Building Secure Open & Distributed Social Networks


Published on

How to Build Open Distributed Social Networks with no central point of control. Displays an OpenSource application that can browse and edit that network. Shows how it works, how it can do simple firewall based security. It then looks at how to add fine grained security in such a network that would be equivalent to Social Networking applications such as LinkedIn or Facebook.

Published in: Technology, Business
  • Very interesting ppt. The research indicated PPT only contains 30% of information; therefore the 70% valuable information comes from the presenter himself/herself. provides you a chance to record your voice with your PowerPoint presentation and upload to the website. It can share with more readers and also promote your presentation more effectively on
    Are you sure you want to  Yes  No
    Your message goes here
  • audio:

    Well ok. Let us be clearer still. Web servers don't serve up graphs like that. And nobody has see arrows pointing across web servers.

    Web server serve up representations that have a graph as their interpretation, but these graphs are usually written up in some language such as this. This is an easy to read notation called Turtle.

    The arrows we showed previously come from the fact that both documents use the same URLs when talking about Tim and when talking about Henry. That is how two documents can point at the same objects.
    Are you sure you want to  Yes  No
    Your message goes here
  • audio:
    Ok so let us dig down a little and look more carefully at what is going on here. Let us just take a simple case of two graphs placed inside two files on two different web servers. The files can be built in two completely different ways.

    The Apache server is serving up file (representation) stating a few things about Tim Bray, on the Tomcat server is serving a file (representation) stating a few things about me.

    There are also arrows going from Henry to Tim and vice versa saying that they know each other.
    Are you sure you want to  Yes  No
    Your message goes here
  • audio:
    So in summary here are the advantges of such an AddressBook.
    1. We have an open social netowork without Data Silos. Metcalf's law can work a lot better in an open web
    2. The information about the people you want to contact can always be up to date. It is after all just one HTTP GET away, and since there is no need to duplicate the information everywhere, we can feel more confident that people will keep their core information up to date.
    3. I did not show this, but it is very easy to publish a foaf file.
    4. You can drag and drop friends onto your address book
    5. We can even add security, as shown previously. At the end of the talk I will go into more sophisticated ways of doing this.
    Are you sure you want to  Yes  No
    Your message goes here
  • audio:
    Here is the way to think about what is happening. Instead of thinking just about names, we think about what the names refer to. What the names refer to is the semantics of the relation described via uris above. The triple of URIs forms the syntax. The thing they describe is the world. By distinguishing the names of things and the things they speak of we can use inferencing to deduce when two names identify the same thing. That is where inferencing comes to be important, and you will find out more on that subject by searching for OWL and rdf on the internet.
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Hello, my name is Henry Story. I work for Sun Microsystems where I research on the Semantic Web. I am tasked with finding ways to get people excited about what is happening in this space, which at first may seem very abstract. So I have been looking for problems that would affect people directly, have some real immediate business value, clearly demonstrate the power of the semantic web, and that is small enough that I don't need a big budget to get things done. After all I am in the business of convincing people. Once they are convinced I hope they will help out one way or another. Social Networking is big. It affects everyone in very personal ways. It is useful. It is what we are all about. Here I wish to show how one can build an secure, open, distributed global social network with no center of control. The only way to do this is using the semantic web....
  • Building Secure Open & Distributed Social Networks

