Often when I encounter tech-savvy folks and I mention that I spend a lot of my time working on the identity problem they mention FOAF. FOAF, or Friend of a Friend, for those unfamiliar is a spec for how to write down a mess of information about a person. It uses XML, well actually the RDF variant of XML. Oh, and it can be used for any entity not just for a person.
FOAF is a nice format to solving various problems about how to reveal information about a person. It doesn’t try to tackle other issues; like privacy and it’s complement: how to broker the data exchanges. It is a pretty good solution to the question: “What might a user model look like.”
Thus if you embrace the magic happens model of this identity business FOAF is an acceptable first draft of what we want the magic to return so the web site can begin to make a better experience for it’s visitors.
If we cheerfully ignore issues of privacy then the magic we are seeking is “just a directory” problem. The web site queries the magic and get’s back a pointer to the user’s FOAF file.
You could thread that needle with web bugs, shared cookies, or redirection bouncing.
For example: Redirection bouncing works as so. The user visits the web site. The web site asks the user’s web browser to redirect to the FOAF directory service. That service then redirects the user’s web browser back to the web site passing a pointer to the user’s FOAF file.
The FOAF directory service has a relationship with site and users. For the web sites it provides the magic. For users it provides the service of making their FOAF easier to find.
There are huge number of issues with a service like this before it becomes useful. Here are a few examples:
- Achieving scale.
- Rate limiting the sites.
- Guarding user privacy.
- Avoiding incidental revealing to incidental observers.
- Efficent authentication of sites using the service.
- Denial of service attacks.
- Tempering the problem that a browser is not identical to a user.
- Avoid enabling gossip like consolidation (without permission) of joined user model.
- Tempering the concentration of power such a hub implies.
- Enabling distribution, extensibility, and distribution, and compartmentalization of the user model.