The internet needs groups

The internet needs groups! I'm not talking about the social entity like groups and individuals. I envision a net entity group like website, webpage, newsgroup or email address.

Example and Use Case

I want to share pictures with my friends. Of course I could do it on facebook (if all my friends were on fb). Or I could sent out picasa invitations – but then I may have to carefully manage who is allowed to see what and it is difficult to resign (or just remember) a permission.

I would rather manage a groups page (e.g. or and the tell picasa to let everybody access my pictures that is in my friends group. If my friend Kelly wants to see my pictures picasa asks for some cryptographic proof that he is indeed in my
friends group and then grants access. If I consider all of Marks friends my friends as well, I would add his group as a subgroup to mine and when Priscilla wants to access my picasa album she would have to give cryptographic proof of the whole chain of subgroups.

I can now not only use my friends group on picasa but at other service providers as well. For example I could limit my RSS-Feed only to my friends group. I would always only have to manage one group. Better yet Mark would take care of managing his friends group so I don't have to.

If I end up in an argument with Mark over privacy concerns I could easily remove him and his friends group in one place ( and all the service providers that rely on my friends group would be aware of this change.

Another usecase: A company makes a contract with a to allow their employees to access articles on pay per view basis. The company adds each department to a News4Employees-Group. Each department manages themselves who should be in the group.


Consider OpenID. It is a protocol to provide an identity for an user. OpenID is an identity protocol. The user relies on this protocol together with an identity provider to prove his identity for example to a website or more general to a service provider. (Note that there are other identity providers using different social login protocols.)

As identity providers provide the entity identity to the internet I would like to extend this service in order to provide the entity group (and subgroup) to the internet. I want group providers. Of course this should rely on a decentral and distributed architecture (similar to OpenID).

In short I envision a world, where identity providers and group providers together can be used to enable access to ressources offered by service providers.

Open Questions and remarks

Where is it?

Ok. I can not imagine that I'm the first one to come up with this. Where is it?

Is there a need?

I like OpenID but I still rarely use it. It has taken off, but it seems much less important than the social logins. Maybe there is simply no need for a group entity?


There are many details to be discussed.

How far does the trust extend into subgroups. What if gets hacked. The attack surface increases to the whole chain of trust.

Are subgroups only inclusive or may I also include everybody but one from a subgroup? I think it should be inclusive only for simplicity and because it's difficult top an identity to an individual. The subgroup maintainer possibly does not know about a super group maintainers exclusion and accept the excluded member with a new identity.

If not set minus, what about intersections of groups. Intersections sound safe at first sight (union are supported by definition).

Where is the burden of proof for authentication? It should be cheap for the server and expensive for the user that gets authenticated.


Do I have to accept to be part of a group?

Does the server need to know all groups I'm in?

May the server know my actual identity or is it enough too know in which authorized group I am?


So what do you – the reader – think? If you like the concept maybe share this draft and let's make it happen.