Revision 1 as of 2007-08-25 14:55:04

Clear message

OpenID + FOAF + XMPP + GPG + MicroID + SIOC = Profit

Propriocept is a tool to manage your online identity, presence and privacy. The backronym will be worked out later. [http://trs80.ucc.asn.au/2007/proposal.pdf Original proposal].

Design Notes

A GPG key is created with the OpenID in the email field (which has to be done in batch mode). This key is then [http://golem.ph.utexas.edu/~distler/blog/archives/000325.html published] at the OpenID URI. FOAF is generated and signed with this key, listing the user's public information, friends and default trusted groups. A foaf:seeAlso link to an XMPP URI is included, which resolves to an agent that reports more information to trusted users and websites. A website's agent is specified by a FOAF file linked from its homepage with a foaf:agent entry. Content generated by the user is harvested implicity (by MicroID, RSS/Atom) or explicitly (user pastes URI), and the user is asked to confirm it's them. If so, SIOC is generated for the content and signed with the GPG key.

Rationale

The RDF will be signed with straight GPG - XML Security was considered, but the OpenPGP signature type is underspecified and only [http://trs80.ucc.asn.au/2007/proposal.pdf one implementation]. Grabbing the raw DSA/RSA keys out of the private key was tried with success, but only after wasting a day or two before realising [http://pyxmlsec.labs.libre-entreprise.org/ PyXMLSec] wasn't 64bit clean. This combined with the [http://www.isecpartners.com/files/iSEC_HILL_AttackingXMLSecurity_bh07.pdf exploits in XML Security] due to too many features resulted in its rejection.

If [http://code.google.com/p/oauth/ OAuth] is publically specified support might be added, but HTTP auth sucks, and XMPP is more organic and [http://www.saint-andre.com/jabber/Security.pdf secure].

The RDF (FOAF and SIOC) will be published as both Turtle and RDF/XML - turtle for readability, and RDF/XML for support. GRDDL will be used to get data from XFN.