FOAF + Encryption

An updated SVG of the FOAF logo. I created the...
Image via Wikipedia

I’m lucky that I can count Dan Brickley and Libby Miller amongst my acquaintances. Not only did they come up with FOAF, they’re also the awesome sort of people that you can throw half-baked ideas at, and they’ll bounce back with something equally interesting1.

I’ve been spending a fair amount of time recently mulling on so-called “social media”2. There are plenty of things I dislike about “social media” for one reason or another, but there are also plenty of things I like about them.

For those not “in the know”, FOAF — which stands for friend-of-a-friend — somewhat predates the popularity of social media, but has since been overtaken by them a bit. But FOAF isn’t a website, or a service, but an RDF vocabulary that lets you create links between web pages describing people. If you’re technically inclined, the current version of the FOAF specs is here. If you’re not technically inclined, you might want to skip this post entirely.

On the other hand, if you’re very much into RDF, I should issue a different kind of warning: I’m not. While I find the concept fascinating, and see how it can be used to express pretty much any information, I don’t think it should. But that is a topic for another blog post or discussion and doesn’t belong here; suffice to warn you that I propose a rather non-RDF-y thing.

There are a number of things I very much like about FOAF. Here’s an abbreviated list:

  • FOAF is simple… as these things go, that is. FOAF files are easily written by hand, and most people I know who maintain one do seem to write it by hand.
  • FOAF files are copyable. That presents it’s own set of problems, but it means that your profile data isn’t tied to a specific URL or even domain. If you’re moving your virtual home, your data can move with you.
  • FOAF is decentralized. That’s somewhat tied to the copyable part, but deserves a point of it’s own. There is no central authority for all profile data of all people, nor even of all profile data of all people within a social web. Every participant can choose whether to provide their profile via their own domain, or via a “social website”-like service.
  • Of less importance to me, FOAF is embeddable in other XML. The only part that I personally find extremely useful is that it allows one to embed machine-readable information about the author of web content.

From a purely implementation point of view, the above points present their own difficulties. For example, it becomes very hard to discover details about people without a search engine of sorts. But many of these problems are essentially solved — in the case of discoverability, any web search engine can help, albeit specialized search engines may make things easier.

What I personally find most interesting is that FOAF is for all intents and purposes a distributed address book. Have a look at my own FOAF file as an example. If you don’t want to read through it, here are the relevant bits:

  <foaf:person rdf:about="#me">
    <foaf:name>Jens Finkhäuser</foaf:name>
      <foaf:name>Dan Brickley</foaf:name>
      <rdfs:seealso rdf:resource="">
      <foaf:name>Libby Miller</foaf:name>
      <rdfs:seealso rdf:resource="">

What’s important here is that in the first section I can provide all the information about myself that I want people to know. In other sections I can provide all the information I want to share about people I know.

But here’s the beautiful part: while I can provide email addresses (or SHA-1 checksums of those email addresses) for each person, I can also refer to another RDF file that describes them in more detail. If I trust that each RDF file I point to is maintained by their owner, my computer can automatically keep my address book up-to-date by reading my own FOAF file, and the FOAF files linked from there. Great stuff! That’s exactly what I want.

But there is a problem with that approach too, as the use of SHA-1 already acknowledges: you don’t necessarily want to make all information — about yourself or someone else — available to the general public, but only those that are “safe”. That’s where encrypted FOAF or FOAF+SSL come in.

  1. And possibly even related and/or helpful. []
  2. I’m sometimes tempted to call them “anti-social media”, but it’s entirely possible that’s just an artefact of me having passed my prime. []