internet wide unique identifier
tyler gillies
md5sum (or some other kind of hash) a person's email address and then create an xmlns schema to include include in a feed to say that person authored the feed.
the biggest problem i see with open web communication is that theres no way to link feeds to users outside the of the scope of the service that the feed resides on.
something like
<author>
<emailhash xmlns:"http://somesite/emailhash/version1" identifier="d76f53e4acf764b7a9c77cfb58493f00">
</author>
--
Everyone Loves Tea
http://www.everyonelovestea.com
Stephen Paul Weber
Hash: SHA256
Somebody claiming to be tyler gillies wrote:
> What do you guys think of this idea?
We have internet-wide UIDs already, operated through registries. They are
called URIs. schemes are registered, and then the scheme designer decides
how sub-parts are to be registered (such as HTTP using DNS through ICANN,
URN:ISBN using the ISBN registry, etc).
- --
Stephen Paul Weber, @singpolyma
Please see <http://singpolyma.net> for how I prefer to be contacted.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQIcBAEBCAAGBQJLn9v1AAoJENEcKRHOUZzeliMP/0GGZ8gu6zeho5j93j3qWMFA
o/uwNBLmn8zyPPXbHi2b0Zzta8KV+EGlUukeyHKA935vX/Bt6wI0qcABz1H9+1pG
uksBtrOF4nP5YZPJMINodoylABVVRIUB1ESQYCyWmyMEH5JXM5r4gNSBVxPS1R/X
OahHWXULzrsypbqrrrs3r3rO0jmeFBA9D219mmnkrRO5mC76g4tOCj78gxqpiPo9
ARvO5Ynyw0BST8TzxaXC+cIzCJKsFLexTQHG/Uh0xLFFMCvazYvo9EI6bMEChwR6
AGAp7TiVi+xUTtP97uQqAI6dpNMLyPcsyK6+IxdAhzkWdenCxuwWVmYrp50sQrFC
J6QDS+L383O6WMwx3HMcG3B4hXs6drNsEuBYU1aE1mUQUBkQzHladBQsJMAKMJJA
Sdjoe4c3M3vWf3Le47oIHq4EHXMJv07YlOBV+8TewK0ceAa8Yfj1gTdZAKdligg3
vrf/djorJi3SlBCesItxThp26PnntjrW8nuzIXKNz7ZcnbcfEo7Y54Cg6kl11QzU
gyDCX0mWcgtIIcpbEbwg+3g2nykeFvDVD+XBXggxtB9DveKIpJilZh8WGLWeYLrR
WCqu3psOUbg8ReHJ7HoCwmWi5dd5cnt2VZX55VoHGHtI3pxaELVpngMm0eYWO30D
Ho/idBaTEu+35ivVhsGf
=LPX5
-----END PGP SIGNATURE-----
Melvin Carvalho
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Somebody claiming to be tyler gillies wrote:
> What do you guys think of this idea?
It's possible to mine an email address from the md4 ro sha1sum, just take <nick>[0-9]+@hotmail|gmail|yahoo etc. and are reasonable % of the time you'll have cracked the email address
We have internet-wide UIDs already, operated through registries. They are
called URIs. schemes are registered, and then the scheme designer decides
how sub-parts are to be registered (such as HTTP using DNS through ICANN,
URN:ISBN using the ISBN registry, etc).
Well, yes.... :)
- --
Stephen Paul Weber, @singpolyma
Please see <http://singpolyma.net> for how I prefer to be contacted.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQIcBAEBCAAGBQJLn9v1AAoJENEcKRHOUZzeliMP/0GGZ8gu6zeho5j93j3qWMFA
o/uwNBLmn8zyPPXbHi2b0Zzta8KV+EGlUukeyHKA935vX/Bt6wI0qcABz1H9+1pG
uksBtrOF4nP5YZPJMINodoylABVVRIUB1ESQYCyWmyMEH5JXM5r4gNSBVxPS1R/X
OahHWXULzrsypbqrrrs3r3rO0jmeFBA9D219mmnkrRO5mC76g4tOCj78gxqpiPo9
ARvO5Ynyw0BST8TzxaXC+cIzCJKsFLexTQHG/Uh0xLFFMCvazYvo9EI6bMEChwR6
AGAp7TiVi+xUTtP97uQqAI6dpNMLyPcsyK6+IxdAhzkWdenCxuwWVmYrp50sQrFC
J6QDS+L383O6WMwx3HMcG3B4hXs6drNsEuBYU1aE1mUQUBkQzHladBQsJMAKMJJA
Sdjoe4c3M3vWf3Le47oIHq4EHXMJv07YlOBV+8TewK0ceAa8Yfj1gTdZAKdligg3
vrf/djorJi3SlBCesItxThp26PnntjrW8nuzIXKNz7ZcnbcfEo7Y54Cg6kl11QzU
gyDCX0mWcgtIIcpbEbwg+3g2nykeFvDVD+XBXggxtB9DveKIpJilZh8WGLWeYLrR
WCqu3psOUbg8ReHJ7HoCwmWi5dd5cnt2VZX55VoHGHtI3pxaELVpngMm0eYWO30D
Ho/idBaTEu+35ivVhsGf
=LPX5
-----END PGP SIGNATURE-----
--
You received this message because you are subscribed to the Google Groups "Open Web Foundation Discussion" group.
