This is something Mozilla's been thinking about doing: providing a
centralized bootstrap for profile registry. WebFinger is obviously high
on the list, although I would prefer to keep it as the protocol for
truly public info, wherever possible (given its otherwise unattractive
privacy properties.)
This may be a good simple place of first collaboration?
-Ben
On 1/2/12 8:32 PM, Michiel de Jong wrote:
> Some people have their own domain name. For them, we provide things like
> our WordPress plugin and our ownCloud app. But many people rely on one
> of the big three email providers (Hotmail, Yahoo, Gmail) for their user
> address. There is also a possibility that people's Facebook profiles,
> rather than their smtp addresses, will become their main user address in
> a near future.
>
> We could encourage people to get an additional user address; one they
> use specifically for their remote storage. But that's not very user
> friendly. So given that we already defined the open way to link remote
> storage to your user address (namely, via webfinger), we can, without
> loss of openness (and that's the big discussion point, obviously),
> define a fallback option. This is an approach that BrowserId already
> uses with browserid.org <http://browserid.org>, and that has its friends
> and its enemies, but that may make sense for our situation, too.
>
> I propose a centralized registry where people can announce their
> remoteStorage whenever their user address doesn't have a webfinger file,
> or when their webfinger file is not user-editable. To edit your records
> at useraddress.net <http://useraddress.net>, simply log in with
> BrowserId, and link to a URL where you host your own lrdd or jrd file.
> All useraddress.net <http://useraddress.net> stores are these links. We
> would then recommend to application that they support useraddress.net
> <http://useraddress.net> as a fallback whenever webfinger fails, but
> never as a replacement for webfinger. That way, openness of the protocol
> stack is still guaranteed, and the only centralized registries we
> actually /rely/ on, will still only be DNS and TLS.
>
> So the application will always try to check your webfinger first, but
> fall back to useraddress.net <http://useraddress.net> whenever webfinger
> fails.
>
> yes, it's a centralized registry, and if it gets hacked then you get a
> big phishing risk, so it's not something we want to do just for the fun
> of it. But from the user's point of view, it might be the only option
> that would work well (at least i don't see any others right now;
> alternatives, anyone?).
>
> one alternative would be to simply not support 99% of people's existing
> user addresses. but that's probably the easiest route to letting our
> entire project fail to ever achieve critical mass. I remember the words
> of Ade at fsw-2011 "be linux, not herd" - as in, don't let design
> perfectionism become the enemy of actually building something.
>
> i would say it could easily take 5 years before everybody has their own
> user-editable webfinger file. So we can try out the useraddress.net
> <http://useraddress.net> fallback as a temporary measure, keep
if it will depend on browserid teaming up with browserid.org folks might make sense...
still i hope you will put emphasis on clearly recommending indy way with self hosted webfinger =)
~ elf pavlik~
--
(living strictly moneyless already for over 2 years)
http://wwelves.org/perpetual-tripper
http://moneyless.info
http://hackers4peace.net
Michiel,
This is something Mozilla's been thinking about doing: providing a centralized bootstrap for profile registry. WebFinger is obviously high on the list, although I would prefer to keep it as the protocol for truly public info, wherever possible (given its otherwise unattractive privacy properties.)
This may be a good simple place of first collaboration?
-Ben
> Opinions, anyone?if it will depend on browserid teaming up with browserid.org folks might make sense...
still i hope you will put emphasis on clearly recommending indy way with self hosted webfinger =)
Cheers,
Michiel
On Tue, May 29, 2012 at 2:56 PM, Melvin CarvalhoI'm not so worried about that, you are the only person i know who
<melvinc...@gmail.com> wrote:
> Pros and cons to discovery.
>
> With webfinger as it is today, the control lies with the data monopolies,
feels this way about webfinger. i think (from previous discussions)
that what you're saying is that the webfinger spec would be more
trustworthy if it were at the w3c, because of copyright issues like
the ones that are reportedly linked to ActivityStreams. if any of the
commercial stakeholders in webfinger and in the web in general would
get bought by Oracle and start trying to claim copyright on the spec,
then we would just rename it LibreFinger and continue business as
usual. Treat copyright as damage, and route around it. :)
That's not necessarily true. Google and Yahoo offer webfinger
> but you get massive adoption.
services, but they don't announce any remoteStorage (yet).