OStatus on StatusNet and identi.ca is that federation "breaks"
conversational context. That is, if A is subscribed to B, and B
publishes a photo, and C comments on that, A will see B's photo but
not C's comment. One idea here is using Atom threading extensions +
PuSH so that B's photo includes a comments feed, which A's server can
subscribe to, and thus get all activities related to the photo.
However, there doesn't seem to be a similar mechanism in Activity
Streams JSON, which means we'll need to make something up here.
4. Remote site UI. A user from identi.ca who is browsing through
evan.status.net can subscribe to my feed there. We have a mechanism
with Webfinger discovery of a Web endpoint that can be used to
initiate subscription. However, there are lots of things that people
are used to doing to social data on sites they're logged into that
they can't do on remote sites with OStatus: "fave" or "like", "repeat"
or "retweet" or "share", "reply". We'd like to set up a mechanism so
that a user from one service can browse a stream on another service
and interact directly.
These are the main pain points we've hit so far. Is there anything
we're missing here? I'd like to start addressing them to move to a
second version of OStatus, perhaps sometime in the fall.
I'd be interested to know if the privacy considerations here will extend
beyond just the textual and metadata exchange and possibly into media
exchange also. Presuming that I have an image that's on my server that
only my friends can see, and presuming I *do* have some way on my server
to restrict the publication of that image (perhaps via the X-SendFile
header collaboration between the application and nginx/apache), I'd be
interested to know if there's some way my server can validate whether or
not you're authorized to view this photo. (OpenID?)
I'm not sure that's out of scope of OStatus 1.5, but it's something I'm
very interested in.
Regardless, looks exciting & promising! I'm quite enthused.
- cwebb
Evan Prodromou <evan.pr...@gmail.com> writes:
Maybe "Semantic hub" we are implementing and was presented in the
conference could solve part of the privacy. [1]
The main advantage of our implementation is that users have not to
create static/closed groups.
What the clients (subscriber or publisher) should implement and differ
from the current (Google) PuSH implementation:
1. subscribers must have a private FOAF profile where the user interests
and relationships with other people are stored (this can be extended but
we are using only this user data at the moment).
The private FOAF profile can be generated through a web form and
converted to FOAF. We use a triple store but it's not needed.
2. when a subscriber ask for a subscription to the hub, the hub will ask
the subscriber its private FOAF profile. The subscriber will grant
access to its profile the hub authenticating it with WebID, which means
that the subscriber asks the hub a certificate, dereferences the public
WebID URI in it and checks that the rsa key in both is the same.
3. the publishers must have what we call "Privacy Preferences". This are
created through a simple form where the user choose the hashtag that a
post must have to apply that preference, and the interest or/and the
relationship with the publisher that the subscriber must have to receive
the post.
4. when publisher creates a new post, the privacy preferences matching
the hashtag are included in the post item feed.
5. apart of the privacy preferences included in the item feed, the post
should be converted to SIOC and stored also in the item feed. Again we
use a triple store here, but the post in SIOC format can be generated
dynamically and included in the RSS that in our case is a file.
These changes can be implemented in a transparent way to the user that
doesn't need to know anything about Semantic Web, and the logic to
decide which subscribers are receiving the posts is the hub responsibility.
I think that some parts of the SMOB code (PHP) can even be reused in
status.net.
We still don't have an online demo, but will have it soon. And the
implementation will be ready in a month (for production maybe add
another month).
Julia.
[1]
http://d-cent.org/fsw2011/wp-content/uploads/fsw2011-SMOB-The-best-of-both-worlds.pdf
4. Remote site UI. A user from identi.ca who is browsing through
evan.status.net can subscribe to my feed there. We have a mechanism
with Webfinger discovery of a Web endpoint that can be used to
initiate subscription. However, there are lots of things that people
are used to doing to social data on sites they're logged into that
they can't do on remote sites with OStatus: "fave" or "like", "repeat"
or "retweet" or "share", "reply". We'd like to set up a mechanism so
that a user from one service can browse a stream on another service
and interact directly.
