2017/Düsseldorf/groups

Friends & Groups was a session at IndieWebCamp Düsseldorf 2017.

Participants

Jan: How can I share private content with friends in an IndieWeb way?
Aaron: Create an ACL for every URL with users who are authorized and let them sign in with IndieAuth
for friends who don't have IndieAuth: use e.g. Twitter URLs in ACL; allow sign in with Twitter/Facebook, too
Sebastiaan: has this live on seblog.nl, shown demo
sign-in form has IndieAuth + Twitter
401 if not signed in
403 if no permissions
ACLs could be URLs for pages with lists of URLs /h-cards (http://indieweb.org/IRC_People)
access to those lists can be authenticated in the same way ...
a "request access" feature on the 403 page that sends a notification of who requested access (after the user logs in)
for less tech-savvy friends support sign-in with email using magic links
RSS feeds are a bit more complicated
can be requested with delegated access_tokens
Aaron: there's probably a spec for it
get permalink authentication working first, then on homepage; later feeds
"secret URLs" can be a simple option but they could easily be leaked
very low technical barrier, works from static sites, too
Private Webmentions: protocol for sending webmentions from private URLs (http://indieweb.org/private-webmention)
Jan: Private webmentions from homepage to homepage as "friend requests"?!
Lukas: define microformat for 'friend request'?
Aaron: reply to friend request with another webmention

Ordered by implementation complexity

One-time use URLs
Capability (unguessable) URLs
Private Webmention
Access control on permalinks requiring login (indieauth, twitter, github, email, etc)
Access control based on groups (lists of h-cards)
Add private posts to your home page or other feeds based on who is logged in (browser cookies)
Feed readers fetching feeds on behalf of users (auth flow TBD)
Friend requests

Multi-language posts

presenting a different set of posts on the home page based on the language of the viewer