ravan: by Ravan (Default)
ravan ([personal profile] ravan) wrote2007-06-01 03:45 pm
Entry tags:

Distributed "friending" - Blog Key

This originally was a comment on [livejournal.com profile] mdlbear's journal, but I feel it needs a wider audience, and expansion.

The problem with LJ is that the most useful factors - friends and communities, and granularity thereof - are not available on standard "plain" blogging software. Ordinary blogs are either/or - invite only, or all public. LJ has the granularity of access, but is controlled by a single corporation that is susceptible to economic and political pressure. What is needed is a way to build the community and friends lists (and access restrictions) that is platform and provider independent.

Enter "Blog Key". This software doesn't exist yet, it's only a concept. This concept involves a plugin. Each type of blogging software would have the plugin(s) ported to it, but is otherwise platform agnostic.

Plugin: "Blog Keys" - This plugin:
A) generates a public/private key pair, and integrates it into the viewing setting for your blog. No accepted key, no blog see.
B) provides easy distribution of public keys.
C) authenticates against given public key(s) that you've accepted, allowing the key generator(s) to read a protected entry.
D) provide an authentication layer by which you would be able to read the blogs of others who had accepted your key, and enabled you to read that entry.
E) provides rss feeds of blogs that you have keys to read (a "friends page")

If I want to be be involved in a blog key group, I enable access to my public key.

A blogger who want to let me read and comment on their blog transfers my public key to their plugin "Add my key!" type button. Thenthey add me to their general reader group, and additionally any subgroups that they wish. They would not, however, be able to read *my* entries, until I added their key to my plugin.

Essentially, the plugin becomes a keychain. I can read any journals that have accepted my key, and enabled my authenticated viewing of the particular entry.

Both commercial (6A) and open source blogging software could implement this. It would still allow public (no key required) posting, could be set up to require key authentication to comment, or be "friends only". All you'd need to participate would be a blogging platform that had the plugin available.

I can't program this, but I'm sure that an open project like WordPress would be glad to have it.
mdlbear: blue fractal bear with text "since 2002" (Default)

[personal profile] mdlbear 2007-06-02 06:33 am (UTC)(link)
Go ahead. I'll add you back.

Relying on a single key per person could work, but it would mean you'd have to register it everywhere you go. Groups require a little more work, but allow you to tell your server that you trust any member of a group.

[identity profile] raindrops.livejournal.com 2007-06-02 06:49 am (UTC)(link)
I was thinking that with a strong key-pair core, a framework could be developed around that to make it portable on both the client and server sides, without having to register at every turn. Kinda defeats the purpose, doesn't it, if you have to register separately at each site?

There has to be a way to tackle both trust and identity issues in a single framework that accomplishes the stated purposes.

[identity profile] ravan.livejournal.com 2007-06-02 07:24 am (UTC)(link)
You wouldn't. The only place you'd register was your *own* site, and then use the plugin to manage the interface with other instances of plugin. A person who wanted to let you read their locked down posts would need to go to your site, and grab your public key to load into their "accepted" readers group.
mdlbear: blue fractal bear with text "since 2002" (Default)

[personal profile] mdlbear 2007-06-02 02:50 pm (UTC)(link)
Microsoft, Sun, and others are already hard at work on an identity framework. And then there's OpenID, which doesn't rely on a plugin, just some fairly simple server-side stuff that allows some other server that knows you to vouch for you. The plug-in, then, would just be your own blog server's OpenID server. No need for anything on your browser, which is a darned good thing because some people blog from cell phones and other devices that don't support user-installed software.

There's a bit of overhead, but it's probably no more than you'd have with the current "friend me and I'll add you back" stuff. Probably less, because you could make it into a browser plug-in that would work everywhere, not just on one blogging site.

[identity profile] ravan.livejournal.com 2007-06-02 07:08 pm (UTC)(link)
The plugin was never intended be a *browser* plugin (client-side), it would be a *blog software* plugin (server-side). The fact that the same term is used for both client-side and server-side software add-ons is a bit irksome.

If a server-side blog plugin was written to use OpenID as the engine, and then add reader/commenter access importation/assignment, tracking, and granularity engine for entries as a user-friendly wrapper for blogs, that would work.

Then blog friending, communities (which could be a blog set up for OpenID verified posting/comment access) would become peer-to-peer, not dependent on the goodwill of a single corporation.
mdlbear: blue fractal bear with text "since 2002" (Default)

[personal profile] mdlbear 2007-06-02 09:21 pm (UTC)(link)
Sorry; I misremembered the original post. A lot of blogging packages are using OpenID already; that may be sufficient for the moment.

Another good thing to come out of this might be finally separating the two currently-conflated uses of the "friends" list as a reading list and an access-control list.

[identity profile] ravan.livejournal.com 2007-06-02 07:21 am (UTC)(link)
I love it when geek friends get together.