Has there been a discussion on some of the security implications and
designs that may be necessary regarding importing an OpenDD document?
I have not noticed anything regarding security on the OpenDD website
or this discussion group. Thanks.
The discussion has not yet been formally had, but I'm more than happy
to have it now :)
I've had to think about a number of things when putting together the
Elgg implementation, but I have not talked about this at length
because they were issues that were specific to Elgg.
My feeling is that most of the issues are going to be related to the
implementation and application of OpenDD, rather than with the format
itself. In the import/export usecase OpenDD is just a medium for data
exchange...
Marcus
On Aug 4, 10:55 pm, Tom Wang <tse...@gmail.com> wrote:
> Has there been a discussion on some of the security implications and
> designs that may be necessary regarding importing an OpenDD document?
> I have not noticed anything regarding security on the OpenDD website
> or this discussion group. Thanks.
On Tue, Aug 5, 2008 at 3:07 AM, Marcus Povey <mar...@dushka.co.uk> wrote:
> Hi Tom,
> The discussion has not yet been formally had, but I'm more than happy > to have it now :)
> I've had to think about a number of things when putting together the > Elgg implementation, but I have not talked about this at length > because they were issues that were specific to Elgg.
> My feeling is that most of the issues are going to be related to the > implementation and application of OpenDD, rather than with the format > itself. In the import/export usecase OpenDD is just a medium for data > exchange...
> Marcus
> On Aug 4, 10:55 pm, Tom Wang <tse...@gmail.com> wrote: > > Hi everyone,
> > Has there been a discussion on some of the security implications and > > designs that may be necessary regarding importing an OpenDD document? > > I have not noticed anything regarding security on the OpenDD website > > or this discussion group. Thanks.
> > Tom
-- Chris Messina Citizen-Participant & Open Source Advocate-at-Large factoryjoe.com # diso-project.org citizenagency.com # vidoop.com This email is: [ ] bloggable [X] ask first [ ] private
I think another thing to watch out is that any relationship imported from an ODD document should require the same confirmation as an ordinary "Add Friend" in the social network. For instance, let's say that LinkedIn and MySpace decide to implement OpenDD. LinkedIn records the relationships as "connections." If MySpace decide simply to import the connections relationships from LinkedIn without confirmation, and your boss and you are connected in LinkedIn, your boss can simply add you as a friend on MySpace by exporting the ODD file from LinkedIn and importing it into MySpace. This very well may not be desirable, depending on what you have put on MySpace.
On Tue, Aug 5, 2008 at 6:00 PM, Chris Messina <chris.mess...@gmail.com> wrote: > I'll just put it out there, but I think OAuth is a blanket solution for data > access here...
> http://oauth.net > Once you've granted access using the typical OAuth flow, you'd simply be > piping OAuth-signed ODD documents back and forth. > Chris > On Tue, Aug 5, 2008 at 3:07 AM, Marcus Povey <mar...@dushka.co.uk> wrote:
>> Hi Tom,
>> The discussion has not yet been formally had, but I'm more than happy >> to have it now :)
>> I've had to think about a number of things when putting together the >> Elgg implementation, but I have not talked about this at length >> because they were issues that were specific to Elgg.
>> My feeling is that most of the issues are going to be related to the >> implementation and application of OpenDD, rather than with the format >> itself. In the import/export usecase OpenDD is just a medium for data >> exchange...
>> Marcus
>> On Aug 4, 10:55 pm, Tom Wang <tse...@gmail.com> wrote: >> > Hi everyone,
>> > Has there been a discussion on some of the security implications and >> > designs that may be necessary regarding importing an OpenDD document? >> > I have not noticed anything regarding security on the OpenDD website >> > or this discussion group. Thanks.
>> > Tom
> -- > Chris Messina > Citizen-Participant & > Open Source Advocate-at-Large > factoryjoe.com # diso-project.org > citizenagency.com # vidoop.com > This email is: [ ] bloggable [X] ask first [ ] private
I think bidi relationship statuses could be offered in the spec but should not be required. For example, "following" has become common as of late (see Twitter) and bi-directionality is not only *not* required, but possibly the minority situation.
As well, bi-directionality is contextual: perhaps we follow each other on Twitter but not on Tumblr or some other such site.
Take a look at the spec coming out of portablecontacts.net for more thinking on this.
Chris
On 8/6/08, Tse-Wen Tom Wang <tse...@gmail.com> wrote:
> I think another thing to watch out is that any relationship imported > from an ODD document should require the same confirmation as an > ordinary "Add Friend" in the social network. For instance, let's say > that LinkedIn and MySpace decide to implement OpenDD. LinkedIn > records the relationships as "connections." If MySpace decide simply > to import the connections relationships from LinkedIn without > confirmation, and your boss and you are connected in LinkedIn, your > boss can simply add you as a friend on MySpace by exporting the ODD > file from LinkedIn and importing it into MySpace. This very well may > not be desirable, depending on what you have put on MySpace.
> Tom
> On Tue, Aug 5, 2008 at 6:00 PM, Chris Messina <chris.mess...@gmail.com> > wrote: >> I'll just put it out there, but I think OAuth is a blanket solution for >> data >> access here...
>> http://oauth.net >> Once you've granted access using the typical OAuth flow, you'd simply be >> piping OAuth-signed ODD documents back and forth. >> Chris >> On Tue, Aug 5, 2008 at 3:07 AM, Marcus Povey <mar...@dushka.co.uk> wrote:
>>> Hi Tom,
>>> The discussion has not yet been formally had, but I'm more than happy >>> to have it now :)
>>> I've had to think about a number of things when putting together the >>> Elgg implementation, but I have not talked about this at length >>> because they were issues that were specific to Elgg.
