OpenID + FOAF + XMPP + GPG + MicroID + SIOC = Profit Propriocept is a tool to manage your online identity, presence and privacy. The backronym will be worked out later. [[http://trs80.ucc.asn.au/2007/proposal.pdf|Original proposal]]. = Design Notes = A GPG key is created with the OpenID in the email field (which has to be done in batch mode). This key is then [[http://golem.ph.utexas.edu/~distler/blog/archives/000325.html|published]] at the OpenID URI. FOAF is generated and signed with this key, listing the user's public information, friends and default trusted groups. A foaf:seeAlso link to an XMPP URI is included, which resolves to an agent that reports more information to trusted users and websites. A website's agent is specified by a FOAF file linked from its homepage with a foaf:agent entry. Content generated by the user is harvested implicity (by MicroID, RSS/Atom) or explicitly (user pastes URI), and the user is asked to confirm it's them. If so, SIOC is generated for the content and signed with the GPG key. == Rationale == The RDF will be signed with straight GPG - XML Security was considered, but the OpenPGP signature type is underspecified and only [[http://giftfile.org/software/debian/sarge/|one implementation]] exists. Grabbing the raw DSA/RSA keys out of the private key was tried with success, but only after wasting a day or two before realising [[http://pyxmlsec.labs.libre-entreprise.org/|PyXMLSec]] wasn't 64bit clean. This combined with the [[http://www.isecpartners.com/files/iSEC_HILL_AttackingXMLSecurity_bh07.pdf|exploits in XML Security]] due to too many features resulted in its rejection. If [[http://code.google.com/p/oauth/|OAuth]] is publically specified support might be added, but HTTP auth sucks, and XMPP is more organic and [[http://www.saint-andre.com/jabber/Security.pdf|secure]]. The RDF (FOAF and SIOC) will be published as both Turtle and RDF/XML - turtle for readability, and RDF/XML for support. GRDDL will be used to get data from XFN. = Linkdump = == Specifications == [[http://tools.ietf.org/html/rfc4622|XMPP URIs]] [[http://www.w3.org/TR/rdf-concepts/|RDF Concepts]] [[http://www.w3.org/TR/2004/REC-rdf-primer-20040210/|RDF Primer]] [[http://xmlns.com/foaf/spec/|FoaF vocabulary]] [[http://xmlns.com/wot/0.1/|WoT schema]] [[http://microid.org/|MicroID]] [[http://www.dajobe.org/2004/01/turtle/|Turtle]] [[http://www.w3.org/TR/swbp-vocab-pub/|Best Practice Recipes for Publishing RDF Vocabularies]] [[http://sites.wiwiss.fu-berlin.de/suhl/bizer/pub/LinkedDataTutorial/|How to Publish Linked Data on the Web]] [[http://www.w3.org/TR/grddl/|Gleaning Resource Descriptions from Dialects of Languages (GRRDL)]] [[http://www.w3.org/2003/g/data-view|GRDDL Data Views: RDF expressed in XHTML and XML]] [[http://esw.w3.org/topic/CustomRdfDialects|Custom RDF dialects]] [[http://microformats.org/wiki/social-network-portability|Social Network Portability]] == Articles == [[http://www.ideaspace.net/users/wkearney/archives/entries/000409.html|FOAF grouping]] [[http://www.bytebot.net/blog/archives/2007/03/09/too-many-openid-registras-considered-harmful|Too many OpenID registrars?]] [[http://notabob.blogspot.com/2005/08/identity-is-story.html|An identity is a story]] [[http://chris.pirillo.com/2007/07/27/pownce-social-networks-arent-identity-networks/|Pownce: Social Networks aren’t Identity Networks]] [[http://willnorris.com/2007/03/openid-provider-wish-list|OpenID provider wish-list]] [[http://golem.ph.utexas.edu/~distler/blog/archives/000325.html|, Sean Carroll and Atom]] [[http://www.neilturner.me.uk/2005/Dec/31/firefox_pgp_extension_ide.html|Firefox PGP Extension Idea]] [[http://dannyayers.com/2005/11/03/xfn-vs-foaf/|XFN vs. FOAF?]] [[http://www.advogato.org/person/quad/diary.html?start=57|How thoughtless of you to let down, when I thought you'd be around.]] [[http://www.buzzmachine.com/2007/08/24/friendship-is-complicated/|Friendship is complicated]] [[http://meish.org/2007/08/16/facebook-and-the-perils-of-prodigious-sociability|Facebook and the perils of prodigious sociability]] [[http://blog.jonudell.net/2007/06/17/how-do-i-know-person-x-through-the-web/|How do I know this person? Through the Web!]] [[http://www.xml.com/pub/a/2004/02/04/foaf.html|An Introduction to FOAF]] [[http://bradfitz.com/social-graph-problem/|Thoughts on the Social Graph]] and [[http://technorati.com/search/bradfitz.com/social-graph-problem/?reactions=&sort=authority|reactions]] [[http://www.aleksey.com/pipermail/xmlsec/2004/002018.html|PGP and XML Signature]] [[http://publishing2.com/2007/07/30/web-20-inefficiency-crossposting-on-twitter-facebook-google-reader-etc/|Web 2.0 Inefficiency: Crossposting On Twitter, Facebook, Google Reader, Etc.]] [[http://dig.csail.mit.edu/2007/06/ieee-ic-decentralized-identity-weitzner.html|Whose Name is it Anyway? Decentralized Identity Systems on the Web]] [[http://blogs.sun.com/bblfish/entry/foaf_openid|foaf and openid]] [[http://pingthesemanticweb.com/|Ping the Semantic Web]] [[http://sioc-project.org/|Semantically-Interlinked Online Communities Project]] [[http://www.kanzaki.com/works/2004/misc/0303xfn.html|Extracting FOAF/RDF from XFN]] [[http://usefulinc.com/foaf/|FOAF: Friend of a Friend RDF Vocabulary]] [[http://blogs.sun.com/bblfish/entry/beatnik_change_your_mind|Beatnik: change your mind]] [[http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust|cryptographic web of trust]] [[http://nicklothian.com/blog/2007/08/24/preserving-privacy-while-promoting-social-network-portability/|Preserving privacy while promoting social network portability]] [[http://www.colfelt.com/thevanityexperiment/archives/digital_identity/index.shtml#000182|Federated ID, Missing the Point]] [[http://www.themaninblue.com/writing/perspective/2007/09/03/|There are no social networks]] [[http://www.brianoberkirch.com/2007/08/29/the-many-paths-to-portable-social-network-nirvana|The Many Paths to Portable Social Network Nirvana]] [[http://www.slideshare.net/simon/advanced-django/|Advanced Django]] [[http://opensocialweb.org/2007/09/05/bill-of-rights/|A Bill of Rights for Users of the Social Web]] [[http://openfriendformat.com/|OpenFriend]] [[http://anders.conbere.org/journal/post/portable-social-networks-xmpp/|Portable Social Networks (XMPP)]] [[http://spap-oop.blogspot.com/2007/09/perils-of-social-networking-pt-2.html|The Perils of Social Networking, Pt. 2: Facebook opens up, Quechup stains, fighting Rapleaf's enfolding]] [http://www.windley.com/docs/2007/windley%20-%20user%20centric%20identity%20tutorial.pdf [[http://www.hueniverse.com/hueniverse/2007/09/explaining-oaut.html|Explaining OAuth]] [[http://lifehacker.com/software/technophilia/one-openid-to-rule-them-allor-not-302156.php|One OpenID to Rule Them All...or Not?]] [[http://blogoscoped.com/archive/2007-10-15-n68.html|The Future of Reputation: Gossip, Rumor, and Privacy On the Internet]] == Code == [[http://rdflib.net/|RDFlib]] [[http://www.mnot.net/sw/sparta/|Sparta]] [[http://openid.rossp.org/|OpenID Django integration]] [[http://code.google.com/p/django-openid/issues/detail?id=9|OpenID Django integration]] [[http://homer.w3.org/~connolly/projects/grddl-client/|grddl-client]] [[http://infomesh.net/pyrple/|pyrple]] [[http://swaml.berlios.de/|Semantic Web Archive of Mailing Lists]] [[http://simile.mit.edu/wiki/Appalachian|Appalachian]] [[http://simile.mit.edu/wiki/Piggy_Bank|Piggy Bank]] [[http://simile.mit.edu/wiki/RDFizers|RDFizers]] [[http://simile.mit.edu/wiki/Referee|Referee]] [[http://svn.foaf-project.org/foaftown/jqbus/intro.html|JQbus - Jabber chat query services]] [[http://elgg.org/|Elgg: the open source social networking platform]] [[http://friendfeed.com/|FriendFeed]] == Cypherpunks == [[http://www.idcorner.org/?p=153|On Identity Claims, Unlinkability, and Selective Disclosure (part 3)]] [[http://www.idcorner.org/?p=155|More on minimal disclosure tokens]] [[http://www.idcorner.org/?p=157|Preserving unlinkability of accounts]] etc. [[http://www.idcorner.org/?p=161|The problem(s) with OpenID]] and while [[http://daveman692.livejournal.com/310578.html|Stefan Chooses to Take the "Fox News" Approach to OpenID Blogging]] he does have some points, including how the IdP can impersonate anyone. But implementing a true zero-knowledge identity system is way beyond the scope of this project. Nevertheless, here are some more links on the topic: [[http://www.identityblog.com/?p=815|Linkage in “redirect” protocols like SAML]] [[http://www.identityblog.com/?p=804|Evolving technology for better privacy]] [[http://www.zurich.ibm.com/security/idemix/|idemix]] [[http://www.credentica.com/the_mit_pressbook.html|Rethinking Public Key Infrastructures and Digital Certificates; Building in Privacy]] [[http://www.zurich.ibm.com/~jca/papers/bacaly04.pdf|A Cryptographic Framework for the Controlled Release Of Certified Data]] [[http://grid.ncsa.uiuc.edu/myproxy/|MyProxy Credential Management Service]] [[https://www.prime-project.eu/|Privacy and Identity Management for Europe]]