The fs looks like this

/public
/private
/contacts
/chans/#9me
       #socialfs
/circles/work
         familly
         friends
/status 

The fs maintains his own list of know users (go9p supports that). Authentification is done with rsa keys. The rights on the files and folders are different depending if you are mounting your own socialfs or the socialfs of one of your contacts.

• public is of type Chat, everybody should have read and write permissions on it. If you want to speak publicly to someone, mount his socialfs and write to his public. See this as a "wall" in facebook
• private is of type Chat also, you can only write to it. Except if you mount your own socialfs, in this special case you can read incoming private messages from your contacts
• contact When read, contact prints the list of your contacts, this means their nick in your file system plus their public key plus the circles they belongs to. When written, it can be used to add a new contact to your own socialfs, or to suggest a new contact to a socialfs whom the owner has given write permissions to others
• chans/ Contains files of type Chat, use touch to create a chan, read and write have the same behaviour as public
• circles/ is used to manage circles of contacts. Use touch to create a new circle. Writing to a circle could be redirected to each private of your contacts belonging to this circle. But I don't know if it is a good idea yet. Also, reading a circle could return a merge of all your contact's public (only their own messages though)
• status is used to share your status with others. You can write to it if you've mounted your own socialfs, and everybody can read it.

First:

• Understand why golang cannot read certificates generated by plan9port, run factotum, then use srv to post a pre-authenticated session, and mount it with 9pfuse
• Manage users and permissions, treat user as admin if his private key match the server certificate

• http://plan9.bell-labs.com/wiki/plan9/Using_ssl/index.html
• https://groups.google.com/d/topic/golang-nuts/Fbs4ZHXMyE0/discussion (this guy were right, I signed my certificates with my own CA and now it works)
• http://www.g-loaded.eu/2005/11/10/be-your-own-ca/
• http://mirtchovski.com/p9/py9p/

An exemple of p9sk authentication (we don't want that):

• http://www.www.9paste.net/qrstuv/factotum.go a factotum lib to communicate with factotum
• http://www.www.9paste.net/qrstuv/reflectfs.go reflectfs without auth
• http://www.9paste.net/none/732-513-4043 reflectfs with auth