To post to this group, send email to open-web...@googlegroups.com.
To unsubscribe from this group, send email to open-web-discu...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/open-web-discuss?hl=en.
tyler gillies
the point is, you create an identifier that's unique to you, that links your data to your identity across all sites. it would be easy for pre-existing services to implement because 90something percent of all webapps already have your email.
tyler gillies
my plan was to get an IETF spec that was the defacto way to identify a user so that we can have continuity across every site
you can pick an arbitrary URI, but that kinda defeats the whole purpose
--
You received this message because you are subscribed to the Google Groups "Open Web Foundation Discussion" group.
To post to this group, send email to open-web...@googlegroups.com.
To unsubscribe from this group, send email to open-web-discu...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/open-web-discuss?hl=en.
Henry Story
On 16 Mar 2010, at 21:00, tyler gillies wrote:
> yeah so you explained what a URI is.
>
> my plan was to get an IETF spec that was the defacto way to identify a user
> so that we can have continuity across every site
Just take any URL. Put a foaf document there. And voila!
One of mine is http://bblfish.net/#hjs
You can run rapper from redland on it
$ rapper -i rdfa http://bblfish.net/#hjs -o turtle
And find out that it refers to a person, my email address, my public key, etc, etc..
Henry
>> open-web-discu...@googlegroups.com<open-web-discuss%2Bunsu...@googlegroups.com>
Peter Saint-Andre
> my plan was to get an IETF spec that was the defacto way to identify a
> user so that we can have continuity across every site
Jeremie Miller came up with this a while back:
http://tools.ietf.org/html/draft-miller-microid-01
But it's different across sites.
Peter
tyler gillies
if your domain expires, your system breaks.
with a generated hash there is no dependency on a web host
rajub...@googlemail.com
Doesn't foaf give you the ability to encrypt email addresses within the foaf file? I think so...
------------------------
tyler gillies
Melvin Carvalho
So we are back to foaf! Good concepts seem to stick around.
Doesn't foaf give you the ability to encrypt email addresses within the foaf file? I think so...
Yes and no it has the foaf:mboxsha1sum which has the weakness described:
Making variables global is a very interesting idea, it's something that timBL talked recently
When you make variables global in some languages they fall apart
Make them global in hypertext and you get the web
Perhaps you could add
make your userid global and you get FOAF or OpenID (I think the frist OpenID/Yadis was loosely based on FOAF anyway)
make a cookie glbal and you get OAuth (well I may be stretching things a bit there)
But use your imagination and interesting things happen ... :)
Henry Story
On 16 Mar 2010, at 21:44, tyler gillies wrote:
> foaf seems too verbose.
what's verbose about http://bblfish.net/#hjs ?
> why not just have a single identifier?
That's a single identifier. It a Universal Resource Identifer in fact. By definition it can only refer to 1 thing.
> only make
> things as complicated as they need to be is my thinking on this on
Indeed nothing could be simpler. The whole web is built on this, that's how simple it is.
rajub...@googlemail.com
------------------------
tyler gillies
Henry Story
On 16 Mar 2010, at 21:29, tyler gillies wrote:
> That requires a lookup. im not talking about a webfinger-esque protocol.
> just a simple identifier.
> if your domain expires, your system breaks.
> with a generated hash there is no dependency on a web host
This is the simplest possible lookup. An HTTP GET. The whole web is based on that, and it's been around for 20 years or so. Sure things sometimes dissepear, as things do. But that you will have with any protocol or lookup system.
Here it is easy to link to other identifiers. So for example below you will see a number of owl:sameAs links. One identifier links to 2 other identifiers, with claims of identity. If one day one of them would go down, you could check the others too...
$ rapper -i rdfa http://bblfish.net/#hjs -o turtle
rapper: Parsing URI http://bblfish.net/#hjs with parser rdfa
rapper: Serializing with serializer turtle
@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
@prefix : <http://www.w3.org/1999/xhtml> .
@prefix cert: <http://www.w3.org/ns/auth/cert#> .
@prefix foaf: <http://xmlns.com/foaf/0.1/> .
@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix rsa: <http://www.w3.org/ns/auth/rsa#> .
