openid-brainstorming: Difference between revisions
| mNo edit summary |  (→OpenID whitelist authentication for private hCard:  note superceded by indieauth and h-card) | ||
| (21 intermediate revisions by 8 users not shown) | |||
| Line 1: | Line 1: | ||
| <h1> OpenID + microformats Brainstorming </h1> | |||
| {{TOC-right}} | |||
| This is a public space for capturing some ideas on how [ | This is a public space for capturing some ideas on how [[OpenID]] and Microformats can work together. | ||
| == Relevant Microformats == | == Relevant Microformats == | ||
| * [[hcard|hCard]] - for profiles | * [[hcard|hCard]] - for profiles | ||
| * [[xfn|XFN]]   | * [[xfn|XFN]]   | ||
| ** rel="friend" etc. for marking up relationships between profiles | ** rel="friend" etc. for marking up relationships between profiles | ||
| ** rel="me" for [http://gmpg.org/xfn/and/#idconsolidation identity consolidation] among profiles | ** rel="me" for [http://gmpg.org/xfn/and/#idconsolidation identity consolidation] among profiles | ||
| *** Can YADIS be extended to support rel="me"?  | |||
| == Ideas for use == | == Ideas for use == | ||
| * see [[openid-best-practices]]. | |||
| * re-use [[hcard|hCard]] (vCard) vocabulary for HTTP query based key-value pairs of information requested and returned | |||
| === Replace SREG attributes with hCard === | |||
| * [http://factoryjoe.com/blog/2007/11/01/hcard-for-openid-simple-registration-and-attribute-exchange/ hCard for OpenID Simple Registration and Attribute Exchange] by [[Chris Messina]] | |||
| * [http://tantek.com/log/2007/11.html#d02t2318 Replacing OpenID SREG with hCard part 1: Modest proposals] by [[Tantek Çelik]]. | |||
| === Replace Attribute Exchange attributes with hCard === | |||
| Many attributes in the [http://www.axschema.org/types/ attribute registry established at axschema.org] are reinventions of properties defined in [[vCard]] (and thus hCard).  It would be preferable to reuse such vocabulary rather than reinventing it (see also [[naming-principles]]). | |||
| * [http://willnorris.com/2007/11/try-reuse-catch-ex-reinvent try { reuse; } catch (Ex) { reinvent; }] by Will Norris | |||
| == OpenID whitelist authentication for private hCard == | |||
| <div style="padding:1em;background:#ffe">This brainstorm has been superseded by [http://indiewebcamp.com/sign-in-use-cases#show_personal_info sign-in with IndieAuth to show more personal info]</div> | |||
| A blog can use the URLs in its [[XFN]] Friendly blogroll as an OpenID whitelist to provide more information to those that login to the blog with one of those URLs.  This technique can be used to provide more detailed private [[hCard]] contact information to only a subset of people (or services).  You could also build the whitelist of OpenIDs by parsing data out of a social network API or an aggregated list of XFN friends of friends (following the ideas on [[social-network-portability]]). | |||
| [[User:TomMorris|Tom Morris]] has implemented this on [http://tommorris.org/blog his blog], and on a "family extranet". | |||
| In his blog post [http://adactio.com/journal/1348/ MicroformatID], Jeremy Keith explained how Tom's blog works: <blockquote><p>Tom has an hCard on his blog. By default the information provided is fairly basic: an email address, a URL and a vague physical address. Right by the hCard, there’s a simple form that allows you to log on using OpenID. If you log on and you’re on a white list of Tom’s friends, the hCard is updated to reveal more information: telephone numbers and a complete physical address.</p><p>That’s pretty clever. And when you consider that OpenID is a URL-based authentication system and XFN is also based around URLs, it would be pretty easy to have the white list correspond to an XFN list on the same page as the hCard.</p><p>hCard | OpenID | XFN… it’s like Unix pipes for the Web: small pieces, loosely joined.</p></blockquote> | |||
| Tom recently explained this a bit more in his blog post [http://tommorris.org/blog/2007/11/05#pid2533635 Are you on the list? / Once again, in English]: | |||
