DSNP: Distributed Social Networking Protocol, with implementation and test sites (opens in new tab)

(complang.org)

25 pointsthurston17y ago10 comments

10 comments

10 comments · 6 top-level

Raphael17y ago· 2 in thread

Finally someone steps up to bat for DiSo!

Although, I'm not seeing how this fits in with OpenID or OAuth.

I'm yet to look at it properly, but I'd call it a big mistake if this is not built on top of OpenID - to me that is the natural extension of the concept.

Imagine signing into a site with your OpenID and actions being sent back to your hosted DSNP profile Facebook Connect style.

thurstonOP17y ago

I'd like for DNSP implementations (which allow users to lay claim to a URI) to support OpenID in the sense that it is a provider of identities. It can't be a consumer though, since an OpenID identity cannot (necessarily) talk DSNP.

shib7117y ago· 1 in thread

I have some questions. The big draw for sites like Facebook is not just the core social network, it's also the tangental functionality that builds on that core. And this protocol aims to be a secure P2P implementation of the core.

Does that mean "applications" are exclusive to users of an identity server?

How would 3rd party applications fit in?

Some networks are starting to offer embeddable forum- or comment-like behaviour - can this protocol accomodate that?

Is it flexible enough to support other (yet to be invented) uses?

limmeau17y ago

At the core, there seems to be just a PKI for RSA keys in terms of "yes, X is a friend of mine" attestations, not unlike the PGP web of trust.

So I'm optimistic that your distributed singing sessions (e.g.) could use the DSNP infrastructure.

johnnybgoode17y ago· 1 in thread

Something like this will inevitably become popular at some point. No one should really want any closed site to dominate.

rincewind17y ago

For Hackers maybe, but most people do not even see the benefits in using Jabber over MSN or ICQ

beza1e117y ago

"The user must trust the server that is hosting their identity"

That's true with DSNP, but given current p2p technology it should be possible to create a social networking application without data on servers. Where is my Facebook-on-XMPP desktop application?

limmeau17y ago

I'm happy to see an approach to social networking that doesn't require uploading personal data about millions of people into one database.

However, the cryptography in the source code (encrypt.cpp) seems to be hand-made from RSA, SHA1 and RC4 primitives. While I haven't checked details like how they choose their RC4 IVs, I wouldn't trust mortals to get a crypto protocol with PKI right the first time.

wmf17y ago

This site has tarsnap disease: More talk about crypto than about what it actually does. :-)

j / k navigate · click thread line to collapse

10 comments

10 comments · 6 top-level

Raphael17y ago· 2 in thread

Finally someone steps up to bat for DiSo!

Although, I'm not seeing how this fits in with OpenID or OAuth.

kilps17y ago

I'm yet to look at it properly, but I'd call it a big mistake if this is not built on top of OpenID - to me that is the natural extension of the concept.

Imagine signing into a site with your OpenID and actions being sent back to your hosted DSNP profile Facebook Connect style.

thurstonOP17y ago

shib7117y ago· 1 in thread

Does that mean "applications" are exclusive to users of an identity server?

How would 3rd party applications fit in?

Some networks are starting to offer embeddable forum- or comment-like behaviour - can this protocol accomodate that?

Is it flexible enough to support other (yet to be invented) uses?

limmeau17y ago

At the core, there seems to be just a PKI for RSA keys in terms of "yes, X is a friend of mine" attestations, not unlike the PGP web of trust.

So I'm optimistic that your distributed singing sessions (e.g.) could use the DSNP infrastructure.

johnnybgoode17y ago· 1 in thread

Something like this will inevitably become popular at some point. No one should really want any closed site to dominate.

rincewind17y ago

For Hackers maybe, but most people do not even see the benefits in using Jabber over MSN or ICQ

beza1e117y ago

"The user must trust the server that is hosting their identity"

That's true with DSNP, but given current p2p technology it should be possible to create a social networking application without data on servers. Where is my Facebook-on-XMPP desktop application?

limmeau17y ago

I'm happy to see an approach to social networking that doesn't require uploading personal data about millions of people into one database.

wmf17y ago

This site has tarsnap disease: More talk about crypto than about what it actually does. :-)

j / k navigate · click thread line to collapse