OpenID + FOAF + XMPP + GPG + MicroID + SIOC = Profit

Propriocept is a tool to manage your online identity, presence and privacy. The backronym will be worked out later. [http://trs80.ucc.asn.au/2007/proposal.pdf Original proposal].

Design Notes

A GPG key is created with the OpenID in the email field (which has to be done in batch mode). This key is then [http://golem.ph.utexas.edu/~distler/blog/archives/000325.html published] at the OpenID URI. FOAF is generated and signed with this key, listing the user's public information, friends and default trusted groups. A foaf:seeAlso link to an XMPP URI is included, which resolves to an agent that reports more information to trusted users and websites. A website's agent is specified by a FOAF file linked from its homepage with a foaf:agent entry. Content generated by the user is harvested implicity (by MicroID, RSS/Atom) or explicitly (user pastes URI), and the user is asked to confirm it's them. If so, SIOC is generated for the content and signed with the GPG key.

Rationale

The RDF will be signed with straight GPG - XML Security was considered, but the OpenPGP signature type is underspecified and only [http://giftfile.org/software/debian/sarge/ one implementation] exists. Grabbing the raw DSA/RSA keys out of the private key was tried with success, but only after wasting a day or two before realising [http://pyxmlsec.labs.libre-entreprise.org/ PyXMLSec] wasn't 64bit clean. This combined with the [http://www.isecpartners.com/files/iSEC_HILL_AttackingXMLSecurity_bh07.pdf exploits in XML Security] due to too many features resulted in its rejection.

If [http://code.google.com/p/oauth/ OAuth] is publically specified support might be added, but HTTP auth sucks, and XMPP is more organic and [http://www.saint-andre.com/jabber/Security.pdf secure].

The RDF (FOAF and SIOC) will be published as both Turtle and RDF/XML - turtle for readability, and RDF/XML for support. GRDDL will be used to get data from XFN.

Linkdump

Specifications

[http://tools.ietf.org/html/rfc4622 XMPP URIs] [http://www.w3.org/TR/rdf-concepts/ RDF Concepts] [http://www.w3.org/TR/2004/REC-rdf-primer-20040210/ RDF Primer] [http://xmlns.com/foaf/spec/ FoaF vocabulary] [http://xmlns.com/wot/0.1/ WoT schema] [http://microid.org/ MicroID] [http://www.dajobe.org/2004/01/turtle/ Turtle] [http://www.w3.org/TR/swbp-vocab-pub/ Best Practice Recipes for Publishing RDF Vocabularies] [http://sites.wiwiss.fu-berlin.de/suhl/bizer/pub/LinkedDataTutorial/ How to Publish Linked Data on the Web] [http://www.w3.org/TR/grddl/ Gleaning Resource Descriptions from Dialects of Languages (GRRDL)] [http://www.w3.org/2003/g/data-view GRDDL Data Views: RDF expressed in XHTML and XML] [http://esw.w3.org/topic/CustomRdfDialects Custom RDF dialects]

Articles

[http://www.ideaspace.net/users/wkearney/archives/entries/000409.html FOAF grouping] [http://www.bytebot.net/blog/archives/2007/03/09/too-many-openid-registras-considered-harmful Too many OpenID registrars?] [http://notabob.blogspot.com/2005/08/identity-is-story.html An identity is a story] [http://chris.pirillo.com/2007/07/27/pownce-social-networks-arent-identity-networks/ Pownce: Social Networks aren’t Identity Networks] [http://willnorris.com/2007/03/openid-provider-wish-list OpenID provider wish-list] [http://golem.ph.utexas.edu/~distler/blog/archives/000325.html <link rel="pgpkeys">, Sean Carroll and Atom] [http://www.neilturner.me.uk/2005/Dec/31/firefox_pgp_extension_ide.html Firefox PGP Extension Idea] [http://dannyayers.com/2005/11/03/xfn-vs-foaf/ XFN vs. FOAF?] [http://www.advogato.org/person/quad/diary.html?start=57 How thoughtless of you to let down, when I thought you'd be around.] [http://www.buzzmachine.com/2007/08/24/friendship-is-complicated/ Friendship is complicated] [http://meish.org/2007/08/16/facebook-and-the-perils-of-prodigious-sociability Facebook and the perils of prodigious sociability] [http://blog.jonudell.net/2007/06/17/how-do-i-know-person-x-through-the-web/ How do I know this person? Through the Web!] [http://www.xml.com/pub/a/2004/02/04/foaf.html An Introduction to FOAF] [http://bradfitz.com/social-graph-problem/ Thoughts on the Social Graph] [http://www.aleksey.com/pipermail/xmlsec/2004/002018.html PGP and XML Signature] [http://publishing2.com/2007/07/30/web-20-inefficiency-crossposting-on-twitter-facebook-google-reader-etc/ Web 2.0 Inefficiency: Crossposting On Twitter, Facebook, Google Reader, Etc.] [http://dig.csail.mit.edu/2007/06/ieee-ic-decentralized-identity-weitzner.html Whose Name is it Anyway? Decentralized Identity Systems on the Web] [http://blogs.sun.com/bblfish/entry/foaf_openid foaf and openid] [http://pingthesemanticweb.com/ Ping the Semantic Web] [http://sioc-project.org/ Semantically-Interlinked Online Communities Project] [http://www.kanzaki.com/works/2004/misc/0303xfn.html Extracting FOAF/RDF from XFN] [http://usefulinc.com/foaf/ FOAF: Friend of a Friend RDF Vocabulary] [http://blogs.sun.com/bblfish/entry/beatnik_change_your_mind Beatnik: change your mind] [http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust cryptographic web of trust]

Code

[http://rdflib.net/ RDFlib] [http://www.mnot.net/sw/sparta/ Sparta] [http://openid.rossp.org/ OpenID Django integration] [http://code.google.com/p/django-openid/issues/detail?id=9 OpenID Django integration] [http://homer.w3.org/~connolly/projects/grddl-client/ grddl-client] [http://infomesh.net/pyrple/ pyrple] [http://swaml.berlios.de/ Semantic Web Archive of Mailing Lists] [http://simile.mit.edu/wiki/Appalachian Appalachian] [http://simile.mit.edu/wiki/Piggy_Bank Piggy Bank] [http://simile.mit.edu/wiki/RDFizers RDFizers] [http://simile.mit.edu/wiki/Referee Referee] [http://svn.foaf-project.org/foaftown/jqbus/intro.html JQbus - Jabber chat query services]