person centric identity, trust chains or biometrics

[Kaleb Himes]

Hi everyone. I have a small group that is currently looking at contributing to or expanding this project.

Some co-workers and I want a place to meet up like facebook but we want control of all our own data.

We plan on implementing some custom sharing solutions based on the diaspora project and hope to contribute these changes back to diaspora when complete.

We will be hosting a private POD for initial testing to see how it works out with the goal of eventually making our changes public.

We are looking at doing changes unrelated to person centric identity, however some questions came up in discussion related to this topic.

Our question is does the diaspora community have any plans for implementing person-centric identity like supporting public/private key identification IE I have a private key on my machine that identifies me as me. The public key can be loaded into the pod and I can login without a password because my Diaspora pod knows it is me when I connect with my private key.

The other growing person-centric identity solution is biometrics, facial recognition or fingerprint ID. Does Diaspora have any plans to support one or both of these technologies in the future?

Thanks for your time, I look forward to your thoughts!

Regards,

Kaleb

[Greg Troxel]

Kaleb Himes <kaleb...@gmail.com> writes:

> Hi everyone. I have a small group that is currently looking at contributing
> to or expanding this project.

Note that I am not a contributor to diaspora* yet. So far I am a lurker
on the list who intends to run a pod someday.

> Some co-workers and I want a place to meet up like facebook but we want
> control of all our own data.

You are in the right place.

> We plan on implementing some custom sharing solutions based on the diaspora
> project and hope to contribute these changes back to diaspora when complete.

I am curious why you don't just maintain a public fork with branches
with your work in progress. I don't see the harm, and maybe others will
help or give advice.

Certainly you have to grant all of the users of your private pod access
to the sources and permission to distribute under AGPL3. Perhaps none
of them want to, but secret code and disapora* do not really go together
culturally. (Secret social network content, on the other hand, is
fine.)

> Our question is does the diaspora community have any plans for implementing
> person-centric identity like supporting public/private key identification
> IE I have a private key on my machine that identifies me as me. The public
> key can be loaded into the pod and I can login without a password because
> my Diaspora pod knows it is me when I connect with my private key.

I am unfamiliar with the term person-centric identity.

If one has the notion of account owner, then it is straightforward
conceptually to use various authentication mechanisms for user->pod
authentication. Using a client certificate, or some kind of priv/public
keypair (without a CA) seems entirely reasonable. So does GSSAPI.
This is really not diaspora*-specific, but about using various
mechanisms to authenticate users.

I am curious what your goal is in keypairs, compared to
username/password. Is it increased security, so that passwords being