OpenID + FOAF + XMPP + GPG + MicroID + SIOC = Profit
Propriocept is a tool to manage your online identity, presence and privacy. The backronym will be worked out later. Original proposal.
Design Notes
A GPG key is created with the OpenID in the email field (which has to be done in batch mode). This key is then published at the OpenID URI. FOAF is generated and signed with this key, listing the user's public information, friends and default trusted groups. A foaf:seeAlso link to an XMPP URI is included, which resolves to an agent that reports more information to trusted users and websites. A website's agent is specified by a FOAF file linked from its homepage with a foaf:agent entry. Content generated by the user is harvested implicity (by MicroID, RSS/Atom) or explicitly (user pastes URI), and the user is asked to confirm it's them. If so, SIOC is generated for the content and signed with the GPG key.
Rationale
The RDF will be signed with straight GPG - XML Security was considered, but the OpenPGP signature type is underspecified and only one implementation exists. Grabbing the raw DSA/RSA keys out of the private key was tried with success, but only after wasting a day or two before realising PyXMLSec wasn't 64bit clean. This combined with the exploits in XML Security due to too many features resulted in its rejection.
If OAuth is publically specified support might be added, but HTTP auth sucks, and XMPP is more organic and secure.
The RDF (FOAF and SIOC) will be published as both Turtle and RDF/XML - turtle for readability, and RDF/XML for support. GRDDL will be used to get data from XFN.
Linkdump
Specifications
XMPP URIs RDF Concepts RDF Primer FoaF vocabulary WoT schema MicroID Turtle Best Practice Recipes for Publishing RDF Vocabularies How to Publish Linked Data on the Web Gleaning Resource Descriptions from Dialects of Languages (GRRDL) GRDDL Data Views: RDF expressed in XHTML and XML Custom RDF dialects Social Network Portability
Articles
FOAF grouping Too many OpenID registrars? An identity is a story Pownce: Social Networks aren’t Identity Networks OpenID provider wish-list <link rel="pgpkeys">, Sean Carroll and Atom Firefox PGP Extension Idea XFN vs. FOAF? How thoughtless of you to let down, when I thought you'd be around. Friendship is complicated Facebook and the perils of prodigious sociability How do I know this person? Through the Web! An Introduction to FOAF Thoughts on the Social Graph and reactions PGP and XML Signature Web 2.0 Inefficiency: Crossposting On Twitter, Facebook, Google Reader, Etc. Whose Name is it Anyway? Decentralized Identity Systems on the Web foaf and openid Ping the Semantic Web Semantically-Interlinked Online Communities Project Extracting FOAF/RDF from XFN FOAF: Friend of a Friend RDF Vocabulary Beatnik: change your mind cryptographic web of trust Preserving privacy while promoting social network portability Federated ID, Missing the Point There are no social networks The Many Paths to Portable Social Network Nirvana Advanced Django A Bill of Rights for Users of the Social Web OpenFriend Portable Social Networks (XMPP) The Perils of Social Networking, Pt. 2: Facebook opens up, Quechup stains, fighting Rapleaf's enfolding [http://www.windley.com/docs/2007/windley%20-%20user%20centric%20identity%20tutorial.pdf Explaining OAuth One OpenID to Rule Them All...or Not? The Future of Reputation: Gossip, Rumor, and Privacy On the Internet
Code
RDFlib Sparta OpenID Django integration OpenID Django integration grddl-client pyrple Semantic Web Archive of Mailing Lists Appalachian Piggy Bank RDFizers Referee JQbus - Jabber chat query services Elgg: the open source social networking platform FriendFeed
Cypherpunks
On Identity Claims, Unlinkability, and Selective Disclosure (part 3) More on minimal disclosure tokens Preserving unlinkability of accounts etc. The problem(s) with OpenID and while Stefan Chooses to Take the "Fox News" Approach to OpenID Blogging he does have some points, including how the IdP can impersonate anyone. But implementing a true zero-knowledge identity system is way beyond the scope of this project. Nevertheless, here are some more links on the topic: Linkage in “redirect” protocols like SAML Evolving technology for better privacy idemix Rethinking Public Key Infrastructures and Digital Certificates; Building in Privacy A Cryptographic Framework for the Controlled Release Of Certified Data MyProxy Credential Management Service Privacy and Identity Management for Europe
