Re: [Social-discuss] P2P or server approach?

[Story Henry]

Great post Blain,

just two comments below...

On 24 Mar 2010, at 22:17, Blaine Cook wrote:
> 
> So far, Webfinger (i.e., email-like addresses that point to HTTP
> discovery resources) and WebIDs (i.e., URLs that point to FOAF
> documents) have been proposed in this context. Webfinger can satisfy
> WebID's requirements (by pointing to a WebID) but the reverse is not
> true – that is, WebIDs do not meet the "simple, consistent, and
> understood" property that drove Webfinger's creation.

WebId are URLs that are associated when dereferenced with a public key.
For example http://bblfish.net/#hjs is one. (Click on it)

But the clever thing from a users perspective is that he does not even 
know about that WebId. For the user in a foaf+ssl setup, all he sees 
is the browser asking him to choose his ID. Ie: the browser will ask:

 Do you want to login as 

   "Henry Story (bblfish)"
   "Henry (xwiki)"

The user then clicks on one of the answers, and that is it. He has sent 
his WebId in an X509 certificate to the server.

See the pictures here:
  Fennec the Firefox Mobile browser
   http://blogs.sun.com/bblfish/entry/foaf_ssl_in_mozilla_s

  the iPhone (no longer works though)
    http://blogs.sun.com/bblfish/entry/one_click_global_sign_on

Clearly the user interface issue is not a problem there. The user 
does not have to remember either a password or a username!

You can try this out yourself ( though please take into account that
a lot of this is in development ) by making yourself a web Id at

  http://webid.myxwiki.org/ 

By the way this is completely compatible with webfinger and openid. 
Both can be linked to a foaf file. I have a few posts on how that 
can be done:

  - http://blogs.sun.com/bblfish/entry/web_finger_proposals_overview
  - http://blogs.sun.com/bblfish/entry/foaf_openid

And many other ideas.... So this is not a choice of one OR the other. 
Both are useful. The Foaf+ssl piece for example does not work as well
as it could in many browser due to poor interfaces. The main problem 
is this one:

  http://code.google.com/p/chromium/issues/detail?id=29784

Please voter for it. Or if you have the skills it would be great to 
develop a firefox plugin

  http://bit.ly/cQ5f48

These are UI issues that are easy to fix, and with the skills of 
the people on this list probably a few days work for a prototype, 
and a week for something useable. (Of course perfection takes forever)

Anyway given the above problems, it is clear that webfinger, openid 
are going to be very important IMHO tools to complement WebIds, 
for those browsers.

> 
> [snip]
> So, in all of this, I'm *not* saying that having a fully decentralized
> / P2P approach to social networks isn't something I'd like to see –
> just that from a purely pragmatic perspective, it's unlikely to happen
> tomorrow, next week, or this year. Heck, it probably won't happen in
> the next 2-3 years, minimum, barring very marginal experiments.

As you know, I believe the web is a p2p decentralised system. So I 
believe that foaf+ssl build on a p2p architecture. It's just that people
think of it too much in terms of client server. Anyone who writes servers will 
know that it is p2p. For example here is the code for the foafssl 
authentication system:

http://github.com/bblfish/foafssl-java/blob/master/foafssl-verifier/src/main/java/net/java/dev/sommer/foafssl/verifier/SesameFoafSslVerifier.java

or http://bit.ly/cBQjUt (in case the above url is too long)

You can see on line 76

        SailRepositoryConnection rep = cache.fetch(webid);

that the server does a GET on the WebId. Ie the server is acting as a
client in a p2p network!

   So just a few thoughts...


        Henry