| <blockquote><p>Here's what I'm trying to do. I have an hCard on my blog - over in the sidebar. I want to make it so that the people who want to get my contact details can. I've had the fun experience of auto-dialling with Skype when microformats are present, and being able to download phone numbers onto my phone. Basically, I want to simulate electronically the situation I have when one gives their business card out to someone without having to carry bits of card around with me. The user experience should something like this:</p><p>User: "I know Tom. I want to contact him by phone or send him something by post." User goes to my blog and enters their OpenID. If user is on list, user sees extra information - my home address and phone numbers. This is all in an hCard, so they can use hCard tools like Operator to use the information in a more useful way.</p> <p>This is important, as often people want to make data available, but not to everyone. OpenID is a good way of letting people authenticate, but not as intrusive as having them sign up and have to give you their e-mail and so on.</p><p>...</p><p>Ideally, when we have a few more pieces in place, we will have it so that we can do automatic OpenID inference - if you have a WordPress blog and I list you as a friend on say, Flickr and Twitter, then you can get access to my personal details. Personal details are also just the tip of the iceberg - everyone has things which they want only some of their friends to be able to see or use. </p><p>The general overall plan is to make it so that network connections can be used as a way of providing or denying services. Some people are using this 'graph' of connections to determine whether or not you are a comment spammer.</p></blockquote> | |||
| * Note from [[User:TomMorris|Tom Morris]]: My system is implemented using FOAF and SPARQL rather than XFN. It is possible, though, using GRDDL to implement XFN and hCard parsing into the system I currently have built. The technical component is done by compiling all the data from a variety of sources into a handful of FOAF files, then running a query like this: <code>SELECT ?openid WHERE { <http://tommorris.org/foaf#me> foaf:knows ?person. ?person foaf:openid ?openid . }</code> (with all the relevant prefixes) - this then emits an XML or JSON file (I use JSON), which is then uploaded to my site. The JSON is available [http://tommorris.org/openids.json here]. I don't use XFN in this system because most of the social networks I am compiling data from already provide it via APIs which works better with the workflow. It would be trivial to add though, and something I will probably do quite soon. If anyone needs assistance implementing this, feel free to contact me. | |||
| *  | Steve Ivy recently started analyzing how to implement this and diagramming processes: | ||
| * [http://redmonk.net/archives/2007/11/25/making-a-list-whitelisting-with-openid-and-xfn/ Making a list: Whitelisting with OpenId and XFN] <br > [http://redmonk.net/archives/2007/11/25/making-a-list-whitelisting-with-openid-and-xfn/ http://redmonk.net/files/skitch/new_xfn_openid_whitelist-20071127-210800.png] | |||
| * [http://redmonk.net/archives/2007/11/26/blogrolls-xfn-and-openid-uris/ Blogrolls, XFN, and OpenID URIs] | |||
| * I'm experimenting with how to markup XFN+hCard+OpenID on [http://redmonk.net/more_monkinetic/xfn-blogroll/ my XFN blogroll page] | |||
| <code> | |||
| <pre> | |||
| <li class="vcard"> | |||
|     <!-- openid url on the person's name --> | |||
|     <a href="http://claimid.com/factoryjoe" rel="acquaintance colleague" | |||
|           class="fn url openid">Chris Messina</a> | |||
|     <!-- blog url on the blog name --> | |||
|     - <a href="http://factoryjoe.org/blog" class="url"  | |||
|             title="Factory Joe">Factory Joe</a> | |||
| </li> | |||
| </pre> | |||
| </code> | |||
| Though it's not a standard, conceivably a spider processing whitelists could use the "openid" class to determine that a url page is an openid for the contact. Alternatively (and more definitively) follow each <code>url</code> and check to see if it is an openid url (<code><link rel="openid.provider"></code> or <code><link rel="openid.delegate"></code> perhaps?)  | |||
| -- Steve | |||
| === Counterpoints === | |||
| * Will Norris on [http://willnorris.com/2007/11/hcard-is-not-a-provisioning-engine-for-private-data privacy issues in using hcard for data provisioning.] | |||
| ** Most of Will's questions/concerns are explained by Tom's abovementioned blog post. | |||
| ==See also== | ==See also== | ||
| * [[hCard]] | |||
| *[ | * [[XFN]] | ||
| * [[social network portability]] | |||
| * [[OpenID]] | |||
| * [[OAuth]] | |||
| * [[naming-principles]] | |||
Latest revision as of 21:21, 13 August 2014
OpenID + microformats Brainstorming
This is a public space for capturing some ideas on how OpenID and Microformats can work together.
Relevant Microformats
- hCard - for profiles
- XFN
- rel="friend" etc. for marking up relationships between profiles
- rel="me" for identity consolidation among profiles
- Can YADIS be extended to support rel="me"?
 
 
Ideas for use
- see openid-best-practices.
- re-use hCard (vCard) vocabulary for HTTP query based key-value pairs of information requested and returned
Replace SREG attributes with hCard
- hCard for OpenID Simple Registration and Attribute Exchange by Chris Messina
- Replacing OpenID SREG with hCard part 1: Modest proposals by Tantek Çelik.
