[OpenID] foaf and openid

Story Henry Henry.story at bblfish.net
Mon Jul 23 10:25:44 UTC 2007 

Hi Peter,

I am very new to OpenId, which is why it has taken me so long to answer.
I have experience with RESTful web services like the Atom protocol  
and with
Semantic technologies such as RDF,  and have read the basic introductory
material to OpenId. So my answers may be naive, but it may also bring
valuable fresh insights.

On 20 Jul 2007, at 19:58, Peter Williams wrote:

> Im guessing  that there is a pony in here, somewhere. I just cannot
> quite grasp it.
>
> Im really interested in this notion of social networking becoming a
> UCI-reliance model for OpenIDs - a reliance model that goes above and
> beyond the similar but different layer model that OP consumer agents
> need to gauge the assurance of asserting parties. I'm particularly
> interested in the FOAF angle because of its RDF orientation, being a
> metadata-driven search. (Realty is all about metadata-driven http  
> search
> infrastructure, unlike the typical search-engine dominated web)

That sounds very interesting too yes.

> I just cannot quite follow your terminology yet, Peter being dumb.

I put a lot more effort in the blog article (link below) than in the  
short
summary of it to this mailing list. Thanks for helping me out here, as I
am not yet well versed in the OpenId language.

> Comment on my rewrite, please:
>
> "The idea is simply to add a foaf link to the html representations of
> the openid resource, so that servers could use that information to
> present more information to the client."
>
> The idea is simply to add a link to the head section of the html
> representation of the openid resource that points to an RDF resource -
> so that an OP consumer supporting a service provider's website could
> present that information to users trying to leverage an OpenID more
> widely, after login has succeeded

Yes. That was indeed the intent.

> If this rewrite is even half accurate, the FOAF-centric RDF locator
> function and the followup SPARQL query on the RDF document by the OP
> Consumer would play a similar added-value to that played by OpenID
> Exchange. Whereas OpenID Exchange helps a OP Provider website control
> whether and which attributes are released to the trust point(s)
> nominated in the OpenID Auth messages, "OpenID FOAF" would help the OP
> Consumer display/control how X resources on the SP site would then be
> shared with other OpenID-identified parties, once the SP session  
> exists
> for the UCI presented.

Though I have difficulty with the explosion of acronyms here, I think
what I am proposing may be both. Let me write things out in detail so
that possible acronym misunderstandings can become clear.

A foaf URL points to a resource which can return a number of
different representations. The default foaf representation may be very
minimal, something like:

@prefix foaf: <http://xmlns.com/foaf/0.1/>

<http://openid.sun.com/bblfish/foaf#p>
     a foaf:Person;
     foaf:openid <http://openid.sun.com/bblfish>;
     foaf:blog <http://blogs.sun.com/bblfish>;
     foaf:project <https://sommer.dev.java.net>, <https:// 
bloged.dev.java.net/>;
     foaf:fundedBy <http://sun.com/SUNW>; #or some url for Sun  
Microsystems
     foaf:nick "bblfish".

As the client (my Firefox instance) logs into a particular web service
(say dzone.com) it offers me choice as to how visible I wish to make
myself to that particular service. So I may choose between selections  
such
as

   * personl info
   * electronic addresses
   * pysical address
   * friends
   ...

Say I choose to tick the "Personal info" and "Electronic addresses"
check box and log in.

Now I imagine the web service (dzone.com) wants to personalize the web
site for me, as explained in the blog post. It wants to find an icon for
me, my nickname, and be able to send me email updates of responses to
my comments.

 From downloading http://openid.sun.com/bblfish it knows my foaf URL.  
But let
us imagine a world where it (dzone.com) knows to send a header in the  
request
to the foaf resource that identifies it as having been logged in by  
me. Now the
OP provider (openid.sun.com) receiving this request will know to send  
a fuller
response back. Perhaps:

<http://openid.sun.com/bblfish/foaf#p>
     a foaf:Person;
     foaf:openid <http://openid.sun.com/bblfish>;
     foaf:nick "bblfish";
     foaf:project <https://sommer.dev.java.net>, <https:// 
bloged.dev.java.net/>;
     foaf:fundedBy <http://sun.com/SUNW>; #or some url for Sun  
Microsystems
     foaf:blog <http://blogs.sun.com/bblfish>;

     foaf:name "Henry Story";
     foaf:birthday "07-29";
     foaf:mbox "henry.story at bblfish.net" .


The web service (dzone.com) can now SPARQL query the representation  
returned and
extract the information it needs if there (hence the OPTIONAL   
clauses in SPARQL).

So the foaf URL is public, and can queried (using HTTP GET) by  
anyone. But it will
return different represenatations depending on the authentication  
credential of the
querier (which I have hand waved into existence).

So to get back to your distinction

>  Whereas OpenID Exchange helps a OP Provider website control
> whether and which attributes are released to the trust point(s)
> nominated in the OpenID Auth messages,

My suggestion permits this.


> "OpenID FOAF" would help the OP
> Consumer display/control how X resources on the SP site would then be
> shared with other OpenID-identified parties, once the SP session  
> exists
> for the UCI presented.

And it permits this, though there is no need for a session to exist  
at all.
Sessionless requests may return a lot less information.

> Have I got the jist? Or, am I heading the wrong way round?

I think you got it mostly right. I am thinking here in a very  
Resource Oriented Way,
which is a habit that RDF makes much easier to get into.

> The architecture would seem to elaborating is similar to the actual  
> way
> passport (OP provider) and messenger IM client (OP Consumer) actually
> work today. Once I have logged into the IM network, my profile (RDF)
> controls who on my buddy, profile-nominated friends, or FoaFs, can see
> my status, or initiate one or other additional service with me  
> (webcam,
> P2P voip call, video link , shared gaming session, virtual group sex
> between FoaFs, etc).

That would indeed be an interesting application. If I login to Yahoo  
with my
Sun OpenId and allow them to see my friends, this could immediately  
allow me to
those that it knows about in my aim chat sessions. Since I may not  
have made that
information public to dzone, they would never see that information  
when GETing my sun
foaf file.

Does this help?

Henry

> Is this where AOL's IM is going, with OpenID?
>
>
> -----Original Message-----
> From: general-bounces at openid.net [mailto:general- 
> bounces at openid.net] On
> Behalf Of Story Henry
> Sent: Friday, July 20, 2007 5:50 AM
> To: general at openid.net
> Subject: [OpenID] foaf and openid
>
> Hi,
>
> It occurred to me recently that there was a nice and simple use of
> foaf and openid, where the two could be made to mesh very nicely and
> improove the user experience.
>
> http://blogs.sun.com/bblfish/entry/foaf_openid
>
> The idea is simply to add a foaf link to the html representations of
> the openid resource, so that servers could use that information to
> present more information to the client.
>
> Now a little more advanced question would be to specify for each
> service what type of depth of access one may want to give them to
> one's foaf file. This is where a little protocol tricks could come in
> useful.
>
> Henry
>
>

More information about the general mailing list