© University of Kent - Contact | Feedback | Legal | FOI | Cookies
Abstract for Seminar
Over the past years, Social networks have grown exponentially, capturing media and political attention world wide. But they suffer from very deep systemic problems: centralization of information, data ownership, and security issues of various kinds. We will show in detail what these problems are and how they can be resolved by building a Social Web that is completely distributed, secure and with no central point of control -- all this using only well established web standards.
In Detail
On current Social Networks (Facebook, Orkut, LinkedIn,...) every user has a limited view of his social graph. The provider on the other hand has a complete view of the network, access to all data, and often keeps ownership of it too. In the case of Facebook the network is huge: it can see all the information of its 300 million members. The threat of being kicked off by the operator without recourse, and loosing all one's relationships in the process, should in itself be cause enough for thought. As a result, companies and individuals concerned about security cannot join such networks. They need something better. Even for those less concerned with security, problems arise. People who wish to link up with friends on different social networks need to convince them to join their network or they must join theirs. But they are then confronted with the problem of keeping their information up to date on each network, as well as recreating their network of friends as they move. As the number of Social networks grows, this problem becomes intractable.
Open Distributed Social Networks that allow one to link across networks do currently exist: using Semantic Web standards and vocabularies such as FOAF the Social Web has been growing. In this not insignificant network, every participant can control their data and relationships. But until recently the information in this network was completely public, limiting its interest to those willing to accept complete exposure.
To enable a Secure Social Web we discovered a simple trick permitted by the Secure Socket Layer (SSL) stack, that allows us to link an X509 certificate to a global identifier - which we call a WebId - and use this to create a global distributed authentication system - FOAF+SSL [1] - that is extremely flexible. Getting such a WebId is seamless for the user. With it the he can be authenticated in a couple of clicks without having to enter either a user name or a password. FOAF+SSL server side code can be written easily, and there are already Open Source implementations available in Perl, Python, PHP, Java, and more... With such a simple authentication service, it is then easy for web sites to decide which resources and how much of them to show each user, giving the data owner the privacy that people think they are enjoying on the current centralized social networks, whilst allowing them to connect to everyone else in the world.