|
|
DSNP: Distributed Social Networking Protocol
building private, decentralized and scalable social networks
We don't all use the same email provider.
Why do we all use the same social networking provider?
** Jan 31, 2010 **
There have been some recent developments that remove my perceived need to
continue working on DSNP. OAuth and OpenID are moving towards the use of SSL.
This is quite good news to me and I am looking forward to seeing the great
software and practical use cases that will come out of these developments.
Ars Technica article on OAuth WRAP
Chris Messina on OpenID Connect
I do not intend to continue developing DSNP.
What is DSNP?
DSNP is a protocol for distributed social networking. The goal is to allow
you to host your identity in a place of your choosing, maintain ultimate control over
your personal information, and interact with your friends and family in a
secure manner.
The Vision
- Create an Identity -- Start by creating an identity for
yourself. You choose what name you use, where you host it, and what content you
make public. Everyone is free to host their own identity on their own
server.
- Find People You Know -- Find others that are using DSNP
and request a connection to them.
- Share -- Upload content to your identity and your friends will
learn about your activity. The internet-at-large is left out of
the loop.
- Explore -- You can browse your friend's pages automatically once
you have logged into your own page with your own password. Your friends don't
need to give you yet another password in order to let you in to see their
content.
- Organize your Connections -- Declare your connections as
relevant only in certain networks. For example, coworkers go into the 'Work'
network, friends into 'Social' and family into 'Family'. Information does not
leak across network boundaries and connections can go into more than one
network.
Security
DSNP leverages RSA public key
cryptography for identity, the sharing of secrets and the declaration of
relationships. It can be likened to PGP for web-based identities, though it
does not use PGP.
- Each identity gets a public/private key pair. The public portion of the key
is made available over SSL to be fetched by anyone. This guarantees that when
someone gets your public key, they have your key and no one else's.
- When you pass information to your friends it is encrypted using their
public key. This guarantees to you that the information can be viewed only by
them. In RSA public key cryptography, information encrypted with a public key
can only be decrypted with the corresponding private key.
- When you pass information to your friends it is also digitally signed with
your private key. Your friends can then use your public key to verify that you
wrote the message, uploaded the photo, commented on someone else's post, etc.
Digital signatures are also a feature provided by RSA public key
cryptography.
- When you become connected to someone you give them a digitally signed
message that says so. They can then use this digital signature to prove to
common connections that you are indeed friends. False connections can be
claimed easily, but they can also be discredited easily.
- Your network of friends is leveraged for the distribution of messages. Each
of your friends forwards the messages they receive to a few of your other
friends. This rapidly improves the speed at which your messages get to all your
friends.
The Protocol
DSNP is a communication protocol between servers hosting identities. It is
still evolving. See this
document for an incomplete and somewhat out-dated description of the
protocol.
There is an implementation, but there are no releases yet, only a subversion
repository where ongoing work happens.
http://svn.complang.org/dsnpd/trunk/
Mailing List
There is a mailing list for anything related to the project. Please discuss!
dsnp-interest
Issue Tracker
There is an issue tracker here.
Author
Adrian Thurston is
responsible for this.
first appeared: Dec 8, 2007
last changed: Jan 31, 2010
|
|