Leveraging XRDS, OpenID, OAuth and Portable Contacts this should be doable. Here is a graphic and flow.

- Paul logs into his SocialStream collector (with his OpenID)
- The SocialStream collector discovers Paul's PortableContacts service (via XRDS)
- Paul authorizes his SocialSteam collector to access his's PortableContacts service (via OAuth)
- The SocialStream collector asks Paul if he wants to subscribe to any of his contact's activity feeds (retrieved from the Portable Contacts service)
- Paul selects his friend George
- The SocialStream collector uses the identifier(s) for George to discover George's activity service (via XRDS discovery)
- The SocialStream collector subscribes to George's activity service
- If subscribing to a public feed, no other information is needed
- If subscribing to a protected feed, then OAuth can be used to determine if Paul is allowed access to the feed
- Membership determination can leverage Portable Contacts tags as described here