Rich Sharing and Personal Channels


Summary

Personal channels support rich sharing. Consequently they are extremely flexible and can be used for many purposes. Personal channels provide a messaging system for personal clouds that provides access-controlled, filtered, trustworthy notifications, data exchange, and sharing.

[]

The Social Web has shown us the power of connecting. Facebook has friends, LinkedIn has connections, and Twitter has followers. These channels allow their owners to communicate with others, although their capabilities vary greatly. But the resulting relationship graphs are stilted because their proprietary nature makes interoperation and extension difficult—in spite of all of the money and time invested in creating APIs to access them.

I look forward to a relationship network that is based on open standards just as the email network and indeed the Internet itself are. The power of the Internet to serve an untold variety of purposes in a flexible way is a direct result of the open standards upon which it is based. Relationship networks based on open standards will provide unprecedented value and opportunities for people because of the new applications it will engender.

This paper will describe something called a personal channel, based on open standards and protocols, that can form such a relationship network. Personal channels link personal clouds, the subject of an earlier white paper. This paper assumes a knowledge of personal clouds, their features and their capabilities. We will share that channels have properties necessary to induce rich sharing, a hallmark of flexibility without which they would not be able to accomplish all that is needed.

Personal Channels

Long ago, personal computers were interesting in their own right. That changed in the 90's with the emergence of widespread network connectivity. Anymore, a PC that's not connected to the Internet is not only boring, it's non-functional for many of the tasks that people perform every day. If you don't believe me, just turn off the network on your computer for a day. And of course, the modern personal computer—the smartphone—makes connectivity the very foundation of the platform.

Like personal computers, personal clouds are only interesting when they are connected. Personal channels link personal clouds. The collection of channels connecting myriad personal clouds form a relationship network. On an open standard relationship network, the attributes, permissions, and capabilities of a relationship are standardized and extensible. Every relationship is a link. A link may be a simple one-way (asymmetric) subscriber relationship that does not require involvement of the second party, or it may be a stronger two-way (symmetric) relationship in which both parties act as publisher and subscriber.

In either case, when data and messages can flow in one or both directions across a link, it is called a channel. The control each party has over the channel--the terms and conditions to which they agree over how it will work--is called a link contract. Control over the channel still resides in the link contract(s) with the connected parties. The following figure shows two personal clouds connected via a channel controlled with a link contract.

Personal clouds linked by personal channels

Channels exhibit the following properties:

  • Personal channels provide separately revocable, separately trackable authority to share between personal clouds.
  • Any given personal cloud can have any number of inbound and outbound channels. Any two personal clouds may share multiple channels for different purposes.
  • Channels use a combination of the Event eXchange Protocol (EXP) and XRI Data Interchange (XDI) protocol that give them metaprotocol capabilities. Channels are ways of doing something instead of a place for doing something.
  • Link contracts are a flexible means of declaring fine-grained access control to data and services. Link contracts specify the nature and behavior of a channel.
  • Channels are the conduits over which messages pass between personal clouds. These messages include event notifications, data queries, and data transfers.
  • A channel need not be restricted to just two parties. It may connect the members of a group (e.g., email distribution lists), or access may be fully public (e.g., blogs or Twitter feeds).

Like email, channels form a point-to-point network between personal clouds all speaking the same protocol. Unlike an email server, whose sole function is usually email processing, a personal cloud is more like a general-purpose computer in the cloud; it has an operating system that runs applications, processes events, and manages data under direct control of its owner.

This is why channels on the relationship web can be dramatically more useful to individuals and businesses than ordinary email or Web connections.

Rich Sharing

Marc Stiegler of HP Labs has written (PDF) and spoken about rich sharing. Alan Karp has written about PubShare, a system Marc built that demonstrates rich sharing. Alan relates two stories that contrast our expectations about sharing in the physical and online worlds. The first takes place in the physical world:

In an emergency, Marc asked me to park his car in my garage. I couldn't do it, so I asked my neighbor to do it for me and said to get the garage key from my son.

The second involves an online file sharing scenario:

In an emergency, Marc asked me to copy a file from his computer to mine. I couldn't do it, so I asked my neighbor to do it for me and said to get access to my computer account from my son.

