We had 11 sessions, each one happened in their own time slot. That's a bit unorthodox for an IndieWebCamp but it allowed some of the sessions to spread out and have completely different people at some than others based on interest and timezones (yes, timezones are hard). Interestingly the sessions ended up in three groups, 4 "Friday" sessions, 3 late-night Wordpress sessions and 4 "Saturday" sessions. Although due to timzones those days are a bit blurry.
I really enjoyed all the sessions. A couple that really stood out were the AutoAuth and Groups sessions. In fact, inspired by the AutoAuth session, that's what my Create Day project was on! For Day 2 of the camp, I worked on adding AutoAuth to my site. AutoAuth is a proposed extension to the IndieAuth specification that allows IndieAuth to happen between software without the active intervention of the site owners. The goal of AutoAuth is to allow access control to posts like how Facebook allows you to make a post with only specific users able to see it or how Twitter allows you to have a private account.
First I was able to add the right scopes to my authorization endpoint
which I defined as "Allow a third party application to request the ability to read other people's content". It can probably be improved but essentially it allows my Social Reader to grab private posts on my behalf so that I can read them in my app.
I also implemented protected posts on my website and did some testing. I added two people to the "access list" (which I call audience) of a private test post. I then tested visiting that page as an unidentified user, as me, as a person on the access list and as a person I know is NOT on the access list. It worked correctly, for an unidentified user, it presents the correct HTTP headers for AutoAuth so a reader knows there is content there if people are identified. However the page itself doesn't say anything about the existence of a post to an unidentified user or a user that is not on the access list.
It's kind of a strange error message from when I had a static site that had to rebuild. I need to adapt that, but the key is it works! Then when either I or a person on the access list visits the url, you get a different page completely!
Surprise! There is a post there! In the future, I could even do things like restrict the location of the post to people that I know or other similar things. AutoAuth opens up the doorway to a whole interesting world of semi-private information.
I am not actually finished with the project, I have some more stuff I need to finish as far as how my site communicates with other people's sites to verify the person is who they say they are, etc. But it's an exciting start and sometimes starting is the hardest part!
I'm hoping to get this work wrapped up in the next week so I can start testing it. Plus, if I get it working and start creating private posts for people on the IndieWeb, it might encourage them to start adding AutoAuth to their projects as well!