Last week in Santa Clara, the World Wide Web Consortium (W3C), hosted its annual Technical Plenary (TPAC), at which 500 representatives from W3C's community met for a week. The social Web was high on the agenda.

Currently, the most familiar social Web standard is OAuth2 from the IETF, widely used for open authorization (which allows us to give second-party Social Web services access to information without asking for a Gmail password) on sites such as Facebook and Twitter. However, it now appears there may be a number of other standards in the wings, ranging from work in browser-based identity to rolling your own Google+'s Circles in a federated Social Web to emerging work around the hot topic of social business.

Harry Halpin is a W3C Team member and co-chair of the W3C Federated Social Web Incubator Group with Evan Prodromeo. He is also chartering the W3C Web Cryptography Working Group. His PhD thesis from the University of Edinburgh, titled "Social Semantics," is scheduled to be published by the Springer Group.
Meetings about the "Federated Social Web" last week began with the inventor of the Web, Tim Berners-Lee, showing up bright and early to discuss identity. And there is nothing like cryptography to wake one up in the morning. David Dahl (Mozilla) gave an overview of how the new DomCrypt API would allow hardcore cryptography to be used by any WebApp developer.

Remember how FireSheep let even your mother hijack your Twitter account? Dirk Balfanz (Google) explained how shared secrets could be fixed by binding their verification to good old fashioned cryptography in HTTPS. Finally, Ben Adida of Mozilla pushed for a new approach to identity called BrowserID, which lets the user agent's client, rather than Facebook or any other big server in the Cloud, serve as a proxy for the user's identity in social sites. Out of the argumentation, it seems that soon a common Web Cryptography API will be happening at the W3C.

Remember Diaspora? Over the last few years, Diaspora, StatusNet, and others have been hard at work developing a stack of specifications loosely grouped together under OStatus to make that dream a reality. These specifications allow anyone to roll their own Twitter or Facebook clone that "federates" status updates in a decentralized manner, an effort the W3C is supporting in the Federated Social Web Incubator Group. However, up till now all these specifications allowed only public updates. Yet with the advent of Google+'s Circles, private status updates were clearly next on the agenda but how could those be done in a decentralized way? Then Blaine Cook, former lead-developer of Twitter and originator of OAuth, proposed a tentative solution called "Dialback" that resurrected the obscure HTTP "From:" header and OAuth-style shared secrets to allow private "circles" to be decentralized as well. Several Google+ engineers were in attendance with their product manager Joseph Smarr (originator of the PortableContacts specification when he worked at Plaxo), and while far from revealing any product secrets, a standards-based federated social Web is likely to be their own agenda. Being able to find users on Google would definitely make joining a service like Diaspora less lonely!

At the final session, a number of companies threw down their cards. Representatives from Boeing discussed how they would eventually like to have their own internal social network join others on an ad-hoc basis through a federated social Web. The Open Mobile Alliance (a coalition of over 140 mobile providers) discussed how they were also planning on rolling out a federated social Web client. However, there was concern from some that the underlying technologies could be patented, which would prevent their roll-out in products. This would be prevented if they were released under a license like the W3C Royalty-Free License.

Monica Wilkinson (now of VMWare, which bought her successful social startup SocialCast) showed that the ActivityStrea.ms specification had done this with the Open Web Foundation. However, becoming a W3C Community Group would have made the process much simpler by requiring a commitment when joining the mailing list. At the conclusion, it appeared that many of the specification efforts were going to go for light-weight Community Groups in order to help sort out any intellectual property issues.

The next steps for the W3C in this space are to gauge interest from the wider market in standardizing around the social Web, and this requires sharpening up business use-cases. So starting today, 8 November, the W3C is organizing its first ever virtual event, the W3C Social Business Jam from 8-10 November. This event will use IBM's "Jam" software to help gather ideas and requirements around standards for social business, ranging from identity management to social metrics.

So if you missed the W3C Technical Plenary, Tim Berners-Lee, Evan Prodromou, Monica Wilkinson, along with Doc Searls and Yochai Benkler will be online during the Jam in order to chat about the future of the social Web. We look forward to hearing from you.