Decius wrote: Yes. I've wanted to see something like this for quite some time. This sounds very similar to the sort of system I've envisioned. However, I need to read the spec in detail and see if this was implemented properly.
Having now examined the basics -- no analysis, just understanding what they are trying to do -- it seems sound but not as far reaching as what you are talking about. That is deliberate. This is just a small but well-considered step forward. 2. FOAF sucks. How does the new site actually get meaningful bio information about me when I create my account using this system? This seems like a more important problem to solve. We've been thinking of making a bunch of extensions to foaf here, but we've got a lot of other work to do.
This is not what this system addresses. It is a step in that direction. What it addresses is just this: I wish to comment on a site that I do not have an account on. Rather than make an account -- yet another identity, etc -- OpenID would let me log into the site with my identity from another site. All that is established is that I am the controller of a url that I specific to authenticate me. This is a very weak guarantee, but with this one can extend to greater things. It is very similar to the PGP-Signed Comments idea. Enable the preservation of identity across CMS systems. An example of how I see this working. If MemeStreams ran an OpenID server You (Decius) decide to respond to Brad's LiveJournal announcement. Rather than create a JiveJournal account -- a blog, etc -- you log in as www.industrialmemetics.com (as listed in your about page here). LiveJournal checks out that page, and determines that you are who you are if MemeStreams says you are. You log in to MemeStreams, and authorize the MemeStreams' OpenID server to validate your id to LiveJournal. LiveJournal marks your comment as Decius of MemeStreams, or Industrial Memetics, or whatever. If MemeStreams accepted OpenID Presumably some of my friends read my memestreams feed on LiveJournal. If they want to comment, however, they either have to join MS or post anonymously. Both has consequences. Easier if they could just say who they are. If OpenID is exploited Someone gets to post to MemeStreams under an identity with no reputation. I can log in under any domains or URLs I may have control of. If it is a problem, you keep a list of valid -- or invalid -- OpenID authentication server and discard the rest. Overall consequence: Does not prevent spam. Does not provide structured mechanism for account creation. Does not enable e-commerce. Does not make toast. Does not overcommit. 3. Email verification. Will LiveJournal validate that they have verified the users email address? Can I trust them?
As they say on openid.net, this is not a trust system. It is just the first step. It makes netizens' lives easier in consolidating the number of identities they need to maintain. But it seems like something MemeStreams should support, for the scenerios above. RE: news: OpenID support |