Differences between revisions 6 and 7
Revision 6 as of 2007-10-07 17:55:40
Size: 8838
Comment:
Revision 7 as of 2007-10-30 22:56:37
Size: 8961
Comment:
Deletions are marked like this. Additions are marked like this.
Line 72: Line 72:
[http://blogoscoped.com/archive/2007-10-15-n68.html The Future of Reputation: Gossip, Rumor, and Privacy On the Internet]

OpenID + FOAF + XMPP + GPG + MicroID + SIOC = Profit

Propriocept is a tool to manage your online identity, presence and privacy. The backronym will be worked out later. [http://trs80.ucc.asn.au/2007/proposal.pdf Original proposal].

Design Notes

A GPG key is created with the OpenID in the email field (which has to be done in batch mode). This key is then [http://golem.ph.utexas.edu/~distler/blog/archives/000325.html published] at the OpenID URI. FOAF is generated and signed with this key, listing the user's public information, friends and default trusted groups. A foaf:seeAlso link to an XMPP URI is included, which resolves to an agent that reports more information to trusted users and websites. A website's agent is specified by a FOAF file linked from its homepage with a foaf:agent entry. Content generated by the user is harvested implicity (by MicroID, RSS/Atom) or explicitly (user pastes URI), and the user is asked to confirm it's them. If so, SIOC is generated for the content and signed with the GPG key.

Rationale

The RDF will be signed with straight GPG - XML Security was considered, but the OpenPGP signature type is underspecified and only [http://giftfile.org/software/debian/sarge/ one implementation] exists. Grabbing the raw DSA/RSA keys out of the private key was tried with success, but only after wasting a day or two before realising [http://pyxmlsec.labs.libre-entreprise.org/ PyXMLSec] wasn't 64bit clean. This combined with the [http://www.isecpartners.com/files/iSEC_HILL_AttackingXMLSecurity_bh07.pdf exploits in XML Security] due to too many features resulted in its rejection.

If [http://code.google.com/p/oauth/ OAuth] is publically specified support might be added, but HTTP auth sucks, and XMPP is more organic and [http://www.saint-andre.com/jabber/Security.pdf secure].

The RDF (FOAF and SIOC) will be published as both Turtle and RDF/XML - turtle for readability, and RDF/XML for support. GRDDL will be used to get data from XFN.

Linkdump

Specifications

[http://tools.ietf.org/html/rfc4622 XMPP URIs] [http://www.w3.org/TR/rdf-concepts/ RDF Concepts] [http://www.w3.org/TR/2004/REC-rdf-primer-20040210/ RDF Primer] [http://xmlns.com/foaf/spec/ FoaF vocabulary] [http://xmlns.com/wot/0.1/ WoT schema] [http://microid.org/ MicroID] [http://www.dajobe.org/2004/01/turtle/ Turtle] [http://www.w3.org/TR/swbp-vocab-pub/ Best Practice Recipes for Publishing RDF Vocabularies] [http://sites.wiwiss.fu-berlin.de/suhl/bizer/pub/LinkedDataTutorial/ How to Publish Linked Data on the Web] [http://www.w3.org/TR/grddl/ Gleaning Resource Descriptions from Dialects of Languages (GRRDL)] [http://www.w3.org/2003/g/data-view GRDDL Data Views: RDF expressed in XHTML and XML] [http://esw.w3.org/topic/CustomRdfDialects Custom RDF dialects] [http://microformats.org/wiki/social-network-portability Social Network Portability]

