An often quoted feature of services such as OpenBC/Xing (and most of such ‘pure social networking’ sites) is that they basically allow you to keep an address book without having the need to update it yourself.

Some people may even argue that this is the only real benefit these social networking sites do actually offer.

There are of course services dedicated to helping you keep your address book up to date. These often offer plugins for Thunderbird and Outlook, so you can actually use the address book directly. (e.g. Plaxo) Some email providers even have a function to send out “please update my address book entry on you” emails to your receipients (e.g. web.de), but most people find these quite annoying.

Now some people might argue that you could use the FOAF standard for this. But publishing your FOAF data on the web is a privacy problem. Most people won’t be willing to publish much more than their email address there. Just like some people are not willing to entrust their information to services such as OpenBC.

Using e.g. HTTP authentification to restrict access to your FOAF data is also not working very well: you’d need some user management to be able to revoke access or change the access credentials if the passwords are leaked somehow.

OpenID would definitely be interesting, but how many of your friends have OpenID yet? And not everybody has access to deploy the server side needed for this.

The easiest to deploy approach would be to just use public key encryption. You could then upload an encrypted copy of your data for each ‘friend’ to any web site. You could also upload different data (including work contact information only, for example) for different recipients.

My idea is like this:

  • The contact information you are willing to share is published encypted via PGP for the recipient
  • FOAF data includes a pointer to the base URI for this data
  • Base URI + GPG key id gives the location for the data
  • Data should be a more detailed FOAF file or vCard?
  • Client (“address book management”) applications retrieves and updates this data on demand (“update” button) or e.g. after a timeout of one month

Big benefits of this approach:

  • Very high privacy
  • You don’t need to entrust any service provider with your data
  • Distributed, vendor-neutral, provider-neutral approach
  • Standards based (FOAF, HTTP, PGP, vCard/iCalendar)

Drawbacks:

  • Standards such as FOAF and PGP aren’t very widely used yet
  • Not as easy to use (yet) as websites like OpenBC
  • Require that you have some URI to publish your FOAF and contact data at
  • No ‘push’ updates possible without active servers or sending emails
  • (No implementations - well, this is just a concept right now!)