@prefix dc: <http://purl.org/dc/terms/> .
<http://bblfish.net/>
dc:conformsTo <http://www.w3.org/TR/rdfa-syntax> ;
a foaf:PersonalProfileDocument ;
<http://www.w3.org/1999/xhtml/vocab#icon> <http://bblfish.net/favicon.ico> ;
foaf:primaryTopic <http://bblfish.net/#hjs> .
<http://bblfish.net/#me>
owl:sameAs <http://webid.myxwiki.org/xwiki/bin/view/XWiki/hjs#me> ;
foaf:blog <http://bblfish.net/blog/>, <http://blogs.sun.com/bblfish/> .
<http://bblfish.net/#hjs>
owl:sameAs <http://bblfish.net/people/henry/card#me> ;
foaf:aimChatId "unbabelfish" ;
foaf:mbox <mailto:henry...@bblfish.net> ;
foaf:name "Henry Story" ;
foaf:openid <http://bblfish.net/> ;
foaf:phone <tel:+15109315491>, <tel:+33970448664> .
[]
a rsa:RSAPublicKey ;
cert:identity <http://bblfish.net/#hjs> ;
rsa:modulus """9D ☮ 79 ☮ BF ☮ E2 ☮ F4 ☮ 98 ☮ BC ☮ 79 ☮ 6D ☮ AB ☮ 73 ☮ E2 ☮ 8B ☮ 39 ☮ 4D ☮ B5
26 ✜ 68 ✜ 49 ✜ EE ✜ 71 ✜ 87 ✜ 06 ✜ 32 ✜ C9 ✜ 9F ✜ 3F ✜ 94 ✜ E5 ✜ CB ✜ 4D ✜ B5
12 ☮ 35 ☮ 13 ☮ 69 ☮ 60 ☮ 81 ☮ 58 ☮ 79 ☮ 66 ☮ F3 ☮ 79 ☮ 20 ☮ 91 ☮ 6A ☮ 3F ☮ 42
5A ✜ F6 ✜ 54 ✜ 42 ✜ 88 ✜ B2 ✜ E9 ✜ 19 ✜ 4A ✜ 79 ✜ 87 ✜ 2E ✜ 62 ✜ 44 ✜ 2D ✜ 7C
06 ☽ 78 ☽ F8 ☽ FD ☽ 52 ☽ 92 ☽ 6D ☽ CD ☽ D6 ☽ F3 ☽ 28 ☽ 6B ☽ 1F ☽ DB ☽ CB ☽ D3
F2 ☮ 08 ☮ 34 ☮ 72 ☮ A2 ☮ 12 ☮ 75 ☮ AE ☮ D1 ☮ 09 ☮ 17 ☮ D0 ☮ 88 ☮ 4C ☮ 04 ☮ 8E
04 ☾ E5 ☾ BF ☾ D1 ☾ 41 ☾ 64 ☾ D1 ☾ F7 ☾ 89 ☾ 6D ☾ 8B ☾ B2 ☾ F2 ☾ 46 ☾ C0 ☾ 56
87 ☮ 8D ☮ B8 ☮ 7C ☮ C6 ☮ FE ☮ E9 ☮ 61 ☮ 88 ☮ 08 ☮ 61 ☮ DD ☮ E3 ☮ B8 ☮ B5 ☮ 47 ♥
"""^^cert:hex ;
rsa:public_exponent "65537"^^cert:int .
Steve Repetti
Wow! Great article. Thanks for posting!
--Steve Repetti
Stephen Paul Weber
Hash: SHA256
Somebody claiming to be tyler gillies wrote:
> my plan was to get an IETF spec that was the defacto way to identify a user
> so that we can have continuity across every site
>
> you can pick an arbitrary URI, but that kinda defeats the whole purpose
If the identifier is just going to be unique and opaque, then how does
reuing existing ones defeat the purpose?
