If you and I met for the first time yesterday, we spent some time to learn about each other, and you see me crossing the street today, you will recognize me. Recognizing others is a fundamental human ability, and crucial for society to function. (Imagine if we didn’t.) It used to be that way at the store, sometimes it still is, and when it isn’t, companies often go through considerable expense trying to create the same illusion (look for "Ritz-Carlton" in this often-repeated story).
When I’m a visitor to your website, spend some time on it, and tomorrow, I come by again, what should happen? Unfortunately, opinions are divided on that one:
- In the state of the art on the web, many sites use tracking cookies, so your site will recognize me — actually, my browser, not me — on the second visit, and I have little choice in the matter.
- Privacy advocates often argue that the default should be anonymity under virtually all circumstances; unlike in the physical world.
- And everything in between.
At NetMesh, we think that the user should be in control and have the option of either: if I decide to "log off" from your site, this should mean that I want you to stop tracking me, because I said so through the act of logging off. If I don’t, by all means, please recognize me when I come again, so you we can continue our conversation where we left off when I had to leave yesterday. Just like you and I can continue yesterday’s conversation today in the physical world.
Our LID / OpenID default Relying Party implementation at NetMesh follows this principle. When you first authenticate at a site that uses our relying party code, it sets two cookies:
- a long-term cookie that holds your identity URL or XRI (that you used to authenticate)
- a short-term cookie that contains a session token. It is short-term to causes session revalidation from the identity host on a regular basis.
For example, if I go to, say, to osis.netmesh.org (a MediaWiki that is LID/OpenID enabled) today and authenticate as mylid.net/jernst, it stores that mylid.net/jernst in a long-term cookie, and my session handle for only about 10 minutes until the site will re-authenticate my session with the identity host (that 10 minutes a configurable parameter).
When I return to any of the pages on that wiki tomorrow, it transparently validates my claimed identity (from the cookie) with my identity host, and I have to do nothing for the site to recognize me, and for my identity host to cryptographically assert to the site that it is indeed me. Which is exactly what I want! It’s a wiki: chances are that if I did some editing there yesterday, I will want to do some more editing with the same identity today.
If I didn’t want that and wanted to be anonymous instead, all I have to do is click a single button on the page (bottom-right corner) as a result of which the two cookies are removed, and I’m as anonymous as before again. We figure this is a good compromise between modeling human behavior (recognition on subsequent encounters), privacy (one click and you are anonymous again) and ease of use (no clicks necessary on subsequent visits to log on or anything of that nature, unless I want to change my privacy preferences).
[I was just asked what exactly happens in our InfoGrid LID implementation, and figured I might as well blog it. One of the nice things of this is that you can bookmark at will, del.icio.us and what have you, and sites still recognize you with zero effort on your part; if you want to, only, of course.]
If you want to try it, grab any LID or OpenID identity from any provider (URL or XRI, either are fine), and go to our test site firstsso.netmesh.org, for example. If you need an identity, go sign up at mylid.net.