A strategic direction for simple open decentralized security suitable for blogs, wikis, and other coolborative syetms on the Web.
A very common problem on the web is currently (in 2007 but for several years already) the intrusion of spammers into the blogosphere an wikisphere Often one wants to allow input from more or less any well-meaning human, but an open write acecss is exploited by spammers to force advertizing materials into the system. The need is for a very simple security system, which is decentralized in its architecture.
An acecss control often is divided into two parts, the authentication of a given agent, then the testing whether the agent has the appropriate access. (*This architecture has many advantages, as the two problems are typically managed by different social systems. However, in fact the autentication system never binds to an abstract person or role with complete certainty. In fact, authorization should often depend on the form of authentication as well as the identity of the person, and in fact, it is a mistake to imagine that the authentication has been made to a person rather than theior passsportm credit card, certificate, or web page.
OpenId is a system which is becoming increasingly used as a lightweight decentralized authentication system. This is a protocol for authenticating that the supplicant is an agent which has write access to a given page such, as a blog. This removes a certain amount of anonimity which is sufficient for single-signon use of multile blog sites.
There is no real identify established than that association. However, that is enough fro many things.OpenID by itself, though, is not enough to prevent spam on an open bog. Any spammer can set themselves up with a website and an openid identity. In fact, a spammer can generate random OpenIDs on demand at great frequency. So we need for a practical application some infroation to acertain that by some approprtaie standards the agent is indeed a person to be allowed access.
Many typical social web sites, of course, allow the creation of groups, and allow access to certain resources to be granted only to members of those groups. However, in many cases we need to allow a much wider, and open, set of people. Those who know me, to five degrees of separation. Those ho have piblished a paper in a journal. Those who are students of a person who has published a paper. And so on. These relaships are, increasingly, available on the semantic web. The FOAF system is a common interoperable vocabulary for social networks, and allows chains of acquaintences to be expressed, and linked bwteen individual's profiles and prfiles provided by sites such as Avagato, LiveJournal and myOpera. Databases of publciations such as DBLP exist. More data, at the fingertips of those who organize conferences and courses could also be brought into use. All these relationships can be published in RDF using various appropriate ontologies. It is very important that whatever system is put in place is sufficiently flexible to be able to adapt any new scoial constraints which are relevant. The technical architecture must always be flexible enough to model and support the needs of society. This means that opening the system to the full generality of RDF. However, it is also reasonable to start with something speific to see how this works. FOAF is a very reasonable starting place. The network of acquaintences to a certain extent will cover for other relations, as one is liable to be aquainted with, by one or a few links, with someone one has been to conference with, or published a journal with.PAW. Henry's blog. @@ FOAF. OpenID. DBLP.