An open, distributed social networking system

published Mar 20, 2010 12:09   by admin ( last modified Mar 20, 2010 12:09 )

Here are some thoughts on how a open, distributed social networking system might work:

 

Each participant in the social network has her own server. This server does not need to be physically where that user is, and it does not even need to be its own server process. However it needs to be a piece of the Internet that he user has sole control over and where:

  • She can store relationship information as a signed piece of text, that contains the user's OpenID url, the other person's OpenID url, and the type of relationship
  • She can control who has the right to view what information

 

An example

Alice is friends with Bob. She has signed a relationship declaration, which is just a piece of text containing her OpenID url and Bob's OpenID url and the text "friend with" and stored it on her server. She has also signed it with her cryptographic key.

Now a guy named Charlie comes surfing to Alice's server, and is automatically logged in with his OpenID. Alice has give Charlie the right to see what relationships she has, so Charlie can see Alice is friends with Bob. Charlie thinks he knows Bob. He realises this from the information about Bob (A photo, and a short text describing him). Alice's site has that information on Bob because her server fetched that from Bob's server, or because she had a picture of Bob. If it was taken from Bob's server, Bob had granted Alice's server the right to fetch the information first.

Charlie wants to declare friendship with Bob, and via Bob's OpenID url looks up Bob's server. Charlie cannot view much on Bob's site so he simply posts a request for friendship with Bob, at the same time granting Bob the right so see some basic info on Charlie on Charlie's server. Charlie also signs a friendship declaration with Bob and stores it on his own server, signed with his own key, just as Alice did with Bob on her server.

Bob is notified by his server that a guy named Charlie wants to be friends. Bob views Charlie's personal info, and maybe Charlie also has sent a proof that he already is friends with Alice. Bob now sings his friendship declaration and now Bob and Charlie are registered as friends, since both have signed a friendship declaration (Although each only stores their signed version of it).

Software needed for this to work

Not much, there needs to ne OpenID servers and they already exist. The OpenID url needs to have metadata in the form of a url to the personal server of that user.

There needs to be a way to sign information that can be verified to have been signed by e.g. you, and that also exists.

There needs to be a server that different people can be given different rights on the owner on what to view, based on their Open ID url

As an example, Plone with the plonesocial.auth.rpx plugin could be used to control who gets to see what on a server, GPG to sign stuff and MyOpenID.com to store metadata on where a server is. I am sure there are many other combinations.

Are there any products like this underway?