    1. Secure Distributed Open Social Networks <ul><li>Henry Story </li></ul><ul><ul><li>Senior Staff Engineer </li></ul></ul><ul><ul><li>Semantic Web Evangelist </li></ul></ul><ul><ul><li> </li></ul></ul><ul><ul><ul><li>Sun Microsystem </li></ul></ul></ul>photo by prakharevich
    2. Overview <ul><li>Description of the Social Networking problem </li></ul><ul><li>Why this is no longer “ somebody else's problem ”: a hyper address book </li></ul><ul><li>The functioning of the Address Book </li></ul><ul><li>How to add distributed decentralized security </li></ul><ul><li>A final thought: how this changes the desktop paradigm </li></ul>
    3. Too many Social Networks? ...are there too many web servers?
    4. The Problem: data silos <ul><li>SN don't link up: </li></ul><ul><ul><li>Information can't be moved easily (see: Data Portability the video ) </li></ul></ul><ul><ul><li>Users have to create and maintain accounts on each SN they have friends on, or loose contacts </li></ul></ul><ul><li>Growing number of social networks (SN) </li></ul><ul><ul><li>because there are a lot of $$$ to be made </li></ul></ul><ul><ul><li>because there are many needs </li></ul></ul><ul><ul><li>there will never be one SN to rule them all. </li></ul></ul>
    5. Scoble gets thrown off Facebook! In early January 2008 Scoble, the developer who got blogging going at Microsoft, got thrown off Facebook for extracting information too agressively from his social network on Facebook. This is the Facebook who asked users for their gmail password to extract all their contacts from their email! see his video
    6. An (evolving) Social Graph <ul><li>relates many different things </li></ul><ul><ul><li>people to information about them </li></ul></ul><ul><ul><ul><li>name </li></ul></ul></ul><ul><ul><ul><li>address </li></ul></ul></ul><ul><ul><ul><li>phone number </li></ul></ul></ul><ul><ul><li>relations between people: </li></ul></ul><ul><ul><ul><li>who knows who </li></ul></ul></ul><ul><ul><ul><li>who worked with who </li></ul></ul></ul><ul><ul><li>relations with external things </li></ul></ul><ul><ul><ul><li>blogs </li></ul></ul></ul><ul><ul><ul><li>companies </li></ul></ul></ul>
    7. Two social Networks how can Tim and Henry link up ?
    8. Solution 1: minimal naïve approach but within each SN queries are very limited: e.g.: in Network A, nobody can query for Tim's address
    9. Solution 2: copy some information <ul><li>how to copy the data? Data Portability? (DRY principle?) </li></ul><ul><li>how to keep the relations up to date?! Twice as much work. </li></ul><ul><li>queries still limited: what are the friends of Tim's friends? </li></ul>
    10. Solution 3: copy all <ul><li>technically impossible: does not scale as networks grow in size and number: </li></ul><ul><ul><ul><ul><li>how to keep information up to date? </li></ul></ul></ul></ul><ul><ul><ul><ul><li>amount of synchronization grows exponentially </li></ul></ul></ul></ul><ul><li>politically impossible: S.N. are very protective of their data + privacy issues + oligopoly issues </li></ul>
    11. The pull to one network Due to Metcalf's law : the larger the network the more valuable it becomes. But why does it have to be in one database? Because each database has its own LOCAL POINTER mechanism, just like every Java virtual Machine has a local pointer mechanism. You cannot easily point from one JVM/DB into another. What if we had one big world wide database? we would need universal names for things. URIs?
    12. The Solution: linking across social networks requires a global namespace
    13. The Solution: a closer look <ul><li>objects and documents have URLs </li></ul><ul><li>Relations also have URLs: foaf:knows , foaf:name </li></ul><ul><li>The Self Describing Web </li></ul>
    14. A hyperdata Address Book
    15. 1. first launch of jnlp
    16. 2. drag and drop a foaf file url
    17. 3. click on the first name in the first column
    18. 4. explore the second column
    19. 5. press the space bar on the keyboard...
    20. 6. positioning with NASA's World Wind
    21. 7. Sun Intranet Foaf experiment
    22. Foaf: Friend of a Friend
    23. Advantages <ul><li>Open Social Network – no data silos </li></ul><ul><li>Information about people is always up to date (an HTTP GET away) </li></ul><ul><ul><li>this could be used to keep up to date on where friends are </li></ul></ul><ul><li>It is easy to publish a foaf file: one click away </li></ul><ul><li>Drag and drop friends </li></ul><ul><li>security: some ideas at the end of the talk </li></ul>
    24. Two foaf files on the internet
    25. Well, what we really have is
    26. Well, what we really have is in graph view
    27. The graphs inside the Beatnik Database
    28. Networked graphs: A merged view
    29. SPARQL: semantic query lang <ul><ul><li>PREFIX foaf: <> </li></ul></ul><ul><ul><li>SELECT ?p </li></ul></ul><ul><ul><li>WHERE { </li></ul></ul><ul><ul><li>?p foaf:knows ?q . </li></ul></ul><ul><ul><li>} </li></ul></ul>
    30. SPARQL construct query PREFIX xsd: <> CONSTRUCT { ?subject ?relation ?object . } WHERE { GRAPH ?g { ?subject ?relation ?object . } ?g :fetched-at ?date . FILTER { ?date < “2008-03-30”^^xsd:date } } This CONSTRUCT query can be used to construct a graph that is a union of all graphs that were fetched after march 2008.
    31. Networked Graphs: SPARQL Rules PREFIX owl: < #> CONSTRUCT { ?b owl:sameAs ?a . } WHERE { ?a owl:sameAs ?b . FILTER ( ! SAMETERM(?a , ?b) ) } CONSTRUCT queries can also be thought of as rules. Here is the well known rule of symmetry of identity. Simon Schenk's Networked Graphs can have a number of rules expressed as SPARQL CONSTRUCT queries, which works nicely with the Sesame semantic engine.
    32. merging identities PREFIX owl: < #> PREFIX foaf: < > CONSTRUCT { ?a owl:sameAs ?b . } WHERE { ?a foaf:homepage ?pg . ?b foaf:homepage ?pg . FILTER ( ! SAMETERM (?a , ?b)) } The rule that if we have two names for people that have the same homepage, then the two names refer to the same person. There are more general ways of stating this btw.
    33. Security: 3 approaches <ul><li>Simple Firewall based security </li></ul><ul><li>OpenId based Security </li></ul><ul><li>Even simpler SSL based security </li></ul>
    34. Firewall protection
    35. Protecting resources with OpenId
    36. Protected Resources <ul><li>:me a foaf:Person; </li></ul><ul><li>foaf:name “Henry Story”; </li></ul><ul><li>rdfs:seeAlso </protected/henry> . </li></ul><ul><li></protected/henry> openid:login </openidAuth.cgi> . </li></ul><ul><li>This is trying to say that in order to access the protected resource one needs to login with openid first. </li></ul><ul><li>This is a sketch of such a vocabulary </li></ul>
    37. OpenId continued
    38. foaf+ssl: even simpler
    39. Protected Resources <ul><li>:me a foaf:Person; </li></ul><ul><li>foaf:name “Henry Story”; </li></ul><ul><li>rdfs:seeAlso <https://.../protected/henry> . </li></ul><ul><li>notice the seeAlso is now an https url </li></ul>
    40. foaf+ssl: even simpler
    41. X509 certificate Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: dsaWithSHA1 Issuer: O=OpenPGP to X.509 Bridge, OU=RDFauth Test, CN=Henry Story <> Validity Not Before: Dec 12 21:49:50 2007 GMT Not After : Dec 6 21:49:50 2008 GMT Subject: O=OpenPGP to X.509 Bridge, OU=RDFauth Test, CN=Henry Story <> Subject Public Key Info: Public Key Algorithm: dsaEncryption DSA Public Key: pub: 33:41:...
    42. X509 certificate with id X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment, Key Agreement, Certificate Sign Netscape Cert Type: SSL Client, S/MIME X509v3 Subject Key Identifier: 45:DC:F9:10:33:C0:45:28:EA:90:6E:83:73:06:6F:51:21:89:13:DD X509v3 Authority Key Identifier: keyid:45:DC:F9:10:33:C0:45:28:EA:90:6E:83:73:06:6F:51:21:89:13:DD X509v3 Subject Alternative Name: URI: Signature Algorithm: dsaWithSHA1 30:2c:02:14:78:69:1e:4f:7d:37:36:a5:8f:37:30:58:18:5a: f6:10:e9:13:a4:ec:02:14:03:93:42:3b:c0:d4:33:63:ae:2f: eb:8c:11:08:1c:aa:93:7d:71:01
    43. Very Simple Authentication
    44. The Semantic Desktop
    45. some references <ul><li>Getting Started With RDF </li></ul><ul><li>The Semantic Address Book web site </li></ul>