XML] [http://esw.w3.org/topic/CustomRdfDialects Custom RDF dialects] [http://microformats.org/wiki/social-network-portability Social Network Portability] |
[[http://tools.ietf.org/html/rfc4622|XMPP URIs]] [[http://www.w3.org/TR/rdf-concepts/|RDF Concepts]] [[http://www.w3.org/TR/2004/REC-rdf-primer-20040210/|RDF Primer]] [[http://xmlns.com/foaf/spec/|FoaF vocabulary]] [[http://xmlns.com/wot/0.1/|WoT schema]] [[http://microid.org/|MicroID]] [[http://www.dajobe.org/2004/01/turtle/|Turtle]] [[http://www.w3.org/TR/swbp-vocab-pub/|Best Practice Recipes for Publishing RDF Vocabularies]] [[http://sites.wiwiss.fu-berlin.de/suhl/bizer/pub/LinkedDataTutorial/|How to Publish Linked Data on the Web]] [[http://www.w3.org/TR/grddl/|Gleaning Resource Descriptions from Dialects of Languages (GRRDL)]] [[http://www.w3.org/2003/g/data-view|GRDDL Data Views: RDF expressed in XHTML and XML]] [[http://esw.w3.org/topic/CustomRdfDialects|Custom RDF dialects]] [[http://microformats.org/wiki/social-network-portability|Social Network Portability]] |
| Line 36: | Line 36: |
| [http://www.ideaspace.net/users/wkearney/archives/entries/000409.html FOAF grouping] [http://www.bytebot.net/blog/archives/2007/03/09/too-many-openid-registras-considered-harmful Too many OpenID registrars?] [http://notabob.blogspot.com/2005/08/identity-is-story.html An identity is a story] [http://chris.pirillo.com/2007/07/27/pownce-social-networks-arent-identity-networks/ Pownce: Social Networks aren’t Identity Networks] [http://willnorris.com/2007/03/openid-provider-wish-list OpenID provider wish-list] [http://golem.ph.utexas.edu/~distler/blog/archives/000325.html <link rel="pgpkeys">, Sean Carroll and Atom] [http://www.neilturner.me.uk/2005/Dec/31/firefox_pgp_extension_ide.html Firefox PGP Extension Idea] [http://dannyayers.com/2005/11/03/xfn-vs-foaf/ XFN vs. FOAF?] [http://www.advogato.org/person/quad/diary.html?start=57 How thoughtless of you to let down, when I thought you'd be around.] [http://www.buzzmachine.com/2007/08/24/friendship-is-complicated/ Friendship is complicated] [http://meish.org/2007/08/16/facebook-and-the-perils-of-prodigious-sociability Facebook and the perils of prodigious sociability] [http://blog.jonudell.net/2007/06/17/how-do-i-know-person-x-through-the-web/ How do I know this person? Through the Web!] [http://www.xml.com/pub/a/2004/02/04/foaf.html An Introduction to FOAF] [http://bradfitz.com/social-graph-problem/ Thoughts on the Social Graph] and [http://technorati.com/search/bradfitz.com/social-graph-problem/?reactions=&sort=authority reactions] [http://www.aleksey.com/pipermail/xmlsec/2004/002018.html PGP and XML Signature] [http://publishing2.com/2007/07/30/web-20-inefficiency-crossposting-on-twitter-facebook-google-reader-etc/ Web 2.0 Inefficiency: Crossposting On Twitter, Facebook, Google Reader, Etc.] [http://dig.csail.mit.edu/2007/06/ieee-ic-decentralized-identity-weitzner.html Whose Name is it Anyway? Decentralized Identity Systems on the Web] [http://blogs.sun.com/bblfish/entry/foaf_openid foaf and openid] [http://pingthesemanticweb.com/ Ping the Semantic Web] [http://sioc-project.org/ Semantically-Interlinked Online Communities Project] [http://www.kanzaki.com/works/2004/misc/0303xfn.html Extracting FOAF/RDF from XFN] [http://usefulinc.com/foaf/ FOAF: Friend of a Friend RDF Vocabulary] [http://blogs.sun.com/bblfish/entry/beatnik_change_your_mind Beatnik: change your mind] [http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust cryptographic web of trust] [http://nicklothian.com/blog/2007/08/24/preserving-privacy-while-promoting-social-network-portability/ Preserving privacy while promoting social network portability] [http://www.colfelt.com/thevanityexperiment/archives/digital_identity/index.shtml#000182 Federated ID, Missing the Point] [http://www.themaninblue.com/writing/perspective/2007/09/03/ There are no social networks] [http://www.brianoberkirch.com/2007/08/29/the-many-paths-to-portable-social-network-nirvana The Many Paths to Portable Social Network Nirvana] [http://www.slideshare.net/simon/advanced-django/ Advanced Django] [http://opensocialweb.org/2007/09/05/bill-of-rights/ A Bill of Rights for Users of the Social Web] [http://openfriendformat.com/ OpenFriend] [http://anders.conbere.org/journal/post/portable-social-networks-xmpp/ Portable Social Networks (XMPP)] [http://spap-oop.blogspot.com/2007/09/perils-of-social-networking-pt-2.html The Perils of Social Networking, Pt. 2: Facebook opens up, Quechup stains, fighting Rapleaf's enfolding] |
[[http://www.ideaspace.net/users/wkearney/archives/entries/000409.html|FOAF grouping]] [[http://www.bytebot.net/blog/archives/2007/03/09/too-many-openid-registras-considered-harmful|Too many OpenID registrars?]] [[http://notabob.blogspot.com/2005/08/identity-is-story.html|An identity is a story]] [[http://chris.pirillo.com/2007/07/27/pownce-social-networks-arent-identity-networks/|Pownce: Social Networks aren’t Identity Networks]] [[http://willnorris.com/2007/03/openid-provider-wish-list|OpenID provider wish-list]] [[http://golem.ph.utexas.edu/~distler/blog/archives/000325.html|<link rel="pgpkeys">, Sean Carroll and Atom]] [[http://www.neilturner.me.uk/2005/Dec/31/firefox_pgp_extension_ide.html|Firefox PGP Extension Idea]] [[http://dannyayers.com/2005/11/03/xfn-vs-foaf/|XFN vs. FOAF?]] [[http://www.advogato.org/person/quad/diary.html?start=57|How thoughtless of you to let down, when I thought you'd be around.]] [[http://www.buzzmachine.com/2007/08/24/friendship-is-complicated/|Friendship is complicated]] [[http://meish.org/2007/08/16/facebook-and-the-perils-of-prodigious-sociability|Facebook and the perils of prodigious sociability]] [[http://blog.jonudell.net/2007/06/17/how-do-i-know-person-x-through-the-web/|How do I know this person? Through the Web!]] [[http://www.xml.com/pub/a/2004/02/04/foaf.html|An Introduction to FOAF]] [[http://bradfitz.com/social-graph-problem/|Thoughts on the Social Graph]] and [[http://technorati.com/search/bradfitz.com/social-graph-problem/?reactions=&sort=authority|reactions]] [[http://www.aleksey.com/pipermail/xmlsec/2004/002018.html|PGP and XML Signature]] [[http://publishing2.com/2007/07/30/web-20-inefficiency-crossposting-on-twitter-facebook-google-reader-etc/|Web 2.0 Inefficiency: Crossposting On Twitter, Facebook, Google Reader, Etc.]] [[http://dig.csail.mit.edu/2007/06/ieee-ic-decentralized-identity-weitzner.html|Whose Name is it Anyway? Decentralized Identity Systems on the Web]] [[http://blogs.sun.com/bblfish/entry/foaf_openid|foaf and openid]] [[http://pingthesemanticweb.com/|Ping