- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Sun, 2 Jun 2013 23:28:01 +0200
- To: Evan Prodromou <evan@e14n.com>
- Cc: "public-fedsocweb@w3.org" <public-fedsocweb@w3.org>
- Message-ID: <CAKaEYhJON3TvZ1+AJqR7LsLxBQ=Bkumh1rLHGTAysTUWxECLfA@mail.gmail.com>
On 2 June 2013 23:25, Melvin Carvalho <melvincarvalho@gmail.com> wrote: > > > > On 2 June 2013 17:27, Evan Prodromou <evan@e14n.com> wrote: > >> I think it's unlikely that we're all going stop hacking, sit down around >> a big table, hash out the perfect social networking protocol, and then rush >> off to implement it. >> >> First, because if you think about it too little, you come up with an >> insufficiently powerful protocol to do what people need done. >> >> Second, if you think about it too much, you'll go down so many ratholes >> that you'll never actually publish a protocol. >> >> I think that by their nature, FSW technologies require internetworking >> protocols for instance-to-instance communication. >> >> I think that developers will implement those protocols that make sense >> for their users, or for acquiring new users. I don't think they'll pick a >> protocol because it looks great or because it's easy; they'll do it because >> they have to. Because there are lots of users on that other internetwork. >> >> There will probably be some components that we'll see making up most of >> the internetworking and client interfaces from here: >> >> - domain-based IDs (HTTP URLs and/or Webfinger) >> >> HTTP URLs, yes. Webfinger is promising, bit it is not yet a standard. I > know you follow the IETF standardization of WF, but it's not ready yet. > There's good reasons for that. But I do see progress. When WF can > interoperate with other serializations it will be first class. I actually > think the WG is doing a great job but they inherited a huge mess based on > XML and XRD. Moving to JSON has been a big plus, imho > >> >> - RESTful APIs >> >> Definitely RESTful APIs are extremely powerful, perhaps more powerful > than the web itself. Tho you'll find almost all APIs break the rules of > REST one way or another, but this still is OK, in most cases. > > >> >> - >> - JSON >> >> JSON is very advantageous in that once you fetch the object, it's all in > memory. > > >> >> - OAuth >> >> I dont think OAuth is the one auth system to rule them all. It has it's > place as part of a trusted third party paradigm, but it's only one way. > Auth comes down to sharing enough entropy such that your attacker has > little incentive to try and attack. > > >> >> - HTTPS for on-the-wire security >> >> A nice goal, and I agree. But we are still some ways from "HTTP > everywhere". Facebook actually got to 100m users with HTTPS. > Sorry typo mixed up the two, that should read "HTTPS everywhere" :) > >> >> - >> >> Finally: I think federation can be well-served by a monoculture of Free >> and Open Source servers. There are network effects between users, but there >> are also network effects between sysadmins, developers, documentation >> writers, translators, third-party developers, and so on. There are hazards >> of stagnation, and choke points, but more people working on the same >> codebase is better than lots of people working on different codebases. >> > > FLOSS certainly is a big plus, but it's not a magic bullet. We need to > demonstrate interoperability that will grow the network effect. We need to > allow friending from one system to another, or establish why it's not > practical. > > Thanks for the comments, enjoyed reading, and thought provoking! > > >> >> -Evan >> > >
Received on Sunday, 2 June 2013 21:28:29 UTC