Decentralized social networking using web intents

Connect with meI believe that web intents are the last missing piece for decentralized social networking. (Previously I’ve talked about creating a social web architecture using Activity Streams and OAuth; this builds on that idea.)

Picture this chain of events:

  1. I visit your website, and see that you have a “connect to me” button[1].
  2. I click the button, launching the “social-connect” web intent.
  3. If I have web intents, my browser “logs me in” to your website via OpenID, silently passing the URL of my identity site[2]. I never have to manually log in with a URL, which has been the main criticism of OpenID. (If I prefer, I can have my browser log in via Facebook, Twitter, Microsoft Live ID, etc etc.)
  4. If I don’t have web intents, your website falls back to prompting me to connect using any of its supported schemes.
  5. In the handshaking process, your site assigns my identity a unique token, or a unique token is obtained from my identity (depending on authentication scheme). Either way, you end up with an internal token that represents my identity, which both your website and my identity site know.
  6. My identity site determines the locations of your Activity Streams, RSS feeds, etc, in the usual ways.
  7. You receive a notification that I’ve connected with you, and can now place me in an access group via a visual interface. Think Livejournal’s friends lists, Elgg’s friends collections, or Google+’s circles. When you post new content, to your site, you can restrict it to any combination of those groups.
  8. My identity site periodically makes requests to your website for new content, signing it with my token.
  9. I read new content and activity from a central reader panel attached to my identity site.

Of course, technologies like Portable Contacts, OAuth and even FOAF can have a place here: this simply provides a loose connection mechanism for nodes. I also feel like the “social-connect” intent could trigger an OStatus subscribe action, although I’d like to see signed requests so that access permissions can be enabled.

Needless to say, web intents can help a great deal for other parts of the process, for example clicking on “share” or “comment” on a piece of content. I also think Creative Commons licenses have a part to play here when it comes to sharing and resharing content across the decentralized social web, but that’s a story for another day.

The connect to me button should be distinctive. You should see it and automatically know that you can connect socially with this website. I’m thinking something obvious and instantly recognizable, akin to the RSS icons, or the star that now ubiquitously means “bookmark this”. I’ve illustrated this post with a quick Sharpie prototype, but it’s not really meant to be a recommendation. (Nonetheless, I’ve shared it under a Creative Commons license.)

Your identity site could be self hosted, or it could be a Google Profile, a site, or any commercial profile. Needless to say, everyone can have more than one identity site, and there’s no reason why your identity platform couldn’t support pseudonyms, alter egos and access-restricted profiles.

Leave a Reply

Your email address will not be published. Required fields are marked *