The IndieWeb as a minimum viable social web ecosystem

July 9, 2013 | 1 comment

I wrote a post as a submission for the W3C’s upcoming Workshop on Social Standards: The Future of Business.

Although there have been significant advances in the field over the last five years, there remains a need to prove the business value of decentralized web technologies. To many of us involved in both the industry and the movement, this seems silly: after all, the business value of other decentralized technologies, like email and the phone system, are hardly questioned. Nonetheless, in a world where centralized data siloes regularly receive multi-billion-dollar valuations, the onus is on those of us who are building more open technologies to demonstrate their worth. Note, it is not enough to argue their worth: we must build, ship, and actively demonstrate a profitable product or service with a business model where the decentralized social web is an inextricable component.

I believe that these compelling business models exist, and that they are most easily discoverable in the enterprise. However, belief is not demonstration: we must continue to test and iterate them. During this exploration phase, this means that, our software and underlying protocols must be easy to write, adapt and change. Ease of development is more important than sophistication; we must not create our own technical lock-in before we even ship.

I posted the whole piece on, and it also made it to the front page of Hacker News. and idno

May 31, 2013 | 1 comment publishing screenI’m posting over at, a site I’ve set up based on my idno software.

I wrote a short technical introduction to the platform:

idno is a personal attempt at building a publishing platform that adheres to IndieWeb principles: own your own data, publish on your own site, use existing social websites for dissemination but not as an origin. I’ve also tried to use microformats where possible, allowing every page to contain lightweight semantic information, as well as making it skinnable, extensible, and social.

Right now I’m using it as a blog, but the intention is that it could power a whole community, or set of communities. It certainly has the back-end functionality and APIs to do so, and I’ll be writing more about those as time goes on. It’s not immediately obvious unless you’re logged in, but idno has a full plugin system, which allows anyone to write new content types, and syndicate to new sites. (For example, two existing non-core plugins push to Twitter and Facebook, depending on the Activity Streams object type of the content you’re posting.) Access permissions are also baked right into the data model, so you’ll be able to keep non-public content, and share it in a federated way.

I’m pretty excited about it – but I’m also just enjoying posting to it. It’s a breeze. I’ll be opening a community site based on the platform soon, so stay tuned – or take a peek at the GitHub repository.

HTTP signatures

May 6, 2013 | Leave a comment

It looks like I’m not the only person who likes the idea of signed HTTP requests as an authentication method.

Joyent and Digital Bazaar have co-written an Internet draft for cryptographically signed HTTP requests:

Several web service providers have invented their own schemes for signing HTTP requests, but to date, none have been placed in the public domain as a standard. This document serves that purpose. There are no techniques in this proposal that are novel beyond previous art, however, this aims to be a simple mechanism for signing these requests.

Signed HTTP requests are also a key feature of something I’ve been working on. It’s great to see the idea pick up momentum.

The Progressive (Profitable) Web

April 2, 2013 | 2 comments

Ryan Holiday laments the loss of Google Reader and RSS in general in Our Regressive Web, arguing that if someone came up with them today, we’d think they were brilliant ideas:

Nothing better has risen up to replace them. The underlying needs of a fairly large user base (that these services meet) still exist.

We’re just regressing.

[...] RSS is impervious to blogging’s worst, but most profitable traits. [...] No wonder nobody ever pushed for widespread adoption. Of course it died a slow death—along with Google Alerts and Delicious. Their mission is antithetical to the ethos of our new media age. Where noise, chatter and pushing—not pulling—rule the day.

Our Regressive Web by Ryan Holiday, on Medium

He’s right. Aggregated content – content on the reader’s terms – has a huge potential userbase, but it wasn’t profitable for either the bloggers or the aggregators, so it languished. Sure, you could tack some Google Ads onto the end of each post in a feed, but control over the form that the content is presented in is granted fully to the user. Where’s the opportunity to upsell? Where are the branding opportunities or the baked-in communities, carefully designed to maximize ongoing engagement?

The irony is that blogs have actually downgraded their on-page advertising over time. If you visit TechCrunch today, you’ll only see two ads above the fold. Check out io9, and you’ll see none at all. The redesigned ReadWrite has a few more: a giant banner above the fold, and then four small squares with another ad in the stream of content itself.

Wouldn’t it be nice if you could have your cake and eat it, too? Allow the user to consume content on his or her terms, while also allowing the content producer to make money?

Here’s an idea I’ve been working on in my own time. It’s a little technical, but bear with me:

  1. Add a simple social layer to the web. I still like the idea of the HTTP header I described in httpID. Your site may connect to my site with a mechanism like OpenID Connect and get an authentication token automatically. Think of it like a one-way friend request. Of course, I can then reciprocate by connecting to your site to create a two-way relationship.
  2. Add authentication to feeds. Each feed has just one URL. An aggregator may sign the request for a feed with an OAuth-like signature. (We’re sidestepping HTTP digest auth for obvious reasons.) The software producing the feed may choose to acknowledge the signature, or not; by default, you get all the public posts you’d normally get when accessing a feed.
  3. Manage connections and restrict access to content. I see everyone who’s connected to me from a control panel, and can reciprocate from there. More importantly, I can add any of my connections to access groups. So if I add you to a group and publish a piece of content so that it is only accessible by that group, when your site requests my feed using a signed request, you’ll see that content.
  4. Optionally: sell access to premium content. Once you can selectively broadcast content to a finite group of people, you can sell access to that group. (And of course, you can have more than one paid-access group.) For example, I’m a subscriber to NSFW, a paid publication with an online presence. They could push all their articles to me as a subscriber, while making a handful of taster articles available to everyone. You could even include a pointer to a subscription URL within that social handshake from part 1. If you decentralize the financial transactions (and why not?), you could even give a small cut to the platform owner.

All of the above is complementary to feed standards like RSS and Activity Streams, as well as to federated social web protocols and methodologies like OStatus. It’s super simple to both use and implement – but could add a layer of commerce to the content web, while also decreasing our dependence on large content silos whose interests are not in line with their customers.

Next Page »