Social networks are widely used for sharing content such as information, ideas, photographs, and the like. It is desirable for many social network users to control access to content owned by that user and available through a social network. In social networks such as Facebook, Yahoo 360, My Space and the like, there are various roles that the user can use to grant permissions and allow access to the resources and information owned by the individual. Examples of these roles include: Public (Anyone can access), Private (Only the owner can access), My Friends (Only users accepted into the owner's friends list can access), and Groups (a subset of My Friends, such as Work, Family, Soccer Team, etc can access). The membership to these roles is managed by the user by explicitly adding other users to a list associated with a particular role. Using explicit membership lists, however, limit the discovery and expansion of the social network.
Different access levels may be assigned for different roles. For example, an owner of a blog set up to exchange information and pictures for a soccer team may allow the Public to view a blog entry, such as times and locations of future games and discussions about games. The owner, however, may only allow those users accepted as mutual friends to post comments to the entry, and only allow those friends who are tagged as members of the group “Soccer Team” to post pictures. The roles of Public, Private, My Friends, and Groups such as “Soccer Team” are all forms of traditional groups used in resource control. One drawback to using definitive group membership for access to social networking resources is that it retards one of the major benefits of social networking, namely discovering new people and adding them as participants in social interaction. In order to allow a new person to participate using resources that the owner desires to exercise control over at more than a Public setting, the owner must explicitly discover the new person and add that person to an explicit group.
One approach that addresses the explicit membership issue is the “Friends of Friends” role offered by one social network provider. By designating the “Friends of Friends” role, permission (and access) can be granted to any user that has been added as a friend to someone who is explicitly in the user's “My Friends” list. This second degree of separation approach is very wide open. A mistake of one user to add an undesirable user such as a spammer or troll to his/her friends list exposes anyone who has chosen the “Friends of Friends” role and has the user explicitly listed as a friend.