Re: IndieAuth, was Re: W3C - Social Web Working Group

On 7/21/14 1:32 PM, Sandro Hawke wrote:
> On 07/21/2014 01:18 PM, Anders Rundgren wrote:
>> On 2014-07-21 18:39, Melvin Carvalho wrote:
>>>
>>>
>>>
>>> On 21 July 2014 18:29, Anders Rundgren 
>>> <anders.rundgren.net@gmail.com 
>>> <mailto:anders.rundgren.net@gmail.com>> wrote:
>>>
>>>     On 2014-07-21 18:23, Sandro Hawke wrote:
>>>
>>>         On 07/21/2014 12:20 PM, Anders Rundgren wrote:
>>>
>>>             By pure accident I found this:
>>> http://www.w3.org/Social/WG
>>>
>>>             Anders
>>>
>>>
>>>
>>>         It's also being announced on the front page, w3.org 
>>> <http://w3.org>, and in various
>>>         media, today.
>>>
>>>                 -- Sandro
>>>
>>>
>>>
>>>     It doesn't appear that WebID is a part of this effort.
>>>
>>>     This is somewhat strange because a Social Web without a login 
>>> seems like a moderately clever idea.
>>>
>>>
>>> You need to have a paradigm shift, that webid is nothing to do with 
>>> login.
>>
>> Apparently not.  We are going to build the decentralized Social Web 
>> on Facebook Connect then?
>> This seems at odds with at least one of the Chair's missions:
>> https://www.youtube.com/watch?v=HNmKO7Gr4TE
>>
>
> The point is that identity is separable, and so it has been 
> separated.    Otherwise it would be too big a piece of work for one WG.
>
> Your oblique mention of Tantek reminds me, I don't know if this group 
> has ever talked about the solution he's currently endorsing, IndieAuth:
>
>     https://indieauth.com/
>
> It's fascinatingly minimalist.
>
>         -- Sandro

Hmm..

What happens when you don't own a domain?

I say that because of this opening excerpt:

"IndieAuth is a way to use your own domain name to sign in to websites." .

In my world view, anyone should be able to construct digital identity 
without any infrastructure dependency (or points of control) such as:

1. domain name ownership
2. domain name server access and admin privileges
3. HTTP server ownership
4. HTTP server access and admin privileges.

Today on the Web, there are a plethora of storage providers. These 
providers offer cloud storage via a variety of HTTP based APIs. Thus, it 
is now possible (unlike any time in the past) for end-users to take full 
control of their identity modulo any infrastructure traps.

Note, those cloud services mentioned above aren't the end of the story 
since anyone can perform the following:

1. copy from the storage back to local storage -- good old backups
2. encrypt data at rest -- none of the services can stop you saving 
encrypted content
3. if working with RDF based Linked Data, simply look to relative HTTP 
URIs for entity denotation.

As with all human endeavors, attempting to hold down humans beings is a 
temporary endeavor at best, it never scales.

-- 
Regards,

Kingsley Idehen 
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog 1: http://kidehen.blogspot.com
Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen
Twitter Profile: https://twitter.com/kidehen
Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen
Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this