Brad Fitzpatrick (brad) wrote,
Brad Fitzpatrick

Secure discovery of community intersections

It's too late, so my mind is only halfway putting this all together...

Say I'm a member of LiveJournal, and I'm also a member of secret community foo. Now, "foo" may be a community on LJ or any other site, or maybe not even a site at all. Maybe it's the KKK or drug smuggling ring. Whatever. Foo's a secret. But for simplicity at the moment, let's assume foo has a server that will play along with us.

The question is: how do I, as a member of two communites, discover people that are also in those two communities, without either community publishing their user registries, without letting either site have the full list of each other's users, and without the mechanism revealing any information to 3rd parties? (that is, people not a member of both communities)

Both sites can cooperate in the scheme, use crypto, etc. Also assume users want to be discovered. Or they could opt-in/-out of the discovery process. Also assume at least one of the communities has a relatively high barrier-to-entry, so you don't have to worry about people joining communities just to gain access, then leaving immediately.

I'm not looking for an answer that returns the results in one fell-swoop. Instead, imagine interating over your LJ friends and for each, asking foo's server (or the user's server/public file) whether LJ friend is in foo. Foo might then contact LJ, asking if Foo has permission to answer user's request, validating that user is in fact part of LJ as well. Servers should validate each other. Servers should validate users. Users can use the same unique identifer (email, public key) on both sites, OR supply the other sites with the identifier they used for other communities, ideally encrypted in a form unuseable by each other. (that is, LJ would have user bob's foo identifer, but encrypted... only foo could recognize it or query for it.)

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.