I think the first step would be to figure out what it means to have a
cross-site friend relationship.
Did you have any specific ideas about what you'd expect to be able to do
after adding the remote user as a friend?
I think the decentralized equivalent of a friend request would really be
some sort of access control handshake. In some ways it's the OAuth model
but your friend is requesting access to *your* data rather than his own,
so there are actually four parties involved: you, your friend, the app
that stores your data and the app that your friend will use to access
your data. Ultimately you want your app to issue your friend's app a
token that it can use to access your data, but how you get there is not
something I think we can do with today's tech and definitely requires a
lot of thought to make sure the right parties get to make the necessary
decisions at the right time with the right information.
Whether after this handshake completes you list the user on your site as
a friend is up to you, of course. You could even list the user as a
friend without doing this handshake, because no-one can control what you
publish on your site.
> I'm wondering if any kind of idea or spec exists that addresses the
> notion of "open friends requests" in the context of Social Networks?
> Is this possibly something that you guys are thinking about with
> DiSo?
So far, most discussions have assumed asynchronous friending, with a
potetial for sending "X has friended" you notifications over PEP or
similar.
- --
Stephen Paul Weber, @singpolyma
Please see <http://singpolyma.net> for how I prefer to be contacted.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFJRndQ6oSxepE9BOsRArkkAJ49DqBzjITNiOfXfzZ5urZkytXDXgCgjp8X
v5eZrmtTRnj8ZQKrV+4UlCc=
=MudP
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
So far, most discussions have assumed asynchronous friending, with a
> I'm wondering if any kind of idea or spec exists that addresses the
> notion of "open friends requests" in the context of Social Networks?
> Is this possibly something that you guys are thinking about with
> DiSo?
potetial for sending "X has friended" you notifications over PEP or
similar.
Asynchronous - not Facebook-style...
... in the sense that on Facebook, 'friending' is an ask-and-approve
process that results in a bidirectional connection between two people,
whereas the 'Twitter' model of follow and follow-by is 'asynchronous'.
You can follow and not be followed-by, and vice-versa.
The Twitter model is much more scalable when you don't have a central
authority. And much better matches the 'real' world.
Terrell
Well, I think what you're struggling with is the conflation of this
loaded term 'Friend' and what it means when it comes to the actual
decision-making process of sharing and access.
The authorization 'tokens' we get/give through OAuth are only
representative of the access I, as a human, am willing to give you, as a
human. If I happen to issue those tokens based on your 'account' being
in a list/group I call 'friends', then so be it.
The use of the word friend is overloaded and we need to be clear what it
is we're talking about. In terms of 'first contact', I think it's safe
to say that most people don't use the word 'friend' when they first
encounter people in the real world. I think we're better served
considering how to take representative action (give access) instead of
sending notification (announcing friendness).
I think the entire idea of distributed 'friend requests' are kind of
silly. We're actually talking about 'permission to see your stuff(s)'.
Again, I'd like to model how we actually behave as people, instead of as
accounts in today's proprietary business models.
Terrell
Well, I think what you're struggling with is the conflation of this
On 12/15/08 12:22 PM, David Fuelling wrote:
> However, it seems like this would still have a "first contact" problem.
> Even if PEP is thrown into the mix, the "source" of the PEP Event stream has
> to make that stuff public, or else the person wanting to "watch" that stream
> won't be able to see it. A parallel setup is very common on Facebook -- you
> really can't see people's personal info, event stream, etc, until they've
> authorized you to have such access (typically).
loaded term 'Friend' and what it means when it comes to the actual
decision-making process of sharing and access.
The authorization 'tokens' we get/give through OAuth are only
representative of the access I, as a human, am willing to give you, as a
human. If I happen to issue those tokens based on your 'account' being
in a list/group I call 'friends', then so be it.
The use of the word friend is overloaded and we need to be clear what it
is we're talking about. In terms of 'first contact', I think it's safe
to say that most people don't use the word 'friend' when they first
encounter people in the real world. I think we're better served
considering how to take representative action (give access) instead of
sending notification (announcing friendness).
I think the entire idea of distributed 'friend requests' are kind of
silly. We're actually talking about 'permission to see your stuff(s)'.
Again, I'd like to model how we actually behave as people, instead of as
accounts in today's proprietary business models.
On Mon, Dec 15, 2008 at 6:54 PM, David Fuelling <sapp...@gmail.com> wrote:
> On Mon, Dec 15, 2008 at 5:41 PM, Terrell Russell <terrell...@gmail.com>
> wrote:
>>
>> The authorization 'tokens' we get/give through OAuth are only
>> representative of the access I, as a human, am willing to give you, as a
>> human. If I happen to issue those tokens based on your 'account' being
>> in a list/group I call 'friends', then so be it.
