Re: [Social] Authentication

[Melvin Carvalho]

2010/6/9 Sean Corbett <address@hidden>

Hi guys,

After starting to think about the design for the social networking plugins for StatusNet, Ian and I realized that implementing any of these plugins can't really happen before we implement a suitable authentication scheme to manage permissions... We *could* go ahead and write a photo gallery, but this would be rather counterproductive as we'd have to tack on access rules after the fact, which would make things a lot messier.

This is, of course, one of the big issues facing the project; thus, we should probably tackle this problem by implementing a proper authentication and permissions scheme before we start worrying about adding additional social network functionality. Ian and I think that FOAF+SSL is the way to go given its popularity its simplicity, popularity on the discuss list, and the fact that we have quite a few people who are knowledgeable of it.

By the way just a note from Tim Berners-Lee on this exact topic, updated 4th June:

"Users are given, instead of a username at each SNS, a single URI, or in fact one for each persona they want to have. (Ideally, this is a WebId, which uses the foaf+ssl scheme, but an OpenID could be used and linked in as OpenIds are already deployed to a certain extent, and there is discussion of other schemes. *There is [2010] future standardization work to be done here.*"

[1] http://www.w3.org/DesignIssues/CloudStorage.html

@mattl know you're ultra busy right now with house move etc. ... but would encourage you to touch base with Tim in Boston, if you get the chance, as he's really been thinking about this [social] problem for 2 decades, and is focussing on it hard in the last 1-2 years.  I think a 15 minute chat on the subject would be extremely valuable in terms of how to architect things to interoperate at Web Scale. 
 

--sean