I'm on Facebook, but I don't love the service. I joined when my former girlfriend begged me to join, and now I stay on it since some good friends of mine locally continue to use it to plan events. Otherwise using it as an address book is the only truly useful thing for me.
Considering I could just tell me friends to email me or use Google Calendar to mail out event details, that just leaves Facebook's address book data as the truly useful thing for me. How could it be replicated in such a fashion as to not have a single entity controlling all of that information?
The first trick is listing your contacts. That part is easy thanks to XFN (although I subscribe to Chris Messina's idea of only using rel-me and rel-contact). And how does someone denote the fact that they would want to allow for their info to be made available to you? Well, they just link back to use as a contact as well. Now you have information available specifying whose contact info you care about and whether you should be allowed to access their information thanks to the social graph. And there is some redundency in there in case people list different URLs for the same person as the level of connectedness in the graph would be able to judge how sure you were that various URLs pointed to the same person.
Great, but then how do I actually control that access in a pull fashion? Well, what if people used their OpenID to make the request for your conact info? Their OpenID URL could be used to query the social graph to see if it matched any of the friends you had specified. If it matched then you would allow for your personal data to be returned in the request, otherwise it would be denied. And once again, using the link strength in the social graph would prevent spoofing in case you didn't list someone's OpenID as their identity.
Now I think this is similar to what the Portable Contacts people are trying to do, although I think I am suggesting a different approach to discovering who your friends are. Plus they have thought this through enough to write a spec while I have thought about it enough to simply write a blog post.
It seems to me that in order to get any huge uptake in something like this, especially if the mechanism is to be provider-agnostic, will require dead-simple ease-of-use. And what is simpler than listing a bunch of URLs to your friends' blogs? And that even plays into the whole OpenID thing since so many blogs are people's OpenID as well.