I think it is even independant on whether you add somebody to a
contacts list or not.
There might be a distinction between:
- I am adding people to a list of contacts and
- I am giving people access
Both cases are usually coming together of course. And it very much
depends on the usecase on what list you actually need.
>> The use of the word friend is overloaded and we need to be clear what it
>> is we're talking about. In terms of 'first contact', I think it's safe
>> to say that most people don't use the word 'friend' when they first
>> encounter people in the real world. I think we're better served
>> considering how to take representative action (give access) instead of
>> sending notification (announcing friendness).
I guess that's right.. At some point though I would also like to
manage this list of contacts, group people together e.g. into friends
and then give certain groups certain access, like see my photos marked
as "private". Part of this might be implementation detail, some part
migth need specification in order to transmit this information from
site to site.
>> I think the entire idea of distributed 'friend requests' are kind of
>> silly. We're actually talking about 'permission to see your stuff(s)'.
Right, a "friend request" would be a "request for authorization". The
receiving party then knows that I am interested in it's stuff and can
give me some permission to do something with it (usually "view").
>
> Do you mean this shouldn't be distributed? Or that the "authorization" is
> out of scope for something like DiSo (e.g., contact somebody via email if
> you want them to show you their stuff(s))?
My personal idea about all this is:
- your social graph is located centrally, a place which you define.
Like the OpenID model.
- your data might be elsewhere, services might access your socialgraph
(which also gives out permissions), subscribe to your profile data
(also stored centrally) and take appropriate action.
In this model each user or identity (persona) would be easily
identifiable via some URL. That URL might then have discovery
information for e.g. sending it a "friend request" which contains the
URL of the sending identity.
>> Again, I'd like to model how we actually behave as people, instead of as
>> accounts in today's proprietary business models.
>
> Great points. Likely "friend" is the right term to model a real-world
> relationship, although semantically I think Facebook has created a new
> definition of this term. For example, you and I are not "friends" in the
> traditional sense of the word -- we don't hang out, talk on the phone, etc
> (we have no real relationship outside of this mailing list, in fact). At
> best, we could be called aquaintences.
I would keep this up to the user how he defines his groups. It comes
down in the end to permissions and you should be able to give those
permissions to individual contacts/identities or to groups of them.
> However, I might decide that I really like the input you're providing me on
> this list, and I may decide that I want to be your "Facebook Friend", and
> invite you to be "Facebook Friends". Of course, if you accept such an
> invitation, it doesn't mean we are now "friends" in the traidional sense of
> the word, but it does mean that I can view your stuff.
>
> So, if we imagine the world in 3.625 years, when Facebook and all other
> social networks have completely moved their platform over to something based
> on DiSo, then how would I contact you to let you know, "Hey, show me your
> stuff -- I've been reading your blog, or "listening" to you on the DiSo
> list")?
"Hi, I am mrtopf.de, show me all your stuff!!!" ? ;)
>
> I suppose one answer is to just say, "If you want somebody to give you
> access to their 'private' stuff, contact them 'out of band', and get them to
> open it up". However, it would be nice if such a feature could be part of
> the DiSo experience. I think that's the true intent of my query.
Right, so it's just an authorization request you are sending. I might
get answered or not but you are still free to open things up on your
side.
I guess one of the big problems of all this will be to get the user
experience right though.
--
Christian Scholz
Tao Takashi (Second Life name)
taota...@gmail.com
Blog/Podcast: http://mrtopf.de/blog
Company: http://comlounge.net
Tech Video Blog: http://comlounge.tv
IRC: MrTopf/Tao_T
I actually drew this up a little bit the other night.
I'd love for it to be a part of DiSo - but couldn't find any PHP
rules engines...
http://weblog.terrellrussell.com/2008/12/all-my-hosted-stuff-with-dynamic-sharing/
The groups of contacts is completely controlled by my jabber roster...
>>> I think the entire idea of distributed 'friend requests' are kind of
>>> silly. We're actually talking about 'permission to see your stuff(s)'.
>
> Right, a "friend request" would be a "request for authorization". The
> receiving party then knows that I am interested in it's stuff and can
> give me some permission to do something with it (usually "view").
>
>> Do you mean this shouldn't be distributed? Or that the "authorization" is
>> out of scope for something like DiSo (e.g., contact somebody via email if
>> you want them to show you their stuff(s))?
>
No, it should most definitely be distributed. I just meant the idea of
asking to be a 'friend' is silly. That's for them to define.
You're just distributedly asking for permission to see stuff.
> My personal idea about all this is:
>
> - your social graph is located centrally, a place which you define.
> Like the OpenID model.
> - your data might be elsewhere, services might access your socialgraph
> (which also gives out permissions), subscribe to your profile data
> (also stored centrally) and take appropriate action.
