Like many people, I read about Diaspora a while back and thought it was a great idea.  It's one of the few open-source projects I could see myself contributing to.  Unfortunately, it's not "open" in the sense that the technical architecture is open to discussion - it will only become open after they define the architecture, good, bad or indifferent*.  So, as any programmer would, I thought, "Okay, I have some ideas on this, so if they don't want my help, I'll just write my own distributed social network.  How hard could it be?"

Pretty hard, as it turns out.  But a lot of other people have thought about this too, and many of the building blocks for a distributed social network are already out there.  OpenID is a convenient standard for universal identities that is already supported by many big-name companies (even the U.S. government is looking at it), and WebFinger is a promising standard for mapping easy-to-remember email addresses to metadata (such as an OpenID provider).  Atom, Activity Streams and PubSubHubbub can handle most, if not all of the content distribution among servers.

As a side note, OStatus has been mentioned by Diaspora as a standard they wish to implement, however as I peruse the OStatus specification, it appears to be more of a model for a Twitter-style (follow) architecture than a Facebook-style (friend) architecture.  It does nothing to address what I believe is the biggest missing piece, described below.

On the browser side, Diaspora is using something called WebSockets to push real-time notifications to the user's browser, but I'm not sure that's a wise move since currently only a couple of browsers supports it.  For the time being, some other push method seems like a good idea.  In any case, that’s not the most pressing problem for a social network.

In my opinion, the biggest missing piece in the distributed social network puzzle is the mutual authorization required to protect private content from strangers, while allowing approved friends to see it.  There is no open protocol (that I know of) for person A on server X to become "friends" with person B on server Y.  That problem might be easier to solve if we could assume both servers were running the same software (eg. Facebook), but what if server X is running a homegrown PHP app on Linux while server Y is running a totally different ASP.NET app on Windows?

It boils down to finding a lightweight protocol for authenticating both ends of the communication channel between one social server and another (aka. mutual authentication), in a way that is relatively easy to implement on any shared web host.  (Authenticating from a user's browser to the server is another matter, and in my opinion handled by OpenID.)  That is, ensuring that a request to view the private content of person B is really coming from person A via. server X, and not some hacker or a search bot or a man-in-the-middle attack.  (I make the assumption that in a distributed social network, users will only be communicating directly with their own server, as shown below, and not with their friend's server.)

Server X ------ Server Y
   |               |
Browser         Browser
Person A        Person B

Mutual authentication of HTTP traffic is usually only done in enterprise situations with pricey, proprietary solutions.  As far as I know, there aren’t any open standards that would be feasible for this kind of situation.

I’ll be curious to see how Diaspora addresses this issue, but I suspect they’ll be focusing on other things.

* My sense is that Diaspora is more of a branding and marketing effort than a technical effort.  They have created a sort of mythical image of four kids taking on Facebook, and they present themselves almost like a garage band.  That kind of “rock star” programmer image was ubiquitous in the mid-1980s, but can it still work in 2010?  Who knows.  In any case, they have essentially stated that their goal is to get something out quick and dirty, and worry about the “implementation details” later, which is clearly a business-driven goal.  (Incidentally, that’s exactly how Facebook started, too.)