the Semantic Web]] [[http://sioc-project.org/|Semantically-Interlinked Online Communities Project]] [[http://www.kanzaki.com/works/2004/misc/0303xfn.html|Extracting FOAF/RDF from XFN]] [[http://usefulinc.com/foaf/|FOAF: Friend of a Friend RDF Vocabulary]] [[http://blogs.sun.com/bblfish/entry/beatnik_change_your_mind|Beatnik: change your mind]] [[http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust|cryptographic web of trust]] [[http://nicklothian.com/blog/2007/08/24/preserving-privacy-while-promoting-social-network-portability/|Preserving privacy while promoting social network portability]] [[http://www.colfelt.com/thevanityexperiment/archives/digital_identity/index.shtml#000182|Federated ID, Missing the Point]] [[http://www.themaninblue.com/writing/perspective/2007/09/03/|There are no social networks]] [[http://www.brianoberkirch.com/2007/08/29/the-many-paths-to-portable-social-network-nirvana|The Many Paths to Portable Social Network Nirvana]] [[http://www.slideshare.net/simon/advanced-django/|Advanced Django]] [[http://opensocialweb.org/2007/09/05/bill-of-rights/|A Bill of Rights for Users of the Social Web]] [[http://openfriendformat.com/|OpenFriend]] [[http://anders.conbere.org/journal/post/portable-social-networks-xmpp/|Portable Social Networks (XMPP)]] [[http://spap-oop.blogspot.com/2007/09/perils-of-social-networking-pt-2.html|The Perils of Social Networking, Pt. 2: Facebook opens up, Quechup stains, fighting Rapleaf's enfolding]] |
| Line 70: | Line 70: |
| [http://www.hueniverse.com/hueniverse/2007/09/explaining-oaut.html Explaining OAuth] [http://lifehacker.com/software/technophilia/one-openid-to-rule-them-allor-not-302156.php One OpenID to Rule Them All...or Not?] [http://blogoscoped.com/archive/2007-10-15-n68.html The Future of Reputation: Gossip, Rumor, and Privacy On the Internet] |
[[http://www.hueniverse.com/hueniverse/2007/09/explaining-oaut.html|Explaining OAuth]] [[http://lifehacker.com/software/technophilia/one-openid-to-rule-them-allor-not-302156.php|One OpenID to Rule Them All...or Not?]] [[http://blogoscoped.com/archive/2007-10-15-n68.html|The Future of Reputation: Gossip, Rumor, and Privacy On the Internet]] |
| Line 75: | Line 75: |
| [http://rdflib.net/ RDFlib] [http://www.mnot.net/sw/sparta/ Sparta] [http://openid.rossp.org/ OpenID Django integration] [http://code.google.com/p/django-openid/issues/detail?id=9 OpenID Django integration] [http://homer.w3.org/~connolly/projects/grddl-client/ grddl-client] [http://infomesh.net/pyrple/ pyrple] [http://swaml.berlios.de/ Semantic Web Archive of Mailing Lists] [http://simile.mit.edu/wiki/Appalachian Appalachian] [http://simile.mit.edu/wiki/Piggy_Bank Piggy Bank] [http://simile.mit.edu/wiki/RDFizers RDFizers] [http://simile.mit.edu/wiki/Referee Referee] [http://svn.foaf-project.org/foaftown/jqbus/intro.html JQbus - Jabber chat query services] [http://elgg.org/ Elgg: the open source social networking platform] [http://friendfeed.com/ FriendFeed] |
[[http://rdflib.net/|RDFlib]] [[http://www.mnot.net/sw/sparta/|Sparta]] [[http://openid.rossp.org/|OpenID Django integration]] [[http://code.google.com/p/django-openid/issues/detail?id=9|OpenID Django integration]] [[http://homer.w3.org/~connolly/projects/grddl-client/|grddl-client]] [[http://infomesh.net/pyrple/|pyrple]] [[http://swaml.berlios.de/|Semantic Web Archive of Mailing Lists]] [[http://simile.mit.edu/wiki/Appalachian|Appalachian]] [[http://simile.mit.edu/wiki/Piggy_Bank|Piggy Bank]] [[http://simile.mit.edu/wiki/RDFizers|RDFizers]] [[http://simile.mit.edu/wiki/Referee|Referee]] [[http://svn.foaf-project.org/foaftown/jqbus/intro.html|JQbus - Jabber chat query services]] [[http://elgg.org/|Elgg: the open source social networking platform]] [[http://friendfeed.com/|FriendFeed]] |
| Line 90: | Line 90: |
| [http://www.idcorner.org/?p=153 On Identity Claims, Unlinkability, and Selective Disclosure (part 3)] [http://www.idcorner.org/?p=155 More on minimal disclosure tokens] [http://www.idcorner.org/?p=157 Preserving unlinkability of accounts] etc. [http://www.idcorner.org/?p=161 The problem(s) with OpenID] and while [http://daveman692.livejournal.com/310578.html Stefan Chooses to Take the "Fox News" Approach to OpenID Blogging] he does have some points, including how the IdP can impersonate anyone. But implementing a true zero-knowledge identity system is way beyond the scope of this project. Nevertheless, here are some more links on the topic: [http://www.identityblog.com/?p=815 Linkage in “redirect” protocols like SAML] [http://www.identityblog.com/?p=804 Evolving technology for better privacy] [http://www.zurich.ibm.com/security/idemix/ idemix] [http://www.credentica.com/the_mit_pressbook.html Rethinking Public Key Infrastructures and Digital Certificates; Building in Privacy] [http://www.zurich.ibm.com/~jca/papers/bacaly04.pdf A Cryptographic Framework for the Controlled Release Of Certified Data] [http://grid.ncsa.uiuc.edu/myproxy/ MyProxy Credential Management Service] [https://www.prime-project.eu/ Privacy and Identity Management for Europe] |
[[http://www.idcorner.org/?p=153|On Identity Claims, Unlinkability, and Selective Disclosure (part 3)]] [[http://www.idcorner.org/?p=155|More on minimal disclosure tokens]] [[http://www.idcorner.org/?p=157|Preserving unlinkability of accounts]] etc. [[http://www.idcorner.org/?p=161|The problem(s) with OpenID]] and while [[http://daveman692.livejournal.com/310578.html|Stefan Chooses to Take the "Fox News" Approach to OpenID Blogging]] he does have some points, including how the IdP can impersonate anyone. But implementing a true zero-knowledge identity system is way beyond the scope of this project. Nevertheless, here are some more links on the topic: [[http://www.identityblog.com/?p=815|Linkage in “redirect” protocols like SAML]] [[http://www.identityblog.com/?p=804|Evolving technology for better privacy]] [[http://www.zurich.ibm.com/security/idemix/|idemix]] [[http://www.credentica.com/the_mit_pressbook.html|Rethinking Public Key Infrastructures and Digital Certificates; Building in Privacy]] [[http://www.zurich.ibm.com/~jca/papers/bacaly04.pdf|A Cryptographic Framework for the Controlled Release Of Certified Data]] [[http://grid.ncsa.uiuc.edu/myproxy/|MyProxy Credential Management Service]] [[https://www.prime-project.eu/|Privacy and Identity Management for Europe]] |
OpenID + FOAF + XMPP + GPG + MicroID + SIOC = Profit
Propriocept is a tool to manage your online identity, presence and privacy. The backronym will be worked out later. Original proposal.