>
Yes - Yes - See the post linked above. I'm in charge of my people,
darnit. Let me be the gatekeeper.
>
>> So, if we imagine the world in 3.625 years, when Facebook and all other
>> social networks have completely moved their platform over to something based
>> on DiSo, then how would I contact you to let you know, "Hey, show me your
>> stuff -- I've been reading your blog, or "listening" to you on the DiSo
>> list")?
>
> "Hi, I am mrtopf.de, show me all your stuff!!!" ? ;)
>
>> I suppose one answer is to just say, "If you want somebody to give you
>> access to their 'private' stuff, contact them 'out of band', and get them to
>> open it up". However, it would be nice if such a feature could be part of
>> the DiSo experience. I think that's the true intent of my query.
>
Yes, out of band is a strong answer, but I agree - we need more.
And so with that coded request, we need to be able to name the resource
for which you are asking for authorization... including but not limited
to... 'all your stuff!!!'.
> Right, so it's just an authorization request you are sending. I might
> get answered or not but you are still free to open things up on your
> side.
>
> I guess one of the big problems of all this will be to get the user
> experience right though.
>
The UX is key, definitely - but so is the underlying philosophy and
model. If we don't allow for granular sharing, we can't granularly
share. If we do, we can always clump and lump and group and give access
to the groupings, later. That's the easy part. :)
Terrell
> > So far, most discussions have assumed asynchronous friending, with a
> > potetial for sending "X has friended" you notifications over PEP or
> > similar.
> >
> >
> Can you elaborate more on what you mean by the "asynchronous" part?
Ah, I have no idea how I ended up typing that. I meant "asymmetrical".
- --
Stephen Paul Weber, @singpolyma
Please see <http://singpolyma.net> for how I prefer to be contacted.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFJRqaz6oSxepE9BOsRAhCeAJ9I76GiwUiuudepiSi23urE5YFumACfamXE
5A5i1RrbYq6eABV20T8YZ64=
=Pnu+
-----END PGP SIGNATURE-----
Right, a "friend request" would be a "request for authorization". The
receiving party then knows that I am interested in it's stuff and can
give me some permission to do something with it (usually "view").
> Great points. Likely "friend" is the right term to model a real-world
> relationship, although semantically I think Facebook has created a new
> definition of this term. For example, you and I are not "friends" in the
> traditional sense of the word -- we don't hang out, talk on the phone, etc
> (we have no real relationship outside of this mailing list, in fact). At
> best, we could be called aquaintences.
>
> However, I might decide that I really like the input you're providing me on
> this list, and I may decide that I want to be your "Facebook Friend", and
> invite you to be "Facebook Friends". Of course, if you accept such an
> invitation, it doesn't mean we are now "friends" in the traidional sense of
> the word, but it does mean that I can view your stuff.
>
> So, if we imagine the world in 3.625 years, when Facebook and all other
> social networks have completely moved their platform over to something based
> on DiSo, then how would I contact you to let you know, "Hey, show me your
> stuff -- I've been reading your blog, or "listening" to you on the DiSo
> list")?
>
> I suppose one answer is to just say, "If you want somebody to give you
> access to their 'private' stuff, contact them 'out of band', and get them to
> open it up". However, it would be nice if such a feature could be part of
> the DiSo experience. I think that's the true intent of my query.
I'm very on board with this. The system doesn't even have to be tied to
the OAuth process or anything that complex. Here, I'll give a use case
of what this has conjured up in my mind:
1) Bob comes to my website (singpolyma.net) and is a reader of my stuff.
He sees that I have some content (say, my email address, or my rougher
posts) "hidden" from the public. Bob logs in, and some content becomes
visible (I have some things set to display to anyone who can manage an
OpenID dance), but not the content he wants to see.
2) Bob clicks a "I want to see this stuff please" button (like the
Twitter "Request to see updates" button).
3) I have configured the button (likely a WP plugin in my case, that
generates said button) to notify my of this request in whatever way is
best for me (I could get an IM, an email, an identi.ca dm, or it could
just show up as a notification in my WP dashboard, however I want) that
says "Bob (bob.example.com) wants permissions to see X content on your
site."
4) I decide Bob is a cool guy, and I add him to the appropriate ACL
(category on my blogroll, in this case).
5) Later, when Bob again visits my site, he can see the content.
This plugin wouldn't even be that hard to write with what we have today.
- --
Stephen Paul Weber, @singpolyma
Please see <http://singpolyma.net> for how I prefer to be contacted.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFJRqps6oSxepE9BOsRAi0sAKDDQq7FKKfsj3FHIZu6MMJc2DnrowCeMGdq
kXP5AgeYV0EEOCiSZ6Ut9Pw=
=ezPz
-----END PGP SIGNATURE-----