FOAF includes a method for autodiscovery but it's limited to web pages. By including a certain meta tag in the markup for my homepage or weblog, people and various web spiders can find out the HTTP URI for my FOAF file and thus discover more about me. This is good.
Now consider autodiscovery on the Jabber network. If I publish my FOAF data to a well-defined service discovery node at my "bare JID" (i.e., the user@host of my basic Jabber address rather than the user@host/resource of a specific connection), any other entity on the network could discover my FOAF info. So let's say someone named Alice joins the Jabber network by registering a free account on one of the public servers and adds her friend Bob to her roster. Alice sends a FOAF-discovery request to Bob's JID and discovers that I'm in Bob's roster. Alice then sends a FOAF-discovery request to everyone who is identified in Bob's FOAF data with a "foaf:knows" relationship. Alice then discovers that she and I have a mutual interest in Duke Ellington and sends me a Jabber message to say hi. Perhaps she also discovers from my FOAF data that I'm a member of some Duke Ellington mailing list or social networking group she's never heard of and decides to join up. Perhaps she subscribes to my presence and then sends a FOAF-discovery request to everyone in my roster, thereby finding someone else who loves the music of the Duke who also happens to be based near her, thus leading to more chat conversations and a date to meet at a local jazz club next week. The fun thing about FOAF over Jabber is that this all could happen fast (they don't call it instant messaging for nothing).
I hear that little voice inside your head asking: what about spim? (That's "IM spam" for those of you who don't follow the latest neologisms.) Isn't this a spammer's dream come true? Not necessarily. For one thing, the Jabber protocols provide the ability to perform server-side blocking of messages and other Jabber communications based on JID, so you could block communications from everyone except those in your roster. Second, it's quite hard to spoof Jabber IDs, so it's not as if someone else could easily masquerade as Alice, which makes contact lists a lot less juicy than they are in the email world. I'm not saying we have the problem of spim licked, but I don't think FOAF-discovery would make it much worse. Granted, eternal vigilance is the price of the freedom to communicate, so we need to be on the lookout for signs of incipient spammage in the Jabber world. But I think the potential benefits of seamless autoidiscovery are worth the risks.
The conversation continues...