FOAF and the coming wave of semantic web social networking

Posted by K Krasnow Waterman on Wed, Mar 12, 2008 @ 19:03 PM

Tags: FOAF, social graph, technology innovation, semantic web, technology

"FOAF" -- short for Friend-Of-A-Friend -- offers a vocabulary for putting machine readable code into a webpage, making it possible to link from one site, person, company, etc to related ones.  It's been evolving since 2000, but seems on the edge of a major break-out.  Now's a good time to learn about it and ride the wave of its growth.

FOAF is part of the semantic web movement, a philosophy and method of using technology to be able to reach, combine, and react to discrete information coming from multiple sources.  Put simply, it lets you (or your system) get to very specific bits of information from many web pages or systems, even if they're not yours.  Of course, as this technology develops, you'll only be able to reach the discrete bits of data that you're allowed to (more about that some other time).

If you think about it, the concept of machine-readable Friend-of-A-Friend data would seem to eliminate the need for LinkedIn, FaceBook, MySpace, and all the rest.   In theory, you wouldn't need these services because you could pull together your networks by first, second, and nth degree of separation automatically.  You could see networks of friends, business associates, or whatever directly from everyone's pages.  But, in that surprising way the web works, that's not how it's going to happen exactly.

A few weeks ago, I had the distinct pleasure of meeting Dan Brickley, creator of FOAF.  From him, I learned that software is going to start linking FOAF data with other machine-readable social network information.  The way I understand it, smart folks at places like Google and Yahoo are  providing code (APIs) that will let you bridge data from FOAF with data from places like Flickr and Twitter.  So they'll be able to make the jump from one social network to the next.  If FOAF knows Amy is my friend; Twitter knows I share what I'm doing with Bobby; and Flickr knows I share my pictures with Cindy, these APIs will pull that information together and know that I know Amy, Bobby, and Cindy.  These relationships can be displayed in "social graphs", visualizations that look like linked Tinker Toys where every bubble is a person.Flickr and Twitter are out front on this one because they, too, put data in code that's directly accessible to the web. 

The big ideas here are:

1) People won't have to keep entering the same information to get the same people into new social network websites.   If Twitter knows that I know Cindy, but she's not in my Twitter group, it can ask me if I want to include her.  This is HUGE.  There are millions of people joining networks all the time and one that offers this no-typing option will have a big competitive advantage.

2) People won't have to have their data stored with a particular website. They could have their data stored anywhere and just use websites that offer network topics or services, bringing together the right data only for the moment they need it.  So, you wouldn't have to permanently set up accounts of all your friends on a wine tasting network because you wanted them to share an event there one time.  

3) Applications will grow up around this, offering ways to segment relationships into different levels of access. Just because the web can see that your mom and your girlfriend are both connected to you doesn't mean you want to share the same things with them.  

Article has 0 Comments. Click here to read/write comments

Privacy on the Web - Part I

Posted by K Krasnow Waterman on Thu, Nov 22, 2007 @ 10:11 AM

Tags: privacy technology, technology for lawyers, technology for business managers, technology, privacy

A friend just sent me a blog which is a bit of a rant about some comments on privacy or lack thereof. It provides a good basis to discuss some concepts and misonceptions about privacy and technology.

What does privacy mean?

Donald Kerr, a Deputy Director of National Intelligence, said that our culture equates privacy and anonymity. Like the blog author, James Harper -- of the Cato Institute and other esteemed institutions-- I disagree that the terms are equivalent in the eyes of the general public. Webster's dictionary describes being anonymous as being unknown or not identified, while defining privacy as keeping oneself apart or free from intrusion. In our culture, volition appears to be a key differentiator. When I close the blinds, I'm choosing privacy. When no one notices me in a crowd, I'm anonymous.

Is it unrealistic to expect privacy?

Kerr asserts that privacy doesn't exist and cites the availability of personal information through MySpace, FaceBook and Google. From a volition standpoint, Kerr's statement is a mixed metaphor. MySpace and FaceBook are entirely voluntary, people deciding to post things about themselves for their friends or the world to see. Google, making great strides at "organizing the world's information", aggregates personal information that may not have been intended or expected to be shared. I recently showed a friend that in five minutes on Google I could find more than his professional profile -- I produced his home address, his parents, his religion, his political leanings, and something about his finances. This undercuts Harper's contrary assertion that people have retained the ability to provide their identifiers to some "without giving up this information to the world".

Can individuals control privacy?