>>> My feeling is that most of the issues are going to be related to the >>> implementation and application of OpenDD, rather than with the format >>> itself. In the import/export usecase OpenDD is just a medium for data >>> exchange...
>>> Marcus
>>> On Aug 4, 10:55 pm, Tom Wang <tse...@gmail.com> wrote: >>> > Hi everyone,
>>> > Has there been a discussion on some of the security implications and >>> > designs that may be necessary regarding importing an OpenDD document? >>> > I have not noticed anything regarding security on the OpenDD website >>> > or this discussion group. Thanks.
>>> > Tom
>> -- >> Chris Messina >> Citizen-Participant & >> Open Source Advocate-at-Large >> factoryjoe.com # diso-project.org >> citizenagency.com # vidoop.com >> This email is: [ ] bloggable [X] ask first [ ] private
-- Chris Messina Citizen-Participant & Open Source Advocate-at-Large factoryjoe.com # diso-project.org citizenagency.com # vidoop.com This email is: [ ] bloggable [X] ask first [ ] private
> Once you've granted access using the typical OAuth flow, you'd simply be
> piping OAuth-signed ODD documents back and forth.
> Chris
> On Tue, Aug 5, 2008 at 3:07 AM, Marcus Povey <mar...@dushka.co.uk> wrote:
> > Hi Tom,
> > The discussion has not yet been formally had, but I'm more than happy
> > to have it now :)
> > I've had to think about a number of things when putting together the
> > Elgg implementation, but I have not talked about this at length
> > because they were issues that were specific to Elgg.
> > My feeling is that most of the issues are going to be related to the
> > implementation and application of OpenDD, rather than with the format
> > itself. In the import/export usecase OpenDD is just a medium for data
> > exchange...
> > Marcus
> > On Aug 4, 10:55 pm, Tom Wang <tse...@gmail.com> wrote:
> > > Hi everyone,
> > > Has there been a discussion on some of the security implications and
> > > designs that may be necessary regarding importing an OpenDD document?
> > > I have not noticed anything regarding security on the OpenDD website
> > > or this discussion group. Thanks.
> > > Tom
> --
> Chris Messina
> Citizen-Participant &
> Open Source Advocate-at-Large
> factoryjoe.com # diso-project.org
> citizenagency.com # vidoop.com
> This email is: [ ] bloggable [X] ask first [ ] private
Whether you do this as a flag on relationship, or by having two
relationship tags defining a relationship instead of one, is
debatable.
So, a tag saying 'Alice is a friend of Bob' and another saying 'Bob is
a friend of Alice' would together define a bidirectional
representation of a friend.
Import from a system like elgg or livejournal where friends are not
bidi to one where they are would probably have to trigger some
conflict resolution - confirmation emails etc as suggested.
> I think bidi relationship statuses could be offered in the spec but
> should not be required. For example, "following" has become common as
> of late (see Twitter) and bi-directionality is not only *not*
> required, but possibly the minority situation.
> As well, bi-directionality is contextual: perhaps we follow each other
> on Twitter but not on Tumblr or some other such site.
> Take a look at the spec coming out of portablecontacts.net for more
> thinking on this.
> Chris
> On 8/6/08, Tse-Wen Tom Wang <tse...@gmail.com> wrote:
> > Sounds good. OAuth should work here.
> > I think another thing to watch out is that any relationship imported
> > from an ODD document should require the same confirmation as an
> > ordinary "Add Friend" in the social network. For instance, let's say
> > that LinkedIn and MySpace decide to implement OpenDD. LinkedIn
> > records the relationships as "connections." If MySpace decide simply
> > to import the connections relationships from LinkedIn without
> > confirmation, and your boss and you are connected in LinkedIn, your
> > boss can simply add you as a friend on MySpace by exporting the ODD
> > file from LinkedIn and importing it into MySpace. This very well may
> > not be desirable, depending on what you have put on MySpace.
> > Tom
> > On Tue, Aug 5, 2008 at 6:00 PM, Chris Messina <chris.mess...@gmail.com>
> > wrote:
> >> I'll just put it out there, but I think OAuth is a blanket solution for
> >> data
> >> access here...
> >>http://oauth.net > >> Once you've granted access using the typical OAuth flow, you'd simply be
> >> piping OAuth-signed ODD documents back and forth.
> >> Chris
> >> On Tue, Aug 5, 2008 at 3:07 AM, Marcus Povey <mar...@dushka.co.uk> wrote:
> >>> Hi Tom,
> >>> The discussion has not yet been formally had, but I'm more than happy
> >>> to have it now :)
> >>> I've had to think about a number of things when putting together the
> >>> Elgg implementation, but I have not talked about this at length
> >>> because they were issues that were specific to Elgg.
> >>> My feeling is that most of the issues are going to be related to the
> >>> implementation and application of OpenDD, rather than with the format
> >>> itself. In the import/export usecase OpenDD is just a medium for data
> >>> exchange...
> >>> Marcus
> >>> On Aug 4, 10:55 pm, Tom Wang <tse...@gmail.com> wrote:
> >>> > Hi everyone,
> >>> > Has there been a discussion on some of the security implications and
> >>> > designs that may be necessary regarding importing an OpenDD document?
> >>> > I have not noticed anything regarding security on the OpenDD website
> >>> > or this discussion group. Thanks.
> >>> > Tom
> >> --
> >> Chris Messina
> >> Citizen-Participant &
> >> Open Source Advocate-at-Large
> >> factoryjoe.com # diso-project.org
> >> citizenagency.com # vidoop.com
> >> This email is: [ ] bloggable [X] ask first [ ] private
> --
> Chris Messina
> Citizen-Participant &
> Open Source Advocate-at-Large
> factoryjoe.com # diso-project.org
> citizenagency.com # vidoop.com
> This email is: [ ] bloggable [X] ask first [ ] private
|
