This is now on the FOAFnet wiki.

If the proposal for remote authentication for FOAF collection works then we could add some auto-discovery to it.

How about this in the home page html:-
<link rel="meta" type="text/html" title="FOAFnet" href="url_for_foafnet_api" />
Then the user on target.com just needs to say "You can get my FOAF from source.com". The application would retrieve the source.com home page, get the url_for_foafnet_api, construct a url like
url_for_foafnet_api?return=my_url and redirect the user to it.

DanBri has also suggested we look at creating some foaf tags for this so that aggregators could collect together lists of participating sites. I don't think this would be used on the fly to discover the API URL but I can see benefit in publishing the locations in machine readable form.

This would mean inserting some triples in people's FOAF that said "This is some cut down FOAF. Full FOAF can be obtained with my permission by using the FOAFnet API that is located here."

Following on the previous posts, I've now got an implementation at Ecademy.

The API URL is http://www.ecademy.com/module.php?mod=foafnet

This is what the user will need to paste in or choose from a drop down. It takes one extra parameter;
"return". This is the URL where you want the user to come back to. Don't forget to urlencode this.

So the requesting application needs to redirect to http://www.ecademy.com/module.php?mod=foafnet&return=return_url
for example:-
http://www.ecademy.com/module.php?mod=foafnet&return=http://www.voidstar.com

The URL above takes the user to a login form. If they're already logged in to Ecademy they just get an Approve button. On hitting the Approve button or supplying a valid ID+Password they are redirected back to my_url with "foaf=url_to_get_your_foaf_from_Ecademy" appended on the end.

The foaf variable is the one time URL to collect the FOAF. It's escaped so you'll need to urldecode it before using. It's typically something like http://ecademy.com/module.php?module.php&mod=foafnet&op=foaf&hash=a_hash

a_hash is the first 16 chars of an MD5. The URL will work for 5 minutes and will have checks for validity and that the domain requesting the foaf is the same one that was in my_url. The hash will only work one time. For the moment all but the 5 minute check are commented out. If any of the checks fail you'll get an empty http page. This could be something like a 404.

The FOAF returned includes all the contact and private info I have. So including all the stuff I normally keep out of the public FOAF like mbox, street address, post/zipcode and so on.

The receiving application at my_url needs to pick up the FOAF URL from the foaf CGI variable, use curl or something like it to collect the foaf, parse it and then do something useful with it before displaying some UI.

Assuming you've got an Ecademy account, you can test all this in a browser with a bit of cut and paste.

Behind the scenes at Ecademy, I've got a table of valid hashes. This has the requesting domain, a timestamp, the Ecademy ID# of the user providing the approval and the hash. When the FOAF is requested, the hash is looked up in the table, the timestamp and domain checked, the hash regenerated and compared. If everything checks out the FOAF is returned and the record deleted.

This is all very similar to work done by myUID for remote authentication. I'm going to work on seeing if I can extend it to provide an open implementation of single sign on. Something I've been wanting to do for a year now.

Incidentally, a couple of days ago, I changed the Ecademy FOAF so that if you're logged in, and you request your FOAF, it bypasses the privacy controls and gives you a FOAF file with all your contact data in it. The implementation above gives you a way of telling a third party to get the same FOAF without giving them your Ecademy ID and Password.

The underlying problem here is to create a mechanism where Alice can tell target.com to get her authenticated and approved FOAF from source.com without giving her source.com ID+Password to target.com.

0)User is on target.com and chooses a link to "create account using FOAFnet"

1) User chooses source.com from a drop down, or copies in a URL. The URL might be:- http://source.com/login.php

2) target.com redirects to the source.com login page with a parameter which is the URL to return to at target.com. eg http://source.com/login.php?return=http://target.com/accountcreate.php (suitably escaped)

3) source.com displays a login page. User logs in.

4) If successful, user is redirected back to target.com with a URL to collect the FOAF as a parameter. This URL stays valid for (say) 5 minutes. eg
http://target.com/accountcreate.php?foaf=http://source.com/foaf.php?hash=e42b34b637b3c06d872e5

5) target.com collects the FOAF from the URL

6) source.com verifies that the hash is valid and hasn't timed out. It might also check that the domain requesting it is the same as the redirect URL when it was created. If it all checks out it deletes the record so the hash can't be used again.

7) source.com returns the FOAF

8) target.com processes the FOAF, creates the record and thanks the user.

As far as the user is concerned all they had to do was identify source.com (via drop down choice or URL) and then sign in.

If some federation is required, then source.com can check the referer field at step 3 and 6 that target.com is known to it. There's probably some MD5 trickery and additional timestamp parameters to avoid having to store the hash. But I'd take the stupid route and just store it on the users record along with the timestamp.

So all we've used here is a http redirects and GET calls. We've got two named parameters in "return" and "foaf". And we've got a simple process. This shouldn't be hard to implement in any web aware language.

Here's a post from the FOAFnet mailing list. I'm going to copy a collection of the critical ones here.

FOAFnet Aims:
We want to get to the point where Alice can create a new account at target.com using the account information at source.com and using FOAF as the transport mechanism. In addition, target.com should populate the friends list with people Alice knows at source.com who are already members.

Export:
No site is going to export contact information for Alice without Alice's approval. Publicly accessible FOAF for Alice should not include contact info because Alice doesn't get the chance to approve the export.

Equally, even if Alice gives approval, Alice's friend Bob hasn't, so we should never put Bob's contact info into Alice's FOAF. But we can put in mbox_sha1sum or other IFPs like homepage URL so that existing members can be matched.

We don't have a mechanism for an application at target.com to pass Alice's approval to source.com. So for testing, Alice will have to use a browser to save the source.com FOAF file locally. That way we can use existing login processes to authenticate. But then Alice will have to manually upload the FOAF to target.com either by a file browse control or by pasting it into a textarea. This is not a long term solution. But it will let us do a proof of concept and write all the import routines.

Import:
We still have to write the first import routine. Even using the stone age manual methods described. We've now got some Java and PHP routines that can help.

Federation:
In a final system, we can imagine groups of large sites that agree to import from each other. The numbers are likely to be relatively small so a drop down list could be provided to the user. The user will still have to provide some ID (like an ID#, nick or email address) and some authentication like a password.

We'll need some backend admin to define for each participating site how to collect the FOAF and how to pass the ID and password.

We can also imagine large numbers of smaller sites that would like to participate and any one target cannot maintain a list of all of them. So if the target will accept any of them, we'll have to provide a URL text field, the API to use, as well as the ID+Password. It may be possible to combine these into fewer fields the way Drupal has done with their external login. Even if the sites are distributed they may use some standard or be based on the same software. So we might be able to solve this generically for any Drupal, Typepad, Movable type, Wordpress, Jabber, LDAP site and so on.

Authentication:
Anywhere ID+Password is used there's a potential security risk. So ideally the source.com credentials should never be given to target.com but should use a single signon and temporary key method. The use cases for this and programming patterns have been well documented by the Liberty group.

This whole authentication area is not really part of FOAFnet but it's unavoidable because we're talking about information that users rightly consider private.

Unfortunately there's no big market leader here with a protocol that has usable implementations on all likely platforms. We have to count out Passport and Liberty mainly due to platform issues. So this is an opportunity for a new player to appear whether commercial/proprietary or free/open source.

FOAFnet Road Map:
So. Hit the Road, Map.
1) Build FOAF Export using existing authentication
1a) Get existing FOAF export up to scratch
2) Build FOAF Import from saved files
3) Solve remote authentication
4) Build UI to let the user choose a source.com for their FOAF and get the FOAF at run time

A few days ago we were talking on IRC about how much RDF and XML there was on the web. We stuck a finger in the air and got 15 Million FOAF and RSS files of structured, machine readable data right now. And its growing at the same rate as the number of Weblogs with spikes as each new major provider joins in.

This prompted a question to which we didn't really have an answer. "What should Google do with RDF/XML/RSS/Atom it finds"?

Then today along comes this mind boggling essay that looks at one possible scenario. August 2009: How Google beat Amazon and Ebay to the Semantic Web

Truly, a mind bomb.

BTW. It's now 2 years since Google introduced their SOAP API. It still doesn't support anything except basic search. There's still no RSS/Atom feed from search, News search, Images, Froogle etc. [from: JB Ecademy]

Download here.

Includes support for Skype-Out to the public phone system. [from: JB Ecademy]

You asked for it. you got it. (You see, I do read the wishlist)

In member search, either full text or on the advanced page, you can now specify "My Network only"

Let me know if you see anything odd (on Ecademy, not in your life, well actually that too). [from: JB Ecademy]

I've been experimenting with techniques to allow people to embed a little bit of Ecademy into their websites. The example below is a first attempt at this. I'd be interested in hearing from people who use it as well as anyone who has any ideas for other things you'd like to see. For instance, a couple of possibilities are a list of the Blog or Club forum titles.

You should probably check out the page on linking to Ecademy as well.

If you want to do this, you'll need some minimal HTML skills and be able to include some HTML in the template or design of your site.

<b>Text</b>
It's the most recently online, N thumbnail photos from your network.

<b>HTML Fragment</b>
<script type="text/javascript">
<!--
ecad_id = '1';
ecad_number = '3';
ecad_new = '1';
ecad_sep = '';
//--></script>
<script type="text/javascript" src="http://www.ecademy.com/ecadnet.js"></script>

Script Notes
- The only required parameter is the ecad_id which is your ecademy #number
- ecad_number. Number of thumbnails to show. Defaults to 5
- ecad_new. Anything except 0 forces a new window for the links. Defaults to off
- ecad_sep. This is appended to each thumbnail+name. Defaults to


Complex example
Displays a horizontal row with the profile glyph at the top

<table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr><td align="center" colspan="4">
<a href="http://www.ecademy.com/account.php?id=123&xref=123" title="View my profile" target="new"><img src="http://www.ecademy.com/images/logos/ecad_80_15a.gif" width="80" height="15" border="0" alt="Ecademy profile"></a>
</td></tr>
<tr><td>
<script type="text/javascript">
<!--
ecad_id = '123';
ecad_number = '3';
ecad_new = '1';
ecad_sep = '</td><td valign="bottom">';
//--></script>
<script type="text/javascript" src="http://www.ecademy.com/ecadnet.js">
</script>
</td></tr></table>

Minimal Example
Displays 5 photos vertically

<script type="text/javascript">
<!--
ecad_id = '123';
//--></script>
<script type="text/javascript" src="http://www.ecademy.com/ecadnet.js"></script>

Example
http://www.voidstar.com
[from: JB Ecademy]

Let's see how many people we can get in.

http://www.ecademy.com/chat.php
or
irc://irc.freenode.net/ecademy


[from: JB Ecademy]

Some of you have been trying http://wap.ecademy.com on your phones and having problems logging in successfully. I think I may have solved this, so please try again.

The problem is that some phones and WAP gateways don't support cookies. And I was using cookies exclusively to maintain the session. I've now switched it so that it uses a URL parameter if cookies aren't supported.

If you don't know about Ecademy on WAP, the details are here. Basically, it's a small subset of Ecademy function available on mobile phones.
[from: JB Ecademy]

If you use a Windows PC, It's Windows Update time again.

One of the patches is for a security hole that looks likely to be exploited in the next 5-10 days, so get patching.

And if you haven't already done it, I'd highly recommend setting Auto-Update so that the updates happen without you haveing to think about it. Right click on "My Computer", Properties, Automatic Update tab. [from: JB Ecademy]

Danny O'Brien's Oblomovka has a table taken from some IBM analysis of disk storage sizes and costs.

This statement was made in 1994

With IBM’s projected rate of increase in areal bit density, of 60 percent per year, for a given price and a given year, one could purchase 1.6 times as much storage capacity the following year. This corresponded to a constant decrease in the price of magnetic storage of 37.5 percent per year.

The good news is that we're right on track. Here's the base figures for simple disk storage (no RAID or redundancy) in US Dollars for 1 Terabyte (1000 Gigabytes)

1992 1,000,000.00
1993 550,000.00
1994 302,500.00
1995 166,375.00
1996 91,506.25
1997 50,328.44
1998 27,680.64
1999 15,224.35
2000 8,373.39
2001 4,605.37
2002 2,532.95
2003 1,393.12
2004 766.22
2005 421.42
2006 231.78
2007 127.48
2008 70.11
2009 38.56
2010 21.21

And it looks like 1Tb of disk will indeed drop below $500 at retail prices by the end of the year.

Now since we'll have no trouble filling all this capacity, it looks to me like "Search" is going to be a dominant technology for the next few years.

I'm also stunned by the reductions in physical size. I saw the disk drive out of a Muvo/mini iPod yesterday. It's about 2.5cm sq and about 5mm thick for 1.5Gb. We're already seeing these in cameras and starting to appear in PDAs. How long before we see them in phones?

[from: JB Ecademy]

I just came across blogthing. It's a free blog system based on Wordpress and funded by Google Ads. Wordpress is highly recommended. [from: JB Ecademy]

Imagine a block in the margin of Joi Ito's weblog. Last update 9:23am. Location: Geneva Airport. Listening: Monkey Radio. Last seen in IRC: Channel #joiito 1m43s ago. Phone: On a call. Last Meeting: Davros. Next meeting: Supernova. Mood:Inspired

What I want is a generic dashboard app that plugs into a weblog margin and does as much as possible of this stuff automatically.

We're all becoming more and more mobile. We're working from laptops, PDAs and advanced mobile phones no matter where we happen to be. We end up borrowing computer time and internet access when we can't get it directly. ("Can I just check my email?").

Next, we're increasingly comfortable with Instant Messaging systems like Skype and Messenger that say that we're "online", or "busy" or "away".

So wouldn't it be neat if these same presence systems could work out and show where we were as well as that we're online. And it would be more neat if this information was available to applications running on our own machines and not just a website or network operator.