Kerr and Harper are talking when/whether/how the federal government should have access to individual information, but the question extends farther. Anyone signing up for access to a newspaper or making a purchase on the web is giving bits of himself away. Most typically, the information is gathered in "cookies", established by the websites and stored on the individual's computer. This summer, one study concluded 85% of users were aware of cookies, but only about 28% were able to successfully delete them.

The public's misunderstanding about their control over personal information in cookies extends past their technical inabilities. The misunderstanding is exacerbated by a little legal wordplay. Nearly every "privacy statement" I've ever read on an e-commerce website says that the information may be shared with "afflilates" but then doesn't define that term. Each of these companies could call anyone, any company, or any government agency an "affiliate" and give them access to cookies or sell them the information in the cookies.


[Stay tuned for Part II, where I'll talk about what business leaders and system designers can do to offer more privacy and still meet their business goals.]




Article has 0 Comments. Click here to read/write comments

Technorati: Joining the blogging world

Posted by K Krasnow Waterman on Sun, Aug 19, 2007 @ 08:08 AM

Tags: technology innovation, technology

Today, I'm joining 97 million other bloggers and making my pages searchable by Technorati.  Stay tuned for updates on whether/how it changes this site and the traffic coming to it.

Technorati Profile
Article has 0 Comments. Click here to read/write comments

Lucky 13, Nicely Nicely and User Attributes in Identity Management for Access Control

Posted by K Krasnow Waterman on Wed, Aug 15, 2007 @ 09:08 AM

Tags: technology innovation, access control, identity management, technology for business managers, technology, technology management

I've always loved the Guys and Dolls song in which a bunch of guys sing a catchy round about picking their favorite nag at the track. They're telling each other why they've made their pick. It goes like this:

"I got the horse right here
The name is Paul Revere
And here's a guy that says that the weather's clear
Can do, can do, this guy says the horse can do"
"I'm pickin' Valentine, 'cause on the morning line
A guy has got him figured at five to nine
I know it's Valentine, the morning work looks fine
Besides the jockey's brother's a friend of mine "
"And just a minute, boys.
I've got the feed box noise
It says the great-grandfather was Equipoise "

What does this have to do with computers? It provides an easy to understand example of how we make decisions. The gamblers are describing where they got their information and what categories of information matter to them. They rely on a favorite racing form, friends of friends, and gossip from the staff. In the brave new world of dynamic access control, we want to do the same thing to reach an automated decision about what data you can see. Instead of racing forms, we have "trusted sources" or "authoritative data" -- repositories we believe have reliable information. And, instead of the weather, lineage, and distance, we're looking for other categories of facts that consistently help us to reach our decisions.

I've recently done a project in which we attempted to define how many things you really need to know about a system user to decide whether or not s/he can have access to particular government work-related information. The idea was to see if there was an universal core of attributes that most system access rules are seeking. In other words, does the decision about what you can see in the human resources system rely on the most of the same categories of information about you as the decision about what you can see in a criminal case file or a person's tax filing. Our answer is "yes," if you create the right sort of categories. And, much to our surprise, our core list is only thirteen attributes.

What's the right sort of category? Other proposals have made each fact its own category. For example, imagine an attribute which indicates whether someone is a law enforcement officer and a different one for whether someone is a lawyer. Organized that way, you would need thousands (millions?) of attribute categories. But, if you say the attribute is "job description" then you can include officer, attorney, and a million other jobs in one attribute category.

Having a small number of needed attribute categories has a tremendous advantage. It means the software can be less complex, handling a smaller number of variables. It means the processing time should be faster. In this design, each system needs to know only the values it cares about. For example, if the access rules for a system only permit government auditors and law enforcement officers to view the data, the particular system doesn't need to know that a person can be a doctor or a dog catcher. It only looks to see if the person seeking access matches (or has an equivalent to) "government auditor" or "law enforcement officer" in his "job description" attribute.

We think the 13 user attributes are:

Employer Name
Employer Subgroup (as many hierarchical levels as needed)
Employer Type (e.g., federal government, private hospital)
Employment Type (e.g., permanent, temporary assignment, contractor)
Job Designation
Location (physical and virtual)
Location Type (permanent, temporary)
Special authorities/licenses (granted by others)
Management Level
Direct Reports
Rating/Reviewing Official
Skill (ability, irrespective of outside grants)
Skill Level

So far, we haven't come across a data access rule we couldn't parse into one of these attributes. If you do, please tell me.

Article has 0 Comments. Click here to read/write comments