Re: Web Identity specification and Social Web from Mike Macgirvin on 2014-03-06 (public-fedsocweb@w3.org from March 2014)

From: Mike Macgirvin <mike@macgirvin.com>
Date: Fri, 07 Mar 2014 06:52:29 +1100
To: public-fedsocweb@w3.org
Message-ID: <5318D1FD.40300@macgirvin.com>

On 3/7/2014 12:13 AM, Melvin Carvalho wrote:
> IMHO, we dont need to touch the cert ontology, if that's going to be a 
> barrier.  But defining identity well is important, something where 
> other groups have not done well.  e.g. Persona dont use URIs, 
> OpenID/OAuth didnt use URIs for a long time (ie XRI dependencies) but 
> now are more aligned to mailto: and http: URIs.
My problem with URIs - and I've brought this up before, is the way they 
are mapped onto the DNS system. They have no mobility if for instance 
you tire of juicebook.com and decide to go with griggle.com. Or you've 
got a decentralised service using sporepod and your server admins shut 
down because they can't pay the bills. DNS is fine for systems and 
internet connected devices, but systems and internet connected device do 
not map  perfectly to people (or in this case "identity" since I see 
identity as a superset of "people". What we did in zot was separate DNS 
from the identity. They work fine as a pair. But you can take the 
identity and attach it to a different URI and the identity still works.

There *could exist* a URI scheme where these are separate URI components 
which combine to make an "addressable identity" and where the identity 
component isn't tied to a DNS name (and in fact we do this today in red, 
though there is currently no scheme attached to the identity bits). 
However I reject solutions which lock me into a particular vendor or DNS 
domain - as the solutions currently being bantered about tend to do.  
The solution do jour for this mobility problem is to be able to take 
your identity and export/import to another service or DNS site. But 
we've got a bigger problem on our hands with this method, because you 
are no longer the same identity if your identity is tied to the DNS 
name. Any information on the web which refers to your old identity has 
to be corrected; and this could be replicated in millions of places - 
account lists, access control lists, tagged photos, etc.

Received on Thursday, 6 March 2014 19:53:03 UTC