From IndieWeb

Friends & Groups was a session at IndieWebCamp Düsseldorf 2017.

Video: https://www.youtube.com/watch?v=q-pkYpXyV6w&index=5&list=PLk3TtIJ31hqprNLzhi8FbUD3freO1E9E2

Notes archived from: https://etherpad.indieweb.org/groups


  • ... add names


  • Jan: How can I share private content with friends in an IndieWeb way?
  • Aaron: Create an ACL for every URL with users who are authorized and let them sign in with IndieAuth
  • for friends who don't have IndieAuth: use e.g. Twitter URLs in ACL; allow sign in with Twitter/Facebook, too
  • Sebastiaan: has this live on seblog.nl, shown demo
  • sign-in form has IndieAuth + Twitter
  • 401 if not signed in
  • 403 if no permissions
  • ACLs could be URLs for pages with lists of URLs /h-cards (http://indieweb.org/IRC_People)
  • access to those lists can be authenticated in the same way ...
  • a "request access" feature on the 403 page that sends a notification of who requested access (after the user logs in)
  • for less tech-savvy friends support sign-in with email using magic links
  • RSS feeds are a bit more complicated
  • can be requested with delegated access_tokens
  • Aaron: there's probably a spec for it
  • get permalink authentication working first, then on homepage; later feeds
  • "secret URLs" can be a simple option but they could easily be leaked
  • very low technical barrier, works from static sites, too
  • Private Webmentions: protocol for sending webmentions from private URLs (http://indieweb.org/private-webmention)
  • Jan: Private webmentions from homepage to homepage as "friend requests"?!
  • Lukas: define microformat for 'friend request'?
  • Aaron: reply to friend request with another webmention

Ordered by implementation complexity

  • One-time use URLs
  • Capability (unguessable) URLs
  • Private Webmention
  • Access control on permalinks requiring login (indieauth, twitter, github, email, etc)
  • Access control based on groups (lists of h-cards)
  • Add private posts to your home page or other feeds based on who is logged in (browser cookies)
  • Feed readers fetching feeds on behalf of users (auth flow TBD)
  • Friend requests

Multi-language posts

  • presenting a different set of posts on the home page based on the language of the viewer

See also