Re: Federation protocols

On 1 June 2013 11:08, Jonas Smedegaard <dr@jones.dk> wrote:

> Hi all, Jonas from Debian here,
>
> Quoting Mikael Nordfeldth (2013-06-01 08:47:59)
> > 2013-06-01 07:57 skrev Michał 'rysiek' Woźniak:
> > > Exactly. I think using URI (with an optional "username@" part) as
> > > UID makes sense and doe snot tie us to DNS. Think of the TOR network
> > > - nothing is stopping anybody from using 'user@example.onion' as an
> > > UID, and that is *completely* outside the DNS hierarchy. The "shape"
> > > of the UID doesn't mean it is anchored in the current DNS system.
> >
> > I am curious here how one would verify - and correctly correlate to
> > others in a network - the identity of a federated user if they had a
> > purely human-assigned string such as blah@blaha.bla
> >
> > I wish to argue (and Diaspora had somewhat the same idea I think?)
> > that the real identity should be a more definitive - more computery -
> > identifier string. Otherwise it will not be truly portable (avoiding
> > collisions in a global namespace). One tried and true solution for
> > this are GPG identities, which may be combined with WebFinger or
> > whatever other lookup process/service/protocol.
> >
> > I.e. as long as I control the domain "hethane.se" I can setup an ID
> > pointer there for mmn@hethane.se to address GPG fingerprint AE68 9813
> > 0B7C FCE3 B2FA 727B C7CE 635B B52E 9B31 - and then something which
> > negotiates this with any feed subscribers in a cryptographically
> > verifiable way.
> >
> > Then I could, say, have an "alias" for my account at a webfingerish
> > lookup at my account on "mmn@freesocial.org".
>
> I would argue that only identifier need be interoperable - verification
> of identifier can happen differently on each subsystem.
>
> Some want public recognition and therefore public verifiability, while
> others want the very opposite: resistence against tracking.
>
>
> > This'd also give content privacy by encrypting to friends' public
> > keys. However it would not really address the identify-by-source
> > issues that may be of concern to some. (i.e. that the network may know
> > that two individuals are communicating, despite not knowing the
> > content)
>
> Exactly! Let's settle on common identifier but leave verification to
> each implementation or to overlay systems like [Monekeusphere].
>

+1

So to have interoperable identifiers you need something like:

<scheme name> : <hierarchical part> [ ? <query> ] [ # <fragment> ]

Essentially the URI was designed for this purpose.

http://en.wikipedia.org/wiki/URI_scheme

This seems to be the only way to include everyone that wants to
participate.  Any system that does not use interoperable identifiers (due
to name clashes) can be made inteop by adding the appropriate hierarchical
part or scheme, when it comes to communicating with other systems.

Pretty much every known standard adhere's to this system, and new URI
schemes can be minted on request.

I would suggest this for a best practice document.


>
>
>  - Jonas
>
> [Monkeysphere]: http://web.monkeysphere.info/
>
> --
>  * Jonas Smedegaard - idealist & Internet-arkitekt
>  * Tlf.: +45 40843136  Website: http://dr.jones.dk/
>
>  [x] quote me freely  [ ] ask before reusing  [ ] keep private
>

Received on Saturday, 1 June 2013 11:04:43 UTC