Replace Attribute Exchange attributes with hCard
Many attributes in the attribute registry established at axschema.org are reinventions of properties defined in vCard (and thus hCard). It would be preferable to reuse such vocabulary rather than reinventing it (see also naming-principles).
- try { reuse; } catch (Ex) { reinvent; } by Will Norris
OpenID whitelist authentication for private hCard
A blog can use the URLs in its XFN Friendly blogroll as an OpenID whitelist to provide more information to those that login to the blog with one of those URLs. This technique can be used to provide more detailed private hCard contact information to only a subset of people (or services). You could also build the whitelist of OpenIDs by parsing data out of a social network API or an aggregated list of XFN friends of friends (following the ideas on social-network-portability).
Tom Morris has implemented this on his blog, and on a "family extranet".
In his blog post MicroformatID, Jeremy Keith explained how Tom's blog works:
Tom has an hCard on his blog. By default the information provided is fairly basic: an email address, a URL and a vague physical address. Right by the hCard, there’s a simple form that allows you to log on using OpenID. If you log on and you’re on a white list of Tom’s friends, the hCard is updated to reveal more information: telephone numbers and a complete physical address.
That’s pretty clever. And when you consider that OpenID is a URL-based authentication system and XFN is also based around URLs, it would be pretty easy to have the white list correspond to an XFN list on the same page as the hCard.
hCard | OpenID | XFN… it’s like Unix pipes for the Web: small pieces, loosely joined.
Tom recently explained this a bit more in his blog post Are you on the list? / Once again, in English:
Here's what I'm trying to do. I have an hCard on my blog - over in the sidebar. I want to make it so that the people who want to get my contact details can. I've had the fun experience of auto-dialling with Skype when microformats are present, and being able to download phone numbers onto my phone. Basically, I want to simulate electronically the situation I have when one gives their business card out to someone without having to carry bits of card around with me. The user experience should something like this:
User: "I know Tom. I want to contact him by phone or send him something by post." User goes to my blog and enters their OpenID. If user is on list, user sees extra information - my home address and phone numbers. This is all in an hCard, so they can use hCard tools like Operator to use the information in a more useful way.
This is important, as often people want to make data available, but not to everyone. OpenID is a good way of letting people authenticate, but not as intrusive as having them sign up and have to give you their e-mail and so on.
...
Ideally, when we have a few more pieces in place, we will have it so that we can do automatic OpenID inference - if you have a WordPress blog and I list you as a friend on say, Flickr and Twitter, then you can get access to my personal details. Personal details are also just the tip of the iceberg - everyone has things which they want only some of their friends to be able to see or use.
The general overall plan is to make it so that network connections can be used as a way of providing or denying services. Some people are using this 'graph' of connections to determine whether or not you are a comment spammer.
- Note from Tom Morris: My system is implemented using FOAF and SPARQL rather than XFN. It is possible, though, using GRDDL to implement XFN and hCard parsing into the system I currently have built. The technical component is done by compiling all the data from a variety of sources into a handful of FOAF files, then running a query like this: SELECT ?openid WHERE { <http://tommorris.org/foaf#me> foaf:knows ?person. ?person foaf:openid ?openid . }(with all the relevant prefixes) - this then emits an XML or JSON file (I use JSON), which is then uploaded to my site. The JSON is available here. I don't use XFN in this system because most of the social networks I am compiling data from already provide it via APIs which works better with the workflow. It would be trivial to add though, and something I will probably do quite soon. If anyone needs assistance implementing this, feel free to contact me.
Steve Ivy recently started analyzing how to implement this and diagramming processes:
- Making a list: Whitelisting with OpenId and XFN 
  
- Blogrolls, XFN, and OpenID URIs
- I'm experimenting with how to markup XFN+hCard+OpenID on my XFN blogroll page
<li class="vcard">
    <!-- openid url on the person's name -->
    <a href="http://claimid.com/factoryjoe" rel="acquaintance colleague"
          class="fn url openid">Chris Messina</a>
    <!-- blog url on the blog name -->
    - <a href="http://factoryjoe.org/blog" class="url" 
            title="Factory Joe">Factory Joe</a>
</li>
Though it's not a standard, conceivably a spider processing whitelists could use the "openid" class to determine that a url page is an openid for the contact. Alternatively (and more definitively) follow each url and check to see if it is an openid url (<link rel="openid.provider"> or <link rel="openid.delegate"> perhaps?) 
-- Steve
Counterpoints
- Will Norris on privacy issues in using hcard for data provisioning.
- Most of Will's questions/concerns are explained by Tom's abovementioned blog post.