Distributed "friending" - Blog Key

[ravan]

This originally was a comment on mdlbear's journal, but I feel it needs a wider audience, and expansion.

The problem with LJ is that the most useful factors - friends and communities, and granularity thereof - are not available on standard "plain" blogging software. Ordinary blogs are either/or - invite only, or all public. LJ has the granularity of access, but is controlled by a single corporation that is susceptible to economic and political pressure. What is needed is a way to build the community and friends lists (and access restrictions) that is platform and provider independent.

Enter "Blog Key". This software doesn't exist yet, it's only a concept. This concept involves a plugin. Each type of blogging software would have the plugin(s) ported to it, but is otherwise platform agnostic.

Plugin: "Blog Keys" - This plugin:
A) generates a public/private key pair, and integrates it into the viewing setting for your blog. No accepted key, no blog see.
B) provides easy distribution of public keys.
C) authenticates against given public key(s) that you've accepted, allowing the key generator(s) to read a protected entry.
D) provide an authentication layer by which you would be able to read the blogs of others who had accepted your key, and enabled you to read that entry.
E) provides rss feeds of blogs that you have keys to read (a "friends page")

If I want to be be involved in a blog key group, I enable access to my public key.

A blogger who want to let me read and comment on their blog transfers my public key to their plugin "Add my key!" type button. Thenthey add me to their general reader group, and additionally any subgroups that they wish. They would not, however, be able to read *my* entries, until I added their key to my plugin.

Essentially, the plugin becomes a keychain. I can read any journals that have accepted my key, and enabled my authenticated viewing of the particular entry.

Both commercial (6A) and open source blogging software could implement this. It would still allow public (no key required) posting, could be set up to require key authentication to comment, or be "friends only". All you'd need to participate would be a blogging platform that had the plugin available.

I can't program this, but I'm sure that an open project like WordPress would be glad to have it.

Comments

[tamino.livejournal.com]

I don't use RSS because I can't stomach the fact that it's XML underneath. That's why, with all the plethora of "blog aggregator" software out there, I still just go to the "friends page" on LJ (plus visit the LJs of a few people I want to read who I don't explicitly have friended).

I also feel more comfortable, privacy-wise, hitting LJ (with lynx, so no images get loaded) than hitting someone else's web server where they can see the logs.

For better or for worse, LJ has implemented something that doesn't suck, and it's hard for me to contemplate switching elsewhere.

(S2 does suck, horribly. Argh. But other than that.)

[raindrops.livejournal.com]

That's brilliant. It goes way beyond OpenID.

With the rss feature, you wouldn't need to have a presence on every blog site that your friends do (in theory, of course). Potentially, there could be a sister browser plugin that allows you to aggregate your friends on whatever blog site(s) they use (would also be nice in rss readers).

Just throwing out some ideas during a lull at work.

[mdlbear]

There are several ways to implement groups and access-control lists using public keys; look up SPKI.

The most versatile thing is to give every post its own symmetric "session" key (its MD5 hash works fine), then have a copy of it encrypted with the public key of each friend or group that you want to have access to it.

[mdlbear]

Of course, the other way to do it is to give people accounts. This is something that all web servers and browsers support -- no need for a plugin, and most blog packages support it because they need it for comments.

The only missing piece is distributed identity management, and that's where the public key stuff definitely comes in.

[ragnar21583.livejournal.com]

Sounds like basic Key Infastructures being applied to blogging. It works across the internet on a crapload of other fields, I don't see why we don't do it here. It would just lend itself to another level of confidentiality, integrity, and authentication.

Of course, reading further, seems like mdlbear already hit this nail. Ok, turning my geekdom off. :)

[weofodthignen]

OK chaps, you are beyond my ability to comprehend. If somebody makes it, I will likely try it. Trouble is, there is a metric fuckload of participation here on LJ--colossal inertia, new non-nerds like me still being drawn in each month. Any new service would not have that. And I'd miss it. Blogs on other sites may look cooler, but they are not going to get read by anywhere near the number of "I don't understand this internet thing" people, and I want to reach as many of the heathen ones in that sector as I can. For one thing, they are me as I was . . . 8 years ago? 7?

M

[incidentist.livejournal.com]

I've been thinking about this problem for a few days, but using a PGP-style infrastructure didn't occur to me. I think OpenID can take care of most of the issues -- you keep a list of OpenID URLs as your friends, and you've got an OpenID URL that auths you to read other folks' friendslocked blogs.

There's gonna be a WordPress BarCamp next month in San Francisco. I'm thinking of going and bringing up this idea.