Earlier today I came across an article on RWW (http://bit.ly/b8Ft7l)
regarding a "Universal Check-in" being proposed by Mark Krynsky. The
idea, as the name implies, is similar to the goals of FireEagle in
that you check-in through a single service and that location is then
re-published to other LDS services. It seems to me that this is the
wrong approach and that it fact fits in perfectly with WebFinger.
I'm curious if there has been any discussion around how to express/
reference an individuals location within an XRD.
We've recently added our own WebFinger discovery resources and would
like to add discoverable location information as well.
Darren
--
--
John Panzer / Google
jpa...@google.com / abstractioneer.org / @jpanzer
1) Location providers like FireEagle, Gowalla, Foursquare all settle
on a standard location auth/API approach for getting "your location".
My Webfinger provider has a special slot for me to enter in the domain
name of my Location Provider. From then on, location consumers can
look me up by my Webfinger, and get permission from the Location
Provider specified in my Webfinger profile through whatever standard
mechanism providers settled on.
2) I sign into Gowalla, which can see my Webfinger account from my
email, and it asks for permission (via OAuth I guess) to keep my
Webfinger profile up to date with my location.
Do either of these seem like a promising direction?
-- Eric
-- Eric
I don't suppose anyone from Foursquare or Gowalla is on the list?
-- Eric
> I agree that this is the right approach, so how would this work? Two
> approaches come to mind:
>
> 1) Location providers like FireEagle, Gowalla, Foursquare all settle
> on a standard location auth/API approach for getting "your location".
> My Webfinger provider has a special slot for me to enter in the domain
> name of my Location Provider. From then on, location consumers can
> look me up by my Webfinger, and get permission from the Location
> Provider specified in my Webfinger profile through whatever standard
> mechanism providers settled on.
>
> 2) I sign into Gowalla, which can see my Webfinger account from my
> email, and it asks for permission (via OAuth I guess) to keep my
> Webfinger profile up to date with my location.
>
> Do either of these seem like a promising direction?
Yes and no.
Similar to the issues around FOAF, advertising where your services are could be viewed as over sharing. In other words, I don't want to share who my location service is with the world.
Asking the user for their location service and having that standardized is a great idea. This also allows the user to run more than one service, and offer up the one that is appropriate for the context.
-- Dick
--David
> FriendFeed and Buzz users seem comfortable with sharing which services
> they use. That isn't to say that there aren't use cases around
> discovering non-publicly listed services, but there's a lot to do with
> public stuff first.
Users were "comfortable" with FOAF files at first as well ...
IMHO, Webfinger solves the bootstrap discovery problem: binding an identifier the user is familiar with to a place to ask more questions. Like FOAF, I think additional information being published will be problematic from a privacy point of view.
-- Dick
-- Eric
Making the services I use publicly available makes it much easier to spear-phish me.
-- Dick
-- Eric
Frankly, if the information is already published in a public document
then exposing it via programmatic discovery like this isn't an issue.
Some services will be comfortable with this, others won't.
Darren
--
darren bounds
dar...@cliqset.com
> Any additional context available aids in spear fishing, it certainly
> isn't limited to services information or location.
>
> Frankly, if the information is already published in a public document
> then exposing it via programmatic discovery like this isn't an issue.
> Some services will be comfortable with this, others won't.
I agree if it is public, then having it available programatically does not make a difference.
I believe that a model where the user pushes their service information is much better for security and privacy than where anyone can pull it at will.
-- Dick
> I would put the blame on slow adoption of FOAF on the fewer services
> out there that use such information. By contrast, use of location
> awareness by web and mobile apps is exploding.
Pretty much all location awareness apps I have encountered have asked permission to get my location, and they know my location service by virtue of where they were installed. I must be missing where the location service discovery is happening and the use exploding.
I was pretty active telling FOAF supporters what the privacy issues were, and when they moved to opt-in, no one wanted to bother.
meta-point: let's learn from history. FOAF was not adopted for a number of reasons.
-- Dick
That was one of the things we discussed in the design of XRD.
It is possible that one of the links you have in you public XRD is to a private XRD service. that requirers authorization before disclosing more information.
We also considered returning a private XRD as a AX value or SAML assertion.
Private XRD can also safely contain access tokens for the services they describe.
John B.
I don't see how exposing what location-aware services you use is
exposing anything private.
-- Eric