These are the main pain points we've hit so far. Is there anything
we're missing here? I'd like to start addressing them to move to a
second version of OStatus, perhaps sometime in the fall.
I put a lot of time into Atom, I believed (and still believe) it's a
lot better than random tag soup RSS.
Now JSON appears to be a lot easier to deal with, but it does have a
hole that Atom didn't have. I'll use the swear-word in moment, after
saying that Atom is very Web-friendly because it's linky.
The swear-word is namespaces - ok, now forget that. But JSON seems
poor when it comes to having URLs, it tends to have all the worst
characteristic of SOAP, that we all hoped we'd moved beyond.
I've not thought through how to express this properly, but I reckon to
go forwards, we want to cherry-pick the best bits of the technologies
out there. If we want to use the Web, URLs must be in there from day
one.
Cherry-picking again, I think the data model of RDF is the closest
that fits the Web environment, and ... oh dear, now the O Word - the
ontologies and vocabulary management bits of the semantic web are
worth taking on board. Cherries.
But cherries on the pie, that I think is something learnt - make the
pie first, but do it intelligently with respect to all the background
material. Making new stuff is fun, but long-term it's doomed.
Cheers,
Danny.
seeing JSON coming up really hurts. The argument "all the cool kids are
doing it" is a rather weak one. Implementors do not want to burden with
two fundamentally different data formats, and ATOM is in place
everywhere anyway. Therefore it must be implemented by anyone who aims
for compatibility -- the exact reason for OStatus in the first place.
I'd rather see XRD/LRDD replaced by a somewhat more lightweight format,
instead of discarding the rich metadata we put into ATOM.
eschnou wrote:
> Fixing Salmon. I never managed to interop properly with status.net over
> salmon, and I think I'm not the only one. However cross-domain messaging is
> fundamental to full federation. There are too many 'federated' projects out
> there (mine included) which support OStatus except Salmon. That's a pity.
Having worked on your implementation, node-ostatus, I think Salmon is
nice in general. Only that Magic Signature thing seems to come from the
fringes; it was not possible to make it compatible to a StatusNet
instance in terms of signing and verification. I wish John Panzer had
used any widespread protocol already implemented by eg. OpenSSL or
GnuPG.
> I always found it strange to have one method of message & entity
> authentication in PuSH and another one in Salmon. Why not have a common API
> fro cross domain messaging and then build things like PubSub/messages/etc...
> on top of it ? [...]
Both protocols are tailored to fit their niche. For PuSH it's
verification of subscribers and hubs in a URL-based world. For Salmon
it's simple messaging with signature-based verification.
Astro
On Jul 6, 12:45 pm, Evan Prodromou <evan.prodro...@gmail.com> wrote:
> 1. Limited distribution ("privacy"). Currently we use PubSubHubbub for
> distributing activities to subscribers. Although PuSH is a really nice
> system, the "hub" in the middle makes it hard to limit distribution.
Unless you're doing end2end encryption (which doesn't really fit the
mode much) you have to trust the servers anyway. So if you control
the hub and the hub knows about the distribution requirements, you can
just push to the servers that matter. Though you need a way to markup
"only show to X".
Hmm, this is an interesting problem. I expect it can be solved in a
similar way?
If you want so called "modern javascript" developers to pay attention to OStatus then JSON is a smarter strategic decision
On Wed, Jul 6, 2011 at 6:53 PM, Singpolyma <singp...@singpolyma.net> wrote:
On Jul 6, 12:45 pm, Evan Prodromou <evan.prodro...@gmail.com> wrote:
> 1. Limited distribution ("privacy"). Currently we use PubSubHubbub for
> distributing activities to subscribers. Although PuSH is a really nice
> system, the "hub" in the middle makes it hard to limit distribution.Unless you're doing end2end encryption (which doesn't really fit the
mode much) you have to trust the servers anyway. So if you control
the hub and the hub knows about the distribution requirements, you can
just push to the servers that matter. Though you need a way to markup
"only show to X".
Yes. Right now, the hub is unaware of distribution requirements. We need a way to say, "Send only to people who are members of this group" or "send only to the following people".