- --
Stephen Paul Weber, @singpolyma
Please see <http://singpolyma.net> for how I prefer to be contacted.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQIcBAEBCAAGBQJLn/2JAAoJENEcKRHOUZzeiyEQAKCeVRUP95W1QWdC73bvi6dT
wD74gLIGc1GbUaU6QFQBK566N62kmplxZ/t0p+VWKE3YmdF15xdGMGJltPwKF5/p
nRnFK5Bd7kOsLe80A8DdE4SijPl/hpTxQVU2Pa9XDsthO5t/K8BndEm+HQ03UcUx
QcbcQ4n5KKzZg/GnanKW4OluLQygOGi8QCLPYzMMNHiAvKpVOYngPg4d/VspxKWI
2vLEurVSGgkDunYTHKZ0N23Mms7ovrti2v0ycWlW/vlEMRot6S/mi6gTQRrw611u
MQ+H5tBableGjxzMuVIlwhbm4NpZTFMCUTK0uNa/t1ES6oQFeUs62cZKCWlfKATp
QrIbV8M24JJwpnol9xpXxY+vPMrrZ3wg4Tu+W6kl2VYoofnAruBSiIRtT/8lY+dR
D6Rqixe78sMKSbQ6Z0qlrNm9yIgCYKyfywxJBldj230jXCd2umx3zLlIgml2eXeM
rgIQxJVIM9fwVkdbM0ZXv1OotS15aGq43OMD6XYQ6jw9BGz3BKPIsMXWOGiMhtDn
NvIW4I6nReteC1dn64DJTPwDctqg2p8EuZz1L387Dcr3KcRWQsFug9UkEpTk1AJC
i5c+PeWkrNg/bncpewd0TX7sWA4CwarlV9Jt3WC0FTYruWXY69CPjlQ8r7xX4eEG
+o0zzzUHFk8USi4iGSAp
=1zfd
-----END PGP SIGNATURE-----
Stephen Paul Weber
Hash: SHA256
Somebody claiming to be tyler gillies wrote:
> That requires a lookup. im not talking about a webfinger-esque protocol.
> just a simple identifier.
> if your domain expires, your system breaks.
If your email address changes, a hash of it is no longer great either.
That's part of what I like about just using URIs, you can choose them to be
as stable (ISBN) or unstable (acct:/maito:) as you want.
- --
Stephen Paul Weber, @singpolyma
Please see <http://singpolyma.net> for how I prefer to be contacted.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQIcBAEBCAAGBQJLn/4JAAoJENEcKRHOUZzevfgP/3micnHUYtOLS2TOY2Q46BKV
Pu5yYmqin53SmzeSgeVKFXzxvHAPmYPKN40snszweqaSHhruzbNLcEKp3EP6T6fH
bKDEroyx+OFBdDG8rBigcci32ItjKw4hRaBILuTK5F51ckFxbxLKUu2wx95L4vbp
bkYZs01t6eZYctiIHGMKL1puzZIEzgkexK6I3feA1PL6zeHCOqY7TcU0+yJbCWkW
ORmzcjmBz5DD79YjnMUsxAQQGpUtFpVopvKwGa17UJW9tdSS615bGxPMEQA+wRlQ
muXeRyZDJpVJrlAjSp+8liWmPoEsSDpDAfQqCgrZQ104WF4j0GlaI87etu9i9toW
/I03GtV5Z6p7PioRlkZHA5QJejdNj4J7Y4qzsRPf9S33XNaTKbLsqsLQGrwTNpFH
+HnbdA1VZTtO+IPUNmDFbuITOFcXrQS1ZcfHCClD7e/HuSIVIpHmiSbXXj5enbgp
pOm0roMp68olvXlEVS63uE82/ER4TxOX3PMxeH4M4GEc9dDE3wP87NvvFEZhsQ2G
XirtgQ/+DAtFRPPahhod6iJCziWvhD4KrSTUCFULFeGpY5BxCsLGx7iv1rWqxI01
/SC5GECGRCJ9XerZaHSpPXZGefI1ph/Z9qI/0AJezMryif8JjH1ddZOvclakLrIl
IJWhtS9j8C8wrUv0Kx1H
=ZmZv
-----END PGP SIGNATURE-----
tyler gillies
-----END PGP SIGNATURE-----
--
You received this message because you are subscribed to the Google
Groups "Open Web Foundation Discussion" group.
To post to this group, send email to open-web...@googlegroups.com
For more options, visit this group at
Joseph Holsten
Mark Essel (@victusfate)
Great points Joseph.
Tyler -> you want a web page to be connected to a unique personal ID?
Collaborative URIs too right?
If there's not an issue of security (some nations would use this type
of identifier against their people)
So let's presume an opt in, this is me identifier that gets put into
an HTML header. How do we idntify ourselves outside of the net?
Usually by other people we trust (trusted ID sites), and state and
federal IDs (license and Social security numbers). Companies often ask
our mother's maiden name, physical address, etc.
So to know that me or you wrote a page we could potentially use
several authentication methods.
Trust, ID, other information (I like pointing to other URLs that point
back)
interesting question, the founding fathers had it easy. They'd just
sign paper, sometimes under pseudonyms..
Karl Dubost
Le 16 mars 2010 à 14:54, tyler gillies a écrit :
> md5sum (or some other kind of hash) a person's email address and then create an xmlns schema to include include in a feed to say that person authored the feed.
What is the exact issue you are trying to solve?
1. Use cases?
2. How that would be implemented?
3. Barriers to adoption?
--
Karl Dubost
Montréal, QC, Canada
http://www.la-grange.net/karl/