In the wild snapshot#3: DiSo profile plugin

I had an excellent conversation with Stephen Paul Weber, an active DiSo plugin developer, on his experience with the DiSo profile plugin. For those of you unfamiliar with this series of posts, the idea is to create blog-length interviews with various in the wild apps describing their processes and the technologies that they use with regards to data portability. The goal is to profile real use cases, solutions, and lessons learned when it comes to the current state of affairs for data portability technology. Note that these posts aren’t meant to recommend or not recommend certain technology, I leave that up to the developers/architects to decide based on their needs. If you have such an app and are interested in being interviewed, please leave me a comment on one of my posts and I will get in touch with you.

DiSo Project Background
Straight from the DiSo Google group About page

Social networks are becoming more open, more interconnected, and more distributed. Many of us in the web creation world are embracing and promoting web standards – both client-side and server-side. Microformats, standard apis, and open-source software are key building blocks of these technologies.

DiSo (dee • zoh) is an umbrella project for a group of open source implementations of these distributed social networking concepts. or as Chris Messina puts it:“to build a social network with its skin inside out”.

You can also listen to an interview by Chris Messina on Chris Messina about DiSo.

At this stage, DiSo plugins only work on self-hosted WordPress blogs which means if you have a blog on, you are out of luck. Also, all DiSo plugins currently are written in PHP, WordPress’s choice of language. Visit the WordPress site to get instructions on how to host your own WordPress blog and install plugins.

Application Overview
The DiSo WordPress profile plugin has the following main features

  • When a user signs up for a WordPress account, the plugin makes it easier to import the user’s profile information via hCard and XFN (if available)
  • Once a user has signed up for a WordPress account, the plugin makes it easier for the user (now blog owner) to publish their own profile with standards like hcard, XFN
  • Supports permission features allowing blog owner to restrict access to his information based on predefined relationship, e.g., I can’t see his phone number but friends of him who login with their OpenID and are present on his authorized list of friends can see his phone number
  • There is a sidebar widget that displays names/avatars of most recently logged in visitors

The key technical pieces are hCard, XFN (rel-me, rel-contact), PHP5, and standard WordPress plugin architecture. The plugin should work on WordPress 2.0 and above, and has been tested on 2.3 through 2.5. Currently the plugin mimics SGAPI functionality without the FOAF bit. Also, FOAF was considered but not implemented, another item for the future perhaps. He plans to add Google Social Graph API (SGAPI) support, but it wasn’t available when the plugin was written, so it is something to consider for the future – Steve Ivy wrote a PHP wrapper for SGAPI.

While the plugin works with OpenID, it does not require OpenID. There is a button to import profile and can fetch profile information if it is not an OpenID URL. OpenID profile extraction for XFN and hCard is automatic upon registeration and login. For OpenID feature to work, it needs the WP-OpenID plugin. No other libraries or plugins are required, in fact the import button works fine if the WP-OpenID is not installed. To display the user’s profile, the user needs to add a WordPress template tag. There is a page token for rendering on a WordPress page and a PHP function for addition directly to the template (documented on the plugin page). So far, most people don’t use it as a sidebar widget and instead display their profile information inline in the blog.

For an example of the plugin in action, check out Stephen’s blog, it powers the top half of his main page and the avatars of recent visitors in his sidebar.

Lessons learned
Some people have hCard on their OpenID pages via OpenID delegation usually or directly on the page. A large number of people have rel-me links going to their main profile somewhere else. In his opinion, the biggest hurdle is still HTML parsing in PHP which is surprsing to me since PHP is such a popular web development language. Event though PHP has excellent XML support but if the HTML is broken or incomplete as it is often the case in the world wild web, there is no library to handle that. An option is to fix it with HTML Tidy but most shared service providers (like DreamHost) do not have HTML Tidy installed. Without HTML Tidy, the plugin has to run the page through W3C remote tidy proxy which can be slow. Another option is to use HTML Purifier which is a re-implementation of HTML Tidy in PHP.

The current plugin user base is primarily DiSo developers and he has not gotten any feedback from non-DiSo developers. He noted that there is a goofy WordPress thing where the permissions model is based on the contacts list but WordPress only supports one blogroll list, so everyone on that list has the same permission. This is not a problem for most blogs but it could be a problem for multi-authors blog. There is no affiliation with WordPress other than it is a WordPress plugin.

9 Responses to “In the wild snapshot#3: DiSo profile plugin”

  1. 1 J. Trent Adams June 2, 2008 at 4:45 pm

    Bob –

    Just a quick note that your “In the Wild” series provides excellent visibility into the ground truth related to the portaiblity of data.

    Keep ’em coming.


  2. 2 Marc Canter June 2, 2008 at 4:46 pm

    displaying faces on your blog is nic e- but that’s not social networking

    the DiSO is a great first step – but now what? what happens now that you’ve got this social graph of names on your blog?

    Connect to MyBlogLog?

    merge with….

    Import/export from/to????

  3. 3 Bob Ngu June 2, 2008 at 5:17 pm

    @Marc, true, displaying faces on a blog is not social networking per se but it is a start and lays the foundation for more to come. As for what comes next, the DiSo profile plugin uses XFN/hCard for output as well, hence making the data portable and consumable by other services.

    The beauty of that is that it is up to the other services to decide how to consume the data that provides value-added services to their users. If I understand DiSo’s vision correctly, they are big on decentralization, meaning there is no such thing as one right way to consume data. So all the options you mentioned, connect to MyBlogLog, merge with…, import/export from/to are all possible and up to the consuming service to decide.

    P/S: My opinions are my own and are not affiliated with or DiSo.

  4. 4 Stephen Paul Weber June 2, 2008 at 5:26 pm

    @Marc – displaying faces on your blog is a tangential part of this plugin, and something that I am eventually going to spin out into its own plugin. The strengths here are producing profile data, consuming profile data, and managing permissions on your own profile : this is the heart of social.

  5. 5 Bob Ngu June 2, 2008 at 7:53 pm

    @Trent, thanks 🙂 I will do my best to continue the “in the wild” series.

  6. 6 Edward Z. Yang June 19, 2008 at 6:53 pm

    While I know this is an auxiliary concern, but I’d like to point out that HTML Purifier also removes XSS attacks from HTML. In the context of a decentralized social network, I’m not sure if this is a good thing or a bad thing: should users be able to have JavaScript and forms on their pages?

  7. 7 Bob Ngu June 19, 2008 at 7:57 pm

    Good point Edward, XSS attacks are definitely a concern. Even though I find it inconvenient, in general it is a good idea to protect users from such malicious attacks regardless if is a centralized or decentralized social network.

  1. 1 Marc’s Voice » Blog Archive » June 2nd blogging '08 Trackback on June 2, 2008 at 8:39 pm
  2. 2 Blank (Media) Slate » Archive » DataPortability: In-Motion Podcast - Episode 11 Trackback on June 13, 2008 at 6:23 pm

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: