With the shocking realisation that terms-of-service get-out clauses probably mean that service level agreements for most cloud and web services are worthless, one option that needs urgent exploration is the use of non-centralised distributed software for common infrastructure needs. While we associate the term "peer-to-peer" mainly with file transfer systems like BitTorrent, the idea of federated peer systems is more widely applicable. Indeed, the authors of Kazaa went on to use their federated ideas to create Skype, and more recently one of the creators of The Pirate Bay has proposed a peer-to-peer DNS - already a federated system but dependent on a small number of root servers. The P2P DNS proposal involves federated rather than centralised authority; time will tell if it can be made to work.
So is non-centralised infrastructure feasible? To date, the need to architect non-centralised systems for business has not been pressing, but it seems entirely possible that enterprise-strength solutions could start to emerge. Here are some sample non-centralised/federated/peer-to-peer infrastructure applications:
- YaCy is a search engine where many nodes share information to build a distributed index.
- Status.Net is a microblogging system that allows users to run their own Twitter-like site and federate selected streams with other systems.
- Tahoe-LAFS is a high-redundancy file system that allows many systems to contribute to an encrypted and distributed storage system which nonetheless remains readable only to the owner of the files and not to the owner of the storage
- BitCoin is an online currency alternative where the entire economy is replicated in each user's computer and the authority of the anonymous ownership of each "coin" is established by comparison of digital signatures between users.
- Diaspora will hopefully be a social networking community where users can run their own federated "pods", thus owning their personal data and directly controlling what is shared with who.
- OpenPGP encryption is based on self-issued certificates which gain authority as a result of a web of trust expressed via user-maintained keyrings rather than a hierarchical certificate authority system that can be centrally compromised.
- There is discussion and prototyping of a P2P DNS in progress, without a root authority but rather with federated authority similar to the ideas in BitCoin.
- Various federated identity approaches already exist for different use-cases, using mechanisms like OAuth and SAML.
- Various experiments in using P2PTV video streaming technology exist, where the video stream is sourced from nearby users rather than always from a central provider.
- And of course there are many P2P file distribution systems, as well as the GNUNet framework project..
One of the supposed strengths of centralised systems is that there is a single entity with which to establish trust. By contrast, the lack of a trusted party in non-centralised systems means trust must instead be placed in the algorithm behind the system. Key trust indicators include the software being open source from an open-by-rule community, the use of openly-evolved open standards, the use of strong encryption using open and mature algorithms, the use of distributed data stores, and the use of proof-of-work systems to deter gaming.
Is this the future of infrastructure networking? Are there important projects missing from the list above? I'm keen to know.