2010/6/9 Sean Corbett
<address@hidden>
Hi guys,
After starting to think about the design for the social networking plugins for StatusNet, Ian and I realized that implementing any of these plugins can't really happen before we implement a suitable authentication scheme to manage permissions... We *could* go ahead and write a photo gallery, but this would be rather counterproductive as we'd have to tack on access rules after the fact, which would make things a lot messier.
This is, of course, one of the big issues facing the project; thus, we should probably tackle this problem by implementing a proper authentication and permissions scheme before we start worrying about adding additional social network functionality. Ian and I think that FOAF+SSL is the way to go given its popularity its simplicity, popularity on the discuss list, and the fact that we have quite a few people who are knowledgeable of it.
I'd say +1 to supporting FOAF+SSL ... I'd be willing to donate code / libraries to the FSF that I've been working with ... maybe need a bit of time to clean them up slightly
One important note is that supporting FOAF+SSL does not mean that you cant support a rich array of authentication methods also such as OpenID / username+password etc. Which order you do them in is up to you ...
The basic flow is something like:
$id = Authenticate();
Now your $id is a pointer to your FOAF. Which in turn exposes your friends, avatar, nick etc. We're also working on some web scale ACL libraries to control who sees what, which again, I'm sure we'd be happy to donate to the FSF.
--sean