Re: Browser ID

On 7/16/11 10:15 PM, Ben Adida wrote:
> On 7/16/11 9:13 AM, Kingsley Idehen wrote:
>> But everyone has a public profile courtesy of Twitter, Facebook, Google,
>> Microsoft etc.. All of that before we get to FOAF.
>
> That's not true, and it's certainly not something I want to encourage 
> becoming more true.

Okay, everyone with a Twitter, Facebook, Google etc. account has a 
profile. Not necessarily a high semantic fidelity structured profile. 
They have profiles. Then can even extend those profiles albeit via APIs.

Beyond the above, anyone can make an HTML with a collection of <link/> 
based entries in <head/> that handle critical relations such as 
associating a handle (name) with a public key. The only thing that's 
missing is an IANA based @rel for naming the relation.

>
>> Privacy is about self calibration of one's vulnerabilities.
>
> Including being able to log into a web site without ever having a 
> public profile.

Let's not get hung up on "profile" having a mailto: URI implies presence 
in a data space. Email doesn't exist in a vacuum.

>
> I have a feeling we're going around in circles.
>
> So let me suggest something else: why not base WebID on BrowserID? 

That's back to front.

Why not let BrowserID work with a email verification protocol that's 
down to protocol implementers. Thus, if they choose to implement said 
verification protocol via Webfinger or Webfinger+WebID or anything else, 
so be it. The only requirement is that BrowserID works with resolvable 
mailto: scheme URIs. The matter of resolution is left to implementers.

> You can WebFinger the email address, find the profile, and bootstrap 
> anything else you want on top of that profile.

Again, the other way around :-)
>
> Since it's clear that everyone has an email address, but not everyone 
> has a public profile, that direction makes more sense, I think.

No, how about: since everyone has an email address and said address is 
really a mailto: scheme URI, make BrowerID resolvable URI friendly. 
Basically, as stated above, leave resolution to implementers. You 
achieve this by working with an email verification protocol that leaves 
implementers to handle the actual process of verification. Just undo 
your desire to drop Webfinger and I think we are set.

>
> -Ben
>
>


-- 

Regards,

Kingsley Idehen 
President&  CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen

Received on Saturday, 16 July 2011 23:14:04 UTC