[rdfweb-dev] FOAFnet and Authentication

Julian Bond julian_bond at voidstar.com
Sat Jul 31 08:40:44 UTC 2004

As a result of discussion on the FOAFnet mailing list I've done some 
work on remote authentication and FOAF retrieval. It's documented here


The basic problem is that FOAFnet has scenarios where we want to use 
FOAF as a transport mechanism between sites for account data. But some 
of the account data has privacy concerns and contains information that 
the sites can't or shouldn't expose as public FOAF. Typical examples 
include foaf:mbox, foaf:phone, vcard:Street, vcard:Pcode. We needed a 
way for the requesting site to get this data from the source site using 
an ID+Password for the source site but without exposing the ID+password 
to the requesting site.

The documentation includes details of a trial implementation that is now 
running at Ecademy. It's a pretty trivial API that uses two named CGI 
variables and a couple of http redirects.

Incidentally, I've recently changed Ecademy's FOAF generation. If you're 
logged in and request *your* FOAF, you get all the data. If you're not 
logged in or you request somebody else's FOAF you get privacy reduced 

Assuming this API gets some traction, then Danbri has suggested we could 
have a FOAF tag that points to API endpoints. I think this gets us into 
an area of RDF metadata about Identity Providers. I've wanted for some 
long time now for there to be some open source Identity Provider 
standards so that anyone and everyone could run their own Identity 
Provider Service. *If* this happened (a big IF), then metadata about end 
points would be a good thing. I can feel a ramble coming on ;-) "RDF 
about Trackback endpoints?". Enough already. ;-)

Julian Bond Email&MSM: julian.bond at voidstar.com
Webmaster:                 http://www.ecademy.com/
Personal WebLog:          http://www.voidstar.com/
M: +44 (0)77 5907 2173      T: +44 (0)192 0412 433

More information about the foaf-dev mailing list