Re: Web Payments Telecon Minutes for 2014-03-19

On 20 March 2014 02:42, Manu Sporny <msporny@digitalbazaar.com> wrote:

> On 03/19/2014 07:47 PM, Melvin Carvalho wrote:
> > Thanks for the minutes and blog post, I'm trying to understand the
> > telehash dependency better.
>
> The purpose of Telehash is to map an email address to one or more
> identity service URLs (which bootstrapts the identity credentials
> exchange process). For example:
>
> melvin@example.com -> https://idp.securemelvin.com/identities/
>                       https://idp.opengames.org/i/
>                       and so on...
>
> Since you're querying a DHT for the mapping, you need to protect the
> information so attackers can't map evil IdPs to melvin@example.com. The
> best way to do this is to use a passphrase or perhaps a
> passphrase-derived private key.
>
> > Is the use case that a user types in an email address into a form,
> > and you wish to get an HTTP URL from that?
>
> More or less, yes, but in a way that allows any IdP to claim their email
> address as long as a proper user-supplied passphrase is provided.
>
> > Something wasnt 100% clear for me from the blog, might the user also
> > need a 15 character password.
>
> They need a passphrase because that passphrase is the only thing sitting
> between them and a DDoS on their email address to IdP URL mapping.
>
> You can think of Telehash as a decentralized-with-mirroring-of-data
> replacement for WebFinger.
>

Got it thanks.  Re: decentralized-with-mirroriing-of-data replacement for
WebFinger.  You may also want to look at

http://webfist.org/

A similar concept, but it does not support JSON LD tho.


>
> -- manu
>
> --
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: The Worlds First Web Payments Workshop
> http://www.w3.org/2013/10/payments/
>
>