Best Practices for the Open Social Web

The content of this page is being discussed on the mailing list of the W3C Federated Social Web Community Group. This currently is not an official document of the Community Group. Some sections are proposed by single members of the Community Group and there currently is not necessarily any consensus on the content.

As the word "best" indicates, this page is not about mentioning all possibilities but only those which are expected to significantly further the aims of the Open Social Web.

2013-05-13

ToDo

• Establish cooperation with Social Business Community Group (http://www.w3.org/community/socbizcg/)
• Collect Use Cases
• Answer the items on the page Aspects of a social network
• Use the list on http://indiewebcamp.com/building-blocks

Different Approaches

There are several approaches to create an Open Social Web:

• Indieweb - http://indiewebcamp.com/principles
• Protocols and specifications first
• Build a great product
• Polyglot http://useraddress.net:12380/

All of these approaches have their communities.

Intended Audience Of This Text

Geeks are not the main intended audience of the "finished" document.

• Privacy advocates - can engage with social software without handing over PII to ad-driven networks
• Free software enthusiasts - can use Free and Open Source software to connect with friends and family.
• Open Web enthusiasts - people who are concerned about walled gardens and captive networks can participate on the Web instead.

Why Federate?

The document should start with that, explain what the problem is, something along the lines of http://eschnou.com/entry/whats-next-google--dropping-smtp-support--62-24930.html - the platform vs. federation argument.

• Security
• Privacy

User Stories and Use Cases

The set of use cases is intended to do the following:

• motivate the need for an Open Social Web
• provide scenarios that explain the benefits of an Open Social Web

Public Administrations

A state government has many municipalities of different sizes. People working within these public administrations would like to use Social Media to communicate among each other and with citizens. How can that be done?

Company With Several Customers and Suppliers - B2B

A company wants to communicate and coordinate projects with a number of other companies (customers and suppliers) using Social Media. Some of the communication very likely will be confidential.

Families with young children

The Children's Online Privacy Protection Act (COPPA), a United States federal law, has high requirements for services to collect private information on children under 13. Most social networks don't bother and just ban kids under 13. Similar laws exist in other countries.

With children well under 5 able to do basic tasks with tablets and phones, there's an untapped market here. If Mom set up the network on her own server, she's perhaps not subject to the same COPPA rules as a commercial service. Family networks are naturally federated.

Protection Against Surveillance

Use Case probably does not require a long explanation.

General Guidelines

• Use Linked Open Data principles and standards
• Use web principles and standards
• Do not reinvent wheels
• Be aware of network effects: use established standards
• Provide feedback to the W3C Federated Social Web Community Group

Forces

There are forces acting in favor of the Open Social Web and other which act against it.

Favoring:

• Privacy
• More resistant to censorship
• Developers are not dependent on platform company

Against:

• Central Platforms are easier

Relevant Standards and Specifications

There are currently multiple (not one "best") federated protocols for social communication on the web. This Best Practices document will list the best ones.

This section likely will be removed in a later stage of development. The items can be dealt with in other sections of the document.

• HTTP
• RDF
  • RDFa
  • SIOC (http://www.sioc-project.org/)
• IRI (internationalised URI, http://www.ietf.org/rfc/rfc3987.txt)
• XMPP

Less Relevant Or Irrelevant Standards and Specifications

These standards and specifications perhaps had some significant relevance or potential in the past. But that is no longer the case.

• microformats
• Portable Contacts
• XFN (XHTML Friends Network, microformat)

Mobile Devices

What needs to be done to support the Open Social Web on mobile devices?

These documents might be helpful:

• Mobile Web Application Best Practices, W3C Recommendation 14 December 2010, http://www.w3.org/TR/mwabp/

• Extended Guidelines for Mobile Web Best Practices 1.0, W3C Working Group Note 20 October 2009, http://www.w3.org/TR/mwbp-guidelines/

• Mobile Web Best Practices 1.0, Basic Guidelines, W3C Recommendation 29 July 2008, http://www.w3.org/TR/mobile-bp/

Can XMPP be used? BoSH?

XEP-0286: XMPP on Mobile Devices, "Abstract: This document provides background information for XMPP implementors concerned with mobile devices operating in a cellular network such as 3G.", Author: Dave Cridland, http://xmpp.org/extensions/xep-0286.html (while that document is "deferred" it contains valuable information)

Feeds

Explain the three or four major proposals for dealing with updates, notifications and commenting. What technical support is available for threaded conversations (commenting on comments etc.) ?

