- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Sun, 2 Jun 2013 23:25:44 +0200
- To: Evan Prodromou <evan@e14n.com>
- Cc: "public-fedsocweb@w3.org" <public-fedsocweb@w3.org>
- Message-ID: <CAKaEYhJKS086VNS5S+wCLRKez2hf6yKLi-V6TL7Mruiuvy5CdQ@mail.gmail.com>
On 2 June 2013 17:27, Evan Prodromou <evan@e14n.com> wrote: > I think it's unlikely that we're all going stop hacking, sit down around > a big table, hash out the perfect social networking protocol, and then rush > off to implement it. > > First, because if you think about it too little, you come up with an > insufficiently powerful protocol to do what people need done. > > Second, if you think about it too much, you'll go down so many ratholes > that you'll never actually publish a protocol. > > I think that by their nature, FSW technologies require internetworking > protocols for instance-to-instance communication. > > I think that developers will implement those protocols that make sense for > their users, or for acquiring new users. I don't think they'll pick a > protocol because it looks great or because it's easy; they'll do it because > they have to. Because there are lots of users on that other internetwork. > > There will probably be some components that we'll see making up most of > the internetworking and client interfaces from here: > > - domain-based IDs (HTTP URLs and/or Webfinger) > > HTTP URLs, yes. Webfinger is promising, bit it is not yet a standard. I know you follow the IETF standardization of WF, but it's not ready yet. There's good reasons for that. But I do see progress. When WF can interoperate with other serializations it will be first class. I actually think the WG is doing a great job but they inherited a huge mess based on XML and XRD. Moving to JSON has been a big plus, imho > > - RESTful APIs > > Definitely RESTful APIs are extremely powerful, perhaps more powerful than the web itself. Tho you'll find almost all APIs break the rules of REST one way or another, but this still is OK, in most cases. > > - > - JSON > > JSON is very advantageous in that once you fetch the object, it's all in memory. > > - OAuth > > I dont think OAuth is the one auth system to rule them all. It has it's place as part of a trusted third party paradigm, but it's only one way. Auth comes down to sharing enough entropy such that your attacker has little incentive to try and attack. > > - HTTPS for on-the-wire security > > A nice goal, and I agree. But we are still some ways from "HTTP everywhere". Facebook actually got to 100m users with HTTPS. > > - > > Finally: I think federation can be well-served by a monoculture of Free > and Open Source servers. There are network effects between users, but there > are also network effects between sysadmins, developers, documentation > writers, translators, third-party developers, and so on. There are hazards > of stagnation, and choke points, but more people working on the same > codebase is better than lots of people working on different codebases. > FLOSS certainly is a big plus, but it's not a magic bullet. We need to demonstrate interoperability that will grow the network effect. We need to allow friending from one system to another, or establish why it's not practical. Thanks for the comments, enjoyed reading, and thought provoking! > > -Evan >
Received on Sunday, 2 June 2013 21:26:12 UTC