Design Notes
A GPG key is created with the OpenID in the email field (which has to be done in batch mode). This key is then published at the OpenID URI. FOAF is generated and signed with this key, listing the user's public information, friends and default trusted groups. A foaf:seeAlso link to an XMPP URI is included, which resolves to an agent that reports more information to trusted users and websites. A website's agent is specified by a FOAF file linked from its homepage with a foaf:agent entry. Content generated by the user is harvested implicity (by MicroID, RSS/Atom) or explicitly (user pastes URI), and the user is asked to confirm it's them. If so, SIOC is generated for the content and signed with the GPG key.
Rationale
The RDF will be signed with straight GPG - XML Security was considered, but the OpenPGP signature type is underspecified and only one implementation exists. Grabbing the raw DSA/RSA keys out of the private key was tried with success, but only after wasting a day or two before realising PyXMLSec wasn't 64bit clean. This combined with the exploits in XML Security due to too many features resulted in its rejection.
If OAuth is publically specified support might be added, but HTTP auth sucks, and XMPP is more organic and secure.
The RDF (FOAF and SIOC) will be published as both Turtle and RDF/XML - turtle for readability, and RDF/XML for support. GRDDL will be used to get data from XFN.
Linkdump
Specifications
XMPP URIs RDF Concepts RDF Primer FoaF vocabulary WoT schema MicroID Turtle Best Practice Recipes for Publishing RDF Vocabularies How to Publish Linked Data on the Web Gleaning Resource Descriptions from Dialects of Languages (GRRDL) GRDDL Data Views: RDF expressed in XHTML and XML Custom RDF dialects Social Network Portability
Articles
FOAF grouping Too many OpenID registrars? An identity is a story Pownce: Social Networks aren’t Identity Networks OpenID provider wish-list <link rel="pgpkeys">, Sean Carroll and Atom Firefox PGP Extension Idea XFN vs. FOAF? How thoughtless of you to let down, when I thought you'd be around. Friendship is complicated Facebook and the perils of prodigious sociability How do I know this person? Through the Web! An Introduction to FOAF Thoughts on the Social Graph and reactions PGP and XML Signature Web 2.0 Inefficiency: Crossposting On Twitter, Facebook, Google Reader, Etc. Whose Name is it Anyway? Decentralized Identity Systems on the Web foaf and openid Ping the Semantic Web Semantically-Interlinked Online Communities Project Extracting FOAF/RDF from XFN FOAF: Friend of a Friend RDF Vocabulary Beatnik: change your mind cryptographic web of trust Preserving privacy while promoting social network portability Federated ID, Missing the Point There are no social networks The Many Paths to Portable Social Network Nirvana Advanced Django A Bill of Rights for Users of the Social Web OpenFriend Portable Social Networks (XMPP) The Perils of Social Networking, Pt. 2: Facebook opens up, Quechup stains, fighting Rapleaf's enfolding [http://www.windley.com/docs/2007/windley%20-%20user%20centric%20identity%20tutorial.pdf Explaining OAuth One OpenID to Rule Them All...or Not? The Future of Reputation: Gossip, Rumor, and Privacy On the Internet
Code
RDFlib Sparta OpenID Django integration OpenID Django integration grddl-client pyrple Semantic Web Archive of Mailing Lists Appalachian Piggy Bank RDFizers Referee JQbus - Jabber chat query services Elgg: the open source social networking platform FriendFeed
Cypherpunks
On Identity Claims, Unlinkability, and Selective Disclosure (part 3) More on minimal disclosure tokens Preserving unlinkability of accounts etc. The problem(s) with OpenID and while Stefan Chooses to Take the "Fox News" Approach to OpenID Blogging he does have some points, including how the IdP can impersonate anyone. But implementing a true zero-knowledge identity system is way beyond the scope of this project. Nevertheless, here are some more links on the topic: Linkage in “redirect” protocols like SAML Evolving technology for better privacy idemix Rethinking Public Key Infrastructures and Digital Certificates; Building in Privacy A Cryptographic Framework for the Controlled Release Of Certified Data MyProxy Credential Management Service Privacy and Identity Management for Europe