The second story is ludicrous to us because we can't see a reasonable way for it to work even though it closely resembles the scenario from the physical world.

Rich sharing characterizes what makes human communication in the physical world work. Using this model, we can determine how to create better online communication systems. Communication systems, like email, that embody rich sharing feel natural to users and thus succeed. Systems that don't feel stilted or unwieldy and thus don't scale the way their designers intended.

Sharing is easy and technically uninteresting in situations where the shared item is public and there's no need to authorize access to it. Similarly workgroup-style sharing is relatively straightforward and the tools for protecting resources in workgroups such as role-based authorization control (RBAC) and access control lists (ACLs) are well understood. For purposes of contrast, let's call unprotected and workgroup-style simple sharing.

Sharing becomes much more nuanced when access to the shared item must be restricted and the players in the sharing scenario operate in independent security domains. Many real-world scenarios require rich sharing. Stiegler and Karp demonstrate why workgroup-style sharing can't accommodate rich sharing scenarios.

Rich sharing is characterized by six key features:

  • Dynamic—Sharing can be done without reconfiguring the system or having other work done by the sharer's IT department.
  • Attenuated—Sharing happens with the right permissions on the right items.
  • Chained—A shared item can be reshared in appropriate ways. Authority can be re-delegated. Building attenuated chains of delegated authority is difficult in simple sharing architectures.
  • Cross domain—Sharing can occur across security domains without the user linking the domains in an ad hoc manner or the IT department having to setup special purpose federated identity systems.
  • Recomposable—The shared item or service can be used in conjunction with other resources and services even if those documents and services exist in a separate security domain.
  • Accountable—Even though sharing can be re-delegated along a chain, the original owner must maintain the ability to audit and track the use of the shared item and hold the appropriate parties accountable for misuse.

Stiegler and Karp make a case that email succeeds because email demonstrates these six attributes. In contrast, it's easy to find examples in other sharing architectures that fail to incorporate one or more of these and thus become difficult to use as the sharing scenarios get more complicated. Today's popular social networks all fail to meet one or more of the above attributes.

Personal Channels Support Rich Sharing

Personal channels exhibit rich sharing. We mentioned in an earlier section of this paper that channels provide a metaprotocol for interaction. Thus they represent a way of doing things rather than a place. Rich sharing is more easily supported by ways—protocols—rather than by places. In fact, I argue that properties of rich sharing such as being cross domain and recomposable are nearly impossible to achieve using a place such as a Web site.

Let's examine the attributes of rich sharing and see how channels stack up:

  • Dynamic—A personal cloud can use a personal channel to send a message to any other personal cloud that subscribes to it at any time. Subscriptions can be formed between two personal clouds or between a cloud and another network service at will.
  • Attenuated—Link contracts provide a means of fine grained access control that enables attenuation.
  • Chained—Upon receiving a message on a channel, a personal cloud can delegate that message to other personal clouds. This delegation may be algorithmic, but is always under the ultimate control of the personal clouds owner.
  • Cross domain—Each personal cloud functions as its own domain in the same sense that an email inbox represents an independent domain controlled by its owner. Thus a channel carries messages from one domain to another.
  • Recomposable—Messages sent along a channel, be they events, queries, or data are composed with other information from other sources (e.g. APIs, other channels, etc.) as part of the processing done by a personal cloud.
  • Accountable—Channels are uniquely identified and individually revokable. The unique identity combined with the ability to declare authoritatively the nature and behavior of the channel via link contracts provides flexible accountability that can be tuned to a given purpose.

Conclusion

Rich sharing requires that the sharing be dynamic, accountable, recomposable, and cross-domain, while enabling the chaining (repeated redelegation) of attenuated access (including separable revokablity). We have shown that personal channels exhibit these properties and thus enable rich sharing.

Because channels support rich sharing, they are extremely flexible and can be used for many purposes. Personal channels provide a messaging system for personal clouds that provides access-controlled, filtered, trustworthy notifications, data exchange, and sharing. Future papers will expand on these benefits of personal channels.