- From: Ian Hickson <ian@hixie.ch>
- Date: Mon, 12 Jan 2009 06:09:51 +0000 (UTC)
On Sun, 11 Jan 2009, Martin Atkins wrote: > > One problem this can solve is that an agent can, given a URL that > represents a person, extract some basic profile information such as the > person's name along with references to other people that person knows. > This can further be applied to allow a user who provides his own URL > (for example, by signing in via OpenID) to bootstrap his account from > existing published data rather than having to re-enter it. > > So, to distill that into a list of requirements: > > - Allow software agents to extract profile information for a person as often > exposed on social networking sites from a page that "represents" that person. > > - Allow software agents to determine who a person lists as their friends > given a page that "represents" that person. > > - Allow the above to be encoded without duplicating the data in both > machine-readable and human-readable forms. > > Is this the sort of thing you're looking for, Ian? Yes, the above is perfect. (I cut out the bits that weren't really "the problem" from the quote above -- the above is what I'm looking for.) The most critical part is "allow a user who provides his own URL to bootstrap his account from existing published data rather than having to re-enter it". The one thing I would add would be a scenario that one would like to be able to play out, so that we can see if our solution would enable that scenario. For example: "I have an account on social networking site A. I go to a new social networking site B. I want to be able to automatically add all my friends from site A to site B." There are presumably other requirements, e.g. "site B must not ask the user for the user's credentials for site A" (since that would train people to be susceptible to phishing attacks). Also, "site A must not publish the data in a manner that allows unrelated users to obtain privacy-sensitive data about the user", for example we don't want to let other users determine relationships that the user has intentionally kept secret [1]. It's important that we have these scenarios so that we can check if the solutions we consider are actually able to solve these problems, these scenarios, within the constraints and requirements we have. [1] http://w2spconf.com/2008/papers/s3p2.pdf -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Sunday, 11 January 2009 22:09:51 UTC