Social services and user rights
What we are seeing today is a massive increase in the number of new services. Every day something new appears. What can be said about the users on whom all these services are designed? They are confused, bewildered by this endless stream of sentences. They are presented to me as unfortunate citizens who are unaware of their rights, mired in the whirlpool of a bustling market. Do users of this “wild” social web have any rights? Members of the Open Social Web group are convinced that each user has the right to own personal data, the right to control over whom this data can be shared and the right to provide permanent access to this data for certain external sites. But how can this help our annoyed users? You see, in order to fully test any new service, you need to register in it, fill in all your personal data, form your circle of friends, be active and gain credibility. Here it is - the problem. You will need a lot of time and effort to find out if you really need this service. Time and effort already spent on some other service. But if the developers of the new service agree with the ideas of the Open Social Web, then it will be enough just to delegate access to your personal data and your activity. You will enter the new service full of its own importance, with all the accumulated authority, with your friends on social networks and so on. Moreover, the new service imports the structure of your preferences and will show you in the foreground what you would like to see and in the form in which you like it. Sounds like a fantasy. But theoretically it is achievable. How?
An international group of experts well known in the social web, referred to as Data Portability, recommends using certain existing technologies to achieve the mission described above. So what kind of technology and how to use them in their own projects?
')
Let's start with user identification. The easiest standard in this regard is MicroID . It uses a couple of email + url to identify the user. Here is its formula:
To confirm that the user actually owns the page indicated by him, it is enough to indicate the following in its HEAD section:
Despite the apparent simplicity of the standard, such projects as Digg , Plaxa , ClaimID , Last.fm , Ma.gnolia , Wikitravel , and Yedda have already supported it .
Personally, it seemed to me interesting that MicroID can be used not only to confirm the authenticity of the user during feedback, but also, say, to confirm his reputation on a third-party service:
The second standard for user identification, I believe you are familiar with, is OpenID. I have previously considered this standard on Habrahabr in relation to the identification of the user on his own project (OpenID consumer). However, since we are already talking about user rights, it would be fair to provide users of your service with a kind of “virtual passport” , which they could present on third-party projects. To do this, you will need to distribute to users the address of personal pages on the service in subdomains like http://sheiko.pozzzy.ru . For those who haven’t happened to do this, I recommend using the Apache ServerAlias ​​parameter in the VirtualHost section (if you are using this server) in the ServerAlias ​​style * .pozzzy.ru. After this, all that remains is to sort out the contents of the $ _SERVER ["HTTP_HOST"] variable in the PHP startup script. In order to make your OpenID provider you need the appropriate software. In general, you can use the library from OpenID Enabled (there are PHP, Python, Ruby versions). However, I was subdued by the simplicity of the tiny PHPMyID framework.
There is also a tiny standard Pavatar that allows you to link an image of 80x80px. (avatar) with the user. PNG, JPG and GIF formats are allowed. Just add the code on the user page:
By the way, pavatar and MicroID can be provided with other information from the user profile by the OpenID provider.
User information can also be specified using the hCard microformat.
OK. We figured out how to identify the user and give him the opportunity to delegate the right to read his profile data. But how can you get information about his friends in various social networks? At a minimum, this would allow us to show the user which of his friends is represented on our service.
The famous Brad Fitzpatrick ( Brad Fitzpatrick ), the founder of LiveJournal, the author of the OpenID standard, has recently been actively promoting the concept of Social Graph and the Google API to it. The idea is that Google indexes information about user connections in social networks if they, these links, are presented in predefined formats ( XFN and FOAF ). The API allows you to get this information in a convenient way. By the way, if you suddenly do not have enough Google, use Plaxo Open Social Graph .Te. when the user logged into our service, we can poll Social Graph about his friends in other services. Further, it remains only to compare their identifiers in the user base of our service and inform the user about his friends on the project. Since getting data from Social Graph is quite simple (an answer is offered for your request in the form of text, JSON, XML), it makes sense to stop on how to format the data for further indexation into a graph.
First of all, you should change the code of links on the pages of users within the service in accordance with the XFN microformat.
You can use <a rel= animalme ..> .. </a> for additional links related to the owner of the open page and <a rel= "-friendfriend ..> .. </a> for links to pages of his friends . If the details of the user's relationship with his friends are available on your server, this can be reflected, for example, as <a rel= </ i>.
As for the FOAF (The Friend of a Friend) standard, it allows to describe the user and his connections in a more structured form, in RDF. You should specify in the code page of the user a link to his RDF-document:
The RDF document itself should be generated automatically based on data about the user and his connections within the project.
Speaking about user rights, I also mentioned the possibility of sharing information about user preferences between services. One of the most beloved in another team of respectable gentlemen Media 2.0 Workgroup is APML technology. There are many different methods to account for user preferences based on their activity. Desktop applications ( Particls ) and online services such as Bloglines , Cluztr , Dandelife and of course Google are used for this. These services, with the exception of Google, use the APML markup language to describe user preference profiles. What actually opens up the possibility of sharing these profiles between services with the user's permission.
In conclusion, I would also like to mention the OAuth technology. It allows the delegation of rights to permanent or temporary access to personal user data for third-party services and their API.
