I have some questions. The big draw for sites like Facebook is not just the core social network, it's also the tangental functionality that builds on that core. And this protocol aims to be a secure P2P implementation of the core.
Does that mean "applications" are exclusive to users of an identity server?
How would 3rd party applications fit in?
Some networks are starting to offer embeddable forum- or comment-like behaviour - can this protocol accomodate that?
Is it flexible enough to support other (yet to be invented) uses?
"The user must trust the server that is hosting their identity"
That's true with DSNP, but given current p2p technology it should be possible to create a social networking application without data on servers. Where is my Facebook-on-XMPP desktop application?
I'm happy to see an approach to social networking that doesn't require uploading personal data about millions of people into one database.
However, the cryptography in the source code (encrypt.cpp) seems to be hand-made from RSA, SHA1 and RC4 primitives. While I haven't checked details like how they choose their RC4 IVs, I wouldn't trust mortals to get a crypto protocol with PKI right the first time.
I'm yet to look at it properly, but I'd call it a big mistake if this is not built on top of OpenID - to me that is the natural extension of the concept.
Imagine signing into a site with your OpenID and actions being sent back to your hosted DSNP profile Facebook Connect style.
I'd like for DNSP implementations (which allow users to lay claim to a URI) to support OpenID in the sense that it is a provider of identities. It can't be a consumer though, since an OpenID identity cannot (necessarily) talk DSNP.
Does that mean "applications" are exclusive to users of an identity server?
How would 3rd party applications fit in?
Some networks are starting to offer embeddable forum- or comment-like behaviour - can this protocol accomodate that?
Is it flexible enough to support other (yet to be invented) uses?