Friends & Groups was a session at IndieWebCamp Düsseldorf 2017.
Notes archived from: https://etherpad.indieweb.org/groups
- ... add names
- Jan: How can I share private content with friends in an IndieWeb way?
- Aaron: Create an ACL for every URL with users who are authorized and let them sign in with IndieAuth
- for friends who don't have IndieAuth: use e.g. Twitter URLs in ACL; allow sign in with Twitter/Facebook, too
- Sebastiaan: has this live on seblog.nl, shown demo
- sign-in form has IndieAuth + Twitter
- 401 if not signed in
- 403 if no permissions
- ACLs could be URLs for pages with lists of URLs /h-cards (http://indieweb.org/IRC_People)
- access to those lists can be authenticated in the same way ...
- a "request access" feature on the 403 page that sends a notification of who requested access (after the user logs in)
- for less tech-savvy friends support sign-in with email using magic links
- RSS feeds are a bit more complicated
- can be requested with delegated access_tokens
- Aaron: there's probably a spec for it
- get permalink authentication working first, then on homepage; later feeds
- "secret URLs" can be a simple option but they could easily be leaked
- very low technical barrier, works from static sites, too
- Private Webmentions: protocol for sending webmentions from private URLs (http://indieweb.org/private-webmention)
- Jan: Private webmentions from homepage to homepage as "friend requests"?!
- Lukas: define microformat for 'friend request'?
- Aaron: reply to friend request with another webmention
Ordered by implementation complexity
- One-time use URLs
- Capability (unguessable) URLs
- Private Webmention
- Access control on permalinks requiring login (indieauth, twitter, github, email, etc)
- Access control based on groups (lists of h-cards)
- Add private posts to your home page or other feeds based on who is logged in (browser cookies)
- Feed readers fetching feeds on behalf of users (auth flow TBD)
- Friend requests
- presenting a different set of posts on the home page based on the language of the viewer