Here's some techniques that might be useful.
- GPS. GPS for laptops and PDAs is still a little expensive and it's not built in automatically the way that LAN and Wifi often is. SImilaly it's not yet built in to mobile phones due to size, space, battery life and cost considerations.

- Mobile phone location. The location of Mobile phones is more or less known based on the cell they're connected to and triangulation with multiple cells inrange. It's extremely hard to come up with a generic solution to this. And the network operators hoard this information. Each one has it's own data which makes it hard for a 3rd party to get access to it as you have to do deals with each one separately.

- WiFi. A couple of companies are attempting to build a database of the MAC address of every WiFi access point worldwide with their deployed location. This feels like a boil the ocean solution but might end up being a sort of poor man's GPS.

- IP. If you're internet connected, the IP address can give a rough guide to where you're located. But it's pretty rough and often wildly wrong.

- Human. As a last resort, you could get the human operator to tell you where they are. Except that describing your exact location is pretty hard. Do you know your latitude/longitude position right now? How about the exact Postcode/Zipcode? What about when you're at Cafe Grand Prix? Or in a train somewhere between London and Edinburgh? The most useful answer to that last question is actually "In a train somewhere between London and Edinburgh" and not a geographic answer.

FInally. The moment we open up the idea of including geographic information in presence, other things come to mind as well that could be added. Starting with the old favourite "What I'm listening to". [from: JB Ecademy]

I've got a need for a venue in central London for a gathering of geeks. Can any recommend somewhere?

- 30-40 people
- Reasonably priced food. ie not stupidly expensive
- Sit down or stand up. It doesn't have to be a proper restaurant but it should be real food and not just canape. Some of the people will want to sit and talk
- There's no money for room hire!
- Quiet enough that people can actually talk to each other without spending all evening shouting

I suspect that the last requirement is actually the hardest. [from: JB Ecademy]

The list of blogs on the main site's home page and the list of blog titles now includes entries posted on the other Trusted Networks. This should encourage flow to the other sites. It should also cut down on the number of times that people feel the need to post the same blog on several TNs (please don't do this!).

So when you post a blog, think for a moment if it would be more appropriate on one of the TNs. You'll still get the exposure of appearing on the main site.

The corresponding area on the home page on the TNs and the list of blog titles on the TNs are unchanged.

BTW. I've also fixed the long standing bug that when you were replying to a comment, your photo was on the view of that comment not the author's. [from: JB Ecademy]

Julian Bond wrote:
>I've just uploaded the first cut of a php FOAF parser for use in
>applications that need to read FOAF without needing to understand RDF.
>http://www.voidstar.com/foafPerson/

Some changes (and some bug fixing)

1) I've added an array of ifps (inverse functional properties) to each Person. These can be used as keys to identify a Person also referenced elsewhere. mbox is converted to mbox_sha1sum and duplicates are stripped.

2) I've added a single entry "name" to the person array. This uses a heuristic to try and come up with a human readable name for the Person. roughly (in pseudocode).

foaf:name

 else 

foaf:givenname

 else if foaf:surname

foaf:firstName foaf_surname

 else if foaf:family_name

foaf:firstName foaf_family_name

 else

foaf:firstName

 else

foaf:nick

There are times when it's useful to have a value like this without having to run through the whole heuristic in App code.

3) I managed to find an RDF file that had some FOAF in it but it was impossible to work out which was the primaryPerson. The Error handling now deals with this.

4) There are at least two namespace URIs in use for Eric's relationship schema. The code now handles the most recent. http://purl.org/vocab/relationship/ If you're still using the old one, please update your foaf (Marc!). There's a generic RDF problem here to do with namespace versioning.

I've started another attempt (4th!) to write a general aggregator/scutter/smusher using all this. So far it's going better than last time. I do feel like I'm finally getting to grips with FOAF. Most of it is data driven so it's easy to add new namespaces and tags. And there's relatively few special cases to deal with.

The Times Online - T2 has a fun couple of articles on what makes women and men happy. This can be summed up as:-

Men: "Bring beer. Come naked"
Women: "If women are allowed to follow their instincts, they'll be happy. For half an hour."

Most of the stories are based on viewing humans as fundamentally mammals and only really explores this sort of darwinian, biological, mammalian analysis. It can indeed be useful to understand that most of us spend a large amount of time allowing the lizard brain and mammal brain to control us. But it ignores what makes us different from other animals.

We have a human brain that thinks. It's our blessing and our curse.

And I happen to believe that the thinking human brain transcends gender differences. So can we think ourselves into being happy even when our mammal and lizard selves are trying to stop us? [from: JB Ecademy]