• Activity Streams (http://activitystrea.ms/)
• Atom Syndication Format (http://www.ietf.org/rfc/rfc4287.txt)
• Atom Publishing Protocol (http://tools.ietf.org/html/rfc5023)

Push versus Pull

Polling is easy but has two disadvantages:

• updates are delayed
• unnecessary traffic

How can updates be pushed to subscribers?

• XMPP with Publish Subscribe extension (http://xmpp.org/extensions/xep-0060.html)
• PubSubHubbub (PuSH)

PushAPI

Push API, W3C Working Draft 18 October 2012, http://www.w3.org/TR/2012/WD-push-api-20121018/

There are "nine patents applications excluded by Nokia Corporation", in other words: Nokia claims that PushAPI can not be used without paying royalty fees to it: http://www.w3.org/2013/papag/

BoSH

Push can be implemented using BoSH (Bidirectional-streams Over Synchronous HTTP). Unfortunately BoSH is not without problems due to the use of HTTP long polling. See:

Known Issues and Best Practices for the Use of Long Polling and Streaming in Bidirectional HTTP http://tools.ietf.org/html/rfc6202

In practice these problems are severe.

For that reason an alternative protocol based on Websocket is being developed:

An XMPP Sub-protocol for WebSocket (XMPP over WebSocket) http://www.ietf.org/id/draft-moffitt-xmpp-over-websocket-03.txt

Identities and User Profiles

"identity" web linking should be explained - the multiple existing machine-readable ways to "be on the web" with static profile information (refrain from trying to identify one best one, just mention the three or four major schemes). The third-person identity (your public personal profile information, about you) is important, and login identity for SSO can be a subtopic of this.

• FOAF (http://www.foaf-project.org/ and http://xmlns.com/foaf/spec/)
• vCard Ontology, For describing People and Organisations, W3C First Public Working Draft 2 May 2013, http://www.w3.org/TR/vcard-rdf/
• Mozilla Persona (fka BrowserID, https://login.persona.org/)
• WebID (http://www.w3.org/wiki/WebID and https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/tls-respec.html)

5star approach

• 1 Star

   Have an identifier denoting a Person, such as an IRC nick -- you're on the web.

• 2. Star

   Have an identifier that is unique across domains, eg user@host or example.com/user/joe

• 3. Star

   Include a URI scheme such as mailto: xmpp: or http: so that discovery can be performed on that identifier.  
   eg you may wish to lookup a persons name, avatar. blog or public key.  

• 4 Star

   Have a standard API so that more information can be discovered.  e,g, HTTP GET for HTTP, smtp or webfinger 
   for email, xmpp discovery for xmpp.  Ability to reverse search is a plus too, so that people can look up 
   friends or login via their name / email address for example.

• 5 star

   Return data using web standards such as JSON-LD, RDF or RDFa in HTML.  Or something that is interoperable with 
   these standards.  Essentially this boils down to having 0 or more entities with key value pairs associated 
   with them, such that both the keys are machine understandable and the values are allowed to be links.  Also 
   it's a plus if the user can own their own profile such that they can perform CRUD operations.  ie that it 
   is both read and write

Linked Data and the Open Social Web

Explain the connection between these topics.

• JSON-LD (a specified subset of JSON, LD = Linked Data)

Audio and Video Communication

Audio and video communication have become a significant part of the Social Web and one of the main communication means for a large part of the population. Important protocolls currently include XMPP Jingle, SIP and WebRTC/rtcweb. Recently an effort was begun by the IETF to make SIP and XMPP interoperable:

SIP-TO-XMPP, https://datatracker.ietf.org/doc/charter-ietf-stox/

CUSAX: Combined Use of the Session Initiation Protocol (SIP) and the Extensible Messaging and Presence Protocol (XMPP), https://datatracker.ietf.org/doc/draft-ivov-xmpp-cusax/

Interworking between the Session Initiation Protocol (SIP) and the Extensible Messaging and Presence Protocol (XMPP): Media Sessions, https://datatracker.ietf.org/doc/draft-saintandre-sip-xmpp-media/

Privacy and Security

IETF Policy on Wiretapping, http://www.ietf.org/rfc/rfc2804.txt

Tor Project, https://www.torproject.org/

Spam

How to fight spammers in a distributed network? Some discussion took place on the XMPP operators mailing list which can be summarised.

Contributors

To be filled. There are many who already contributed on the mailing list.

Literature

• A Standards-based, Open and Privacy-aware Social Web, W3C Incubator Group Report 6th December 2010, http://www.w3.org/2005/Incubator/socialweb/XGR-socialweb-20101206/ (The report contains valuable material. But some of the information is not longer up-to-date. About half of the listed "Decentralized Social Networking Projects" are dead or almost dead while newer projects are not mentioned.)