A common access control of social media is “friends of a friend”. That means that the content I am posting can be access by all my friends and all of their friends, but not anyone else.
Now, let’s assume we have a social media platform that is wholly Solid - then the page with the content I am loading in my browser grabs the post from the Solid of of the author. Let’s call that Pod A from User Z. Z has 60 friends, and I am a friend of number 54.
So, when I try to access the content, my application goes to Pod A and tells the pod that I am X and hands over my webID. Pod A immediately sees that I am not a friend of Z, so normally I wouldn’t see the content.
But Friend of friend is set, so…
…the pod goes to each pod of the 60 friends of Z and asks if they know me?
Or does the Pod periodically updates the friends of a friend list and keeps that data cached?
Neither way sounds very privacy-friendly nor efficient to me. Is friend-of-a-friend as access control option not really viable on Solid, or am I just missing something?
No, you’re not missing something! Indeed, we can’t do it now, but there has been talk (and some implementation) around query-based enumeration of agents. My life evolves around ad hoc and changing groups like “the girls aged 8-12 and their parents of the ski club.”
My own thinking around that is that we could extend the acl:agentClass to hook into a query or reasoning system that would figure out class membership. Your FOAFs would certainly be amongst the most interesting classes to have.
What if your FOAF (friend of a friend) query had a built in back trail? In your example, when your app goes to pod A the request could carry not only your Id, but the information that you are a friend of #54, who is a friend of Z. Z’s pod just needs to confirm this with #54’s pod, and you’re in. Kind of like source routing.
Sorry if this is naive suggestion; I’m still trying to get my head around how pods communicate.
that assumes that my client knows that the common friend between me and Z is #54. It probably doesn’t though, so it’d probably have to send my whole friends list over to pod A - which again, doesn’t sound too good for privacy either (Imagine a malicious pod that uses this to map out friend networks.)
that is certainly a way to catch a good chunk of the traffic on that link, but there’ll also be a number of people who will try to access it without that source information.
For the github-impaired, could you give us a 1-2 line dummies guide to adding the user story to the repo? I’m used to using GIT for massive code bases.
Here’s the story: “As a social network user viewing an interesting comment on a friends page, I would like to visit the page of the “Friend of a Friend” who made the comment.”
@Stitch626 To add a user story, go to the top of the page for the user stories in the link @kjetilk provided, click the word “issues”, then submit a new issue with your story. Hmm, there are two links at the top of github pages labeled “issues”, I mean the second one, under the title “solid/user stories”.
(Imagine a malicious pod that uses this to map out friend networks.)