After OpenID

Portable social networks
=========================

DiSo is an umbrella project for open-source implementations of distributed social networks.

XFN is one approach to distributed social networking. But it could use a more fully featured API.

Another option is to store one's social network as a file on CloudFS. Check out the session on Cloud on Sunday at 11am for more info.

XMPP for subscribing to frequent updates
========================================

XMPP (Jabber) can be used for pulling updates from a service that updates very frequently, on the order of 4 seconds. In these cases, RSS and other polling techniques use too much overhead. There is also a risk that overhead-heavy requests will be dropped if they are submitted with a high frequency.

One way to use XMPP for subscribing to information is to host an XMPP server at your OpenID. Applications could be configured to send updates as XMPP messages to that server.

Problems with XMPP: it may be difficult to set up and maintain. People are used to HTTP, but not XMPP. An HTTP/XMPP bridge might help with that.

Distributed Twitter
====================

The idea: put Twitter out of business by getting the Twitter thing done right.

When will URLs replace email addresses
=======================================

URLs as identifiers allow more options than email addresses. For example, a URL can be used as an OpenID.

Email can be sent to URLs instead of email addresses

One problem is that many people strongly associate their email address with their identity, and don't know what to do with a URL.

A compromise is to define an email to URL mapping.
Note taker's note: To be able to map any email address to a URL is difficult without a central authority. But if your email host itself supports such a mapping, then it is easy. The email host could publish a WZDL file or something that provides a specification. So, for example, hallettj@gmail.com could map to openid.gmail.com/hallettj

X500 is a centralized system for mapping identities to email addresses. LDAP provides a similar function.

Privacy, or compartmentalizing your identity
=============================================

As a user, is it better to use multiple email addresses / OpenIDs for different profiles, or to put everything under a unified identity?

If everything is unified, privacy issues come up. If you give someone your unified ID, they could potentially have access to all aspects of your life.

Is managing multiple identities the job of the protocol?

Does online identity map to the real world?

In the real world, we use one identifier - a driver's license - to access many different resources. But presenting your ID at the liquor store does not mean that your employer, who also has access to that ID, has access to your booze purchases.

On the other hand, we also use multiple IDs in the form of membership cards for some services, instead of a unified ID. But often the unified ID is presented to get access to the membership cards.

In the real world, it is possible to save face through ambiguity. Is this possible in a digital environment, where everything is recorded in perfect detail? And what does it look like?

Relationships don't always fit the binary classification of friend or not friend. It should be possible for the user to define multiple "faces" that encompass certain aspects of their personal information, and to share only a certain face with any given person. For example, you might want to share certain information with one group of friends, but you might want to exclude some of that information when sharing with a different group.

Managing identities is a separate problem from managing what information third parties get access to. Access to your information is defined by the contract layer. Websites define the contract layer through their privacy policy, and through the mechanics of how information is shared between contacts.

To make the contract layer easier to define, somebody could come up with documents similar to Creative Commons licenses. CC licenses are built from widely understood components, such as by-attributed, and no-commercial; There could be a similar set of components for defining privacy policies.
(Note taker's note: I think this is a great idea.)

How do you deal with situations where you post something online that you later regret? There could be a market for USB breathalizers, to prevent drunk Tweeting.

Some people are comfortable with people seeing everything they post online. Other's are more reserved. And there is an additional problem of potential employers, or people with different cultural perspectives, who are more conservative than you are.

When someone you have never met approaches you, and knows information about you from Twitter or from your blog, is that cool, or creepy? Opinions seem to vary.

Japan is ahead of the US in online identities and profiles. But they also have a very different cultural perspective in many respects. For example, facts, even of a personal nature, are revealed without embarrassment. But opinions are personal and private.

In India the issue of privacy online has not come up with as much force as in the US, because there is a disconnect between online and offline life. But the privacy issue may come to a head there too in the near future.

Can technology or the contract layer mediate between cultures?

Most people will use the largest social networks. So the people who run those networks have a responsibility to educate users about privacy considerations.

Central authorities for IDs: where can you register your identity? Is having such respected authorities something that is important?

When will users get payed for the content that they generate? Many web applications make a profit from ad revenue, and much of that revenue is driven by user-generated content.

Who owns your digital identity?