As you see it is in our hands - to make the social web open, to give users legal rights regarding their personal data. Smart people have already thought about how this can be achieved and the task of service developers only to translate these ideas.
An international group of experts well known in the social web, referred to as Data Portability, recommends using certain existing technologies to achieve the mission described above. So what kind of technology and how to use them in their own projects?
User identification and his profile information
')
Let's start with user identification. The easiest standard in this regard is MicroID . It uses a couple of email + url to identify the user. Here is its formula:
microID = sha1 (
sha1 ("mailto: sheiko@mysite.com") +
sha1 ("http://cmsdevelopment.com/") )
To confirm that the user actually owns the page indicated by him, it is enough to indicate the following in its HEAD section:
<meta name = "microid" content = "mailto + http: sha1: micro_code" />
Despite the apparent simplicity of the standard, such projects as Digg , Plaxa , ClaimID , Last.fm , Ma.gnolia , Wikitravel , and Yedda have already supported it .
Personally, it seemed to me interesting that MicroID can be used not only to confirm the authenticity of the user during feedback, but also, say, to confirm his reputation on a third-party service:
<span class="score microid-mailto+http:sha1:fe98b5adf288318c0763e1d5b0855b3d2266338c">5</span>The second standard for user identification, I believe you are familiar with, is OpenID. I have previously considered this standard on Habrahabr in relation to the identification of the user on his own project (OpenID consumer). However, since we are already talking about user rights, it would be fair to provide users of your service with a kind of “virtual passport” , which they could present on third-party projects. To do this, you will need to distribute to users the address of personal pages on the service in subdomains like http://sheiko.pozzzy.ru . For those who haven’t happened to do this, I recommend using the Apache ServerAlias ​​parameter in the VirtualHost section (if you are using this server) in the ServerAlias ​​style * .pozzzy.ru. After this, all that remains is to sort out the contents of the $ _SERVER ["HTTP_HOST"] variable in the PHP startup script. In order to make your OpenID provider you need the appropriate software. In general, you can use the library from OpenID Enabled (there are PHP, Python, Ruby versions). However, I was subdued by the simplicity of the tiny PHPMyID framework.
There is also a tiny standard Pavatar that allows you to link an image of 80x80px. (avatar) with the user. PNG, JPG and GIF formats are allowed. Just add the code on the user page:
<link rel="pavatar" href="http://example.com/path/my-pavatar.png" />By the way, pavatar and MicroID can be provided with other information from the user profile by the OpenID provider.
User information can also be specified using the hCard microformat.
Information about the user's social connections
OK. We figured out how to identify the user and give him the opportunity to delegate the right to read his profile data. But how can you get information about his friends in various social networks? At a minimum, this would allow us to show the user which of his friends is represented on our service.
The famous Brad Fitzpatrick ( Brad Fitzpatrick ), the founder of LiveJournal, the author of the OpenID standard, has recently been actively promoting the concept of Social Graph and the Google API to it. The idea is that Google indexes information about user connections in social networks if they, these links, are presented in predefined formats ( XFN and FOAF ). The API allows you to get this information in a convenient way. By the way, if you suddenly do not have enough Google, use Plaxo Open Social Graph .Te. when the user logged into our service, we can poll Social Graph about his friends in other services. Further, it remains only to compare their identifiers in the user base of our service and inform the user about his friends on the project. Since getting data from Social Graph is quite simple (an answer is offered for your request in the form of text, JSON, XML), it makes sense to stop on how to format the data for further indexation into a graph.
First of all, you should change the code of links on the pages of users within the service in accordance with the XFN microformat.
You can use <a rel= animalme ..> .. </a> for additional links related to the owner of the open page and <a rel= "-friendfriend ..> .. </a> for links to pages of his friends . If the details of the user's relationship with his friends are available on your server, this can be reflected, for example, as <a rel= </ i>.
As for the FOAF (The Friend of a Friend) standard, it allows to describe the user and his connections in a more structured form, in RDF. You should specify in the code page of the user a link to his RDF-document:
<link rel = "meta" type = "application / rdf + xml" title = "FOAF" href = "http://sheiko.pozzzy.ru/foaf/" />
The RDF document itself should be generated automatically based on data about the user and his connections within the project.
User Preferences Information
Speaking about user rights, I also mentioned the possibility of sharing information about user preferences between services. One of the most beloved in another team of respectable gentlemen Media 2.0 Workgroup is APML technology. There are many different methods to account for user preferences based on their activity. Desktop applications ( Particls ) and online services such as Bloglines , Cluztr , Dandelife and of course Google are used for this. These services, with the exception of Google, use the APML markup language to describe user preference profiles. What actually opens up the possibility of sharing these profiles between services with the user's permission.
In conclusion, I would also like to mention the OAuth technology. It allows the delegation of rights to permanent or temporary access to personal user data for third-party services and their API.
As you see it is in our hands - to make the social web open, to give users legal rights regarding their personal data. Smart people have already thought about how this can be achieved and the task of service developers only to translate these ideas.
Source: https://habr.com/ru/post/21293/
All Articles