Articles

[http://www.ideaspace.net/users/wkearney/archives/entries/000409.html FOAF grouping] [http://www.bytebot.net/blog/archives/2007/03/09/too-many-openid-registras-considered-harmful Too many OpenID registrars?] [http://notabob.blogspot.com/2005/08/identity-is-story.html An identity is a story] [http://chris.pirillo.com/2007/07/27/pownce-social-networks-arent-identity-networks/ Pownce: Social Networks aren’t Identity Networks] [http://willnorris.com/2007/03/openid-provider-wish-list OpenID provider wish-list] [http://golem.ph.utexas.edu/~distler/blog/archives/000325.html <link rel="pgpkeys">, Sean Carroll and Atom] [http://www.neilturner.me.uk/2005/Dec/31/firefox_pgp_extension_ide.html Firefox PGP Extension Idea] [http://dannyayers.com/2005/11/03/xfn-vs-foaf/ XFN vs. FOAF?] [http://www.advogato.org/person/quad/diary.html?start=57 How thoughtless of you to let down, when I thought you'd be around.] [http://www.buzzmachine.com/2007/08/24/friendship-is-complicated/ Friendship is complicated] [http://meish.org/2007/08/16/facebook-and-the-perils-of-prodigious-sociability Facebook and the perils of prodigious sociability] [http://blog.jonudell.net/2007/06/17/how-do-i-know-person-x-through-the-web/ How do I know this person? Through the Web!] [http://www.xml.com/pub/a/2004/02/04/foaf.html An Introduction to FOAF] [http://bradfitz.com/social-graph-problem/ Thoughts on the Social Graph] and [http://technorati.com/search/bradfitz.com/social-graph-problem/?reactions=&sort=authority reactions] [http://www.aleksey.com/pipermail/xmlsec/2004/002018.html PGP and XML Signature] [http://publishing2.com/2007/07/30/web-20-inefficiency-crossposting-on-twitter-facebook-google-reader-etc/ Web 2.0 Inefficiency: Crossposting On Twitter, Facebook, Google Reader, Etc.] [http://dig.csail.mit.edu/2007/06/ieee-ic-decentralized-identity-weitzner.html Whose Name is it Anyway? Decentralized Identity Systems on the Web] [http://blogs.sun.com/bblfish/entry/foaf_openid foaf and openid] [http://pingthesemanticweb.com/ Ping the Semantic Web] [http://sioc-project.org/ Semantically-Interlinked Online Communities Project] [http://www.kanzaki.com/works/2004/misc/0303xfn.html Extracting FOAF/RDF from XFN] [http://usefulinc.com/foaf/ FOAF: Friend of a Friend RDF Vocabulary] [http://blogs.sun.com/bblfish/entry/beatnik_change_your_mind Beatnik: change your mind] [http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust cryptographic web of trust] [http://nicklothian.com/blog/2007/08/24/preserving-privacy-while-promoting-social-network-portability/ Preserving privacy while promoting social network portability] [http://www.colfelt.com/thevanityexperiment/archives/digital_identity/index.shtml#000182 Federated ID, Missing the Point] [http://www.themaninblue.com/writing/perspective/2007/09/03/ There are no social networks] [http://www.brianoberkirch.com/2007/08/29/the-many-paths-to-portable-social-network-nirvana The Many Paths to Portable Social Network Nirvana] [http://www.slideshare.net/simon/advanced-django/ Advanced Django] [http://opensocialweb.org/2007/09/05/bill-of-rights/ A Bill of Rights for Users of the Social Web] [http://openfriendformat.com/ OpenFriend] [http://anders.conbere.org/journal/post/portable-social-networks-xmpp/ Portable Social Networks (XMPP)] [http://spap-oop.blogspot.com/2007/09/perils-of-social-networking-pt-2.html The Perils of Social Networking, Pt. 2: Facebook opens up, Quechup stains, fighting Rapleaf's enfolding] [http://www.windley.com/docs/2007/windley%20-%20user%20centric%20identity%20tutorial.pdf [http://www.hueniverse.com/hueniverse/2007/09/explaining-oaut.html Explaining OAuth] [http://lifehacker.com/software/technophilia/one-openid-to-rule-them-allor-not-302156.php One OpenID to Rule Them All...or Not?] [http://blogoscoped.com/archive/2007-10-15-n68.html The Future of Reputation: Gossip, Rumor, and Privacy On the Internet]

Code

[http://rdflib.net/ RDFlib] [http://www.mnot.net/sw/sparta/ Sparta] [http://openid.rossp.org/ OpenID Django integration] [http://code.google.com/p/django-openid/issues/detail?id=9 OpenID Django integration] [http://homer.w3.org/~connolly/projects/grddl-client/ grddl-client] [http://infomesh.net/pyrple/ pyrple] [http://swaml.berlios.de/ Semantic Web Archive of Mailing Lists] [http://simile.mit.edu/wiki/Appalachian Appalachian] [http://simile.mit.edu/wiki/Piggy_Bank Piggy Bank] [http://simile.mit.edu/wiki/RDFizers RDFizers] [http://simile.mit.edu/wiki/Referee Referee] [http://svn.foaf-project.org/foaftown/jqbus/intro.html JQbus - Jabber chat query services] [http://elgg.org/ Elgg: the open source social networking platform] [http://friendfeed.com/ FriendFeed]

Cypherpunks

[http://www.idcorner.org/?p=153 On Identity Claims, Unlinkability, and Selective Disclosure (part 3)] [http://www.idcorner.org/?p=155 More on minimal disclosure tokens] [http://www.idcorner.org/?p=157 Preserving unlinkability of accounts] etc. [http://www.idcorner.org/?p=161 The problem(s) with OpenID] and while [http://daveman692.livejournal.com/310578.html Stefan Chooses to Take the "Fox News" Approach to OpenID Blogging] he does have some points, including how the IdP can impersonate anyone. But implementing a true zero-knowledge identity system is way beyond the scope of this project. Nevertheless, here are some more links on the topic: [http://www.identityblog.com/?p=815 Linkage in “redirect” protocols like SAML] [http://www.identityblog.com/?p=804 Evolving technology for better privacy] [http://www.zurich.ibm.com/security/idemix/ idemix] [http://www.credentica.com/the_mit_pressbook.html Rethinking Public Key Infrastructures and Digital Certificates; Building in Privacy] [http://www.zurich.ibm.com/~jca/papers/bacaly04.pdf A Cryptographic Framework for the Controlled Release Of Certified Data] [http://grid.ncsa.uiuc.edu/myproxy/ MyProxy Credential Management Service] [https://www.prime-project.eu/ Privacy and Identity Management for Europe]