Fine- vs coarse-grained group management

There’s an interesting discussion going on over on the Portable Contacts mailing list right now, that seemed worthwhile to bring up here.

Portable Contacts (or PoCo for short) is the standard brewing up for how you share contact lists.  It fills a gap in the “Open Stack”, which already had things like OpenID for sharing your identity (so you can log into various places with a single ID) and OpenSocial (so you can plug various applications into your social network).  PoCo provides a standard way for you to let an application (or another social network) see who your friends are, so you can use your flist for various purposes.

(CommYou doesn’t yet support PoCo, but that’s solely because I haven’t gotten around to it yet — once I’m done with the current rearchitecting, it’s medium-high on the priority list.)

Anyway, today’s conversation brought up the point of how you share that flist.  Currently, it’s mostly being done all-or-nothing — you tell your social network that app A can see your flist, and it gets access to the whole thing.  Which works fine for me personally, but as was pointed out in the discussion, won’t work for everyone.  The point came up that your custom friend lists can and should be used to manage which contacts get exposed.

In particular, Martin Atkins argued for finer-grained access controls:

The sort of uses I’m imagining are, for example, importing my business contacts into LinkedIn without giving LinkedIn access to my personal contacts, or conversely pulliing my close friends into SomeEmbarassingSocialNetwork.com without pulling in my business connections.

That makes sense, and while I tend to be fairly loose about letting my networks and identities slosh around between each other, I know that many of you are much more careful about it.

So I’m curious: how do you think you would approach these access controls?  Do you believe that you would use fine-grained controls, to make sure that certain apps only knew about a subset of your social network?  Do you think you’d do this generally, or only for certain apps and networks?  And do you see handling this differently between, say, LJ, Facebook and LinkedIn?

2 Responses to “Fine- vs coarse-grained group management”

  1. Jim E-H Says:

    I would definitely use them. I accept friend requests on Facebook from pretty much anyone I have any connection with, but LinkedIn is for professional purposes, and I keep it that way. (Just recently, I got a LinkedIn connection request from a larper from way back. I was never particularly friends with him, and I have no idea even what his profession is, so I ignored it.)

    One of the reasons I don’t allow many apps in Facebook is because there’s little control beyond “allow this app access to your information and friends list.” (The fact that they’re nothing but Internet time-wasters means there’s nothing to counter-balance that drawback, but it would still be a tough call.)

  2. George Fletcher Says:

    I might use the fine-grain controls… but I’d rather that PoCo support “membership” queries. While exposing all the “tags” I’ve applied to my contacts does reveal some information about me (from a privacy perspective) I’m personally less concerned about that. So if the consumer knows that I have “groups” (a.k.a. tags) of “Family”, “Photos”, “Personal”, “Friends”, “Work”, etc, I don’t see that as big exposure.

    However, I don’t necessarily want the consumer to be able to see all the contact data in those “groups”. Instead, I like Martin’s concept of dynamically checking and when checking just asking the PoCo service if identity x is a member of group y.

    I’ve got a couple of blog posts about this as well.

    http://practicalid.blogspot.com/2008/09/tagging-for-contacts.html

    http://practicalid.blogspot.com/2008/09/protected-sharing-on-open-web.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: