Dave Winer proposes to use URLs for digital identity

Dave Winer proposes to use URLs instead of e-mail addresses to identify the document creator in OPML feeds. His proposal is another sign in the rapidly growing consensus to use URLs for digital identity: from LID, OpenID to YADIS and now OPML.

He says:

When OPML was designed, over five years ago, spam wasn’t the problem that it is today. It made sense then to identify the owner of a document in the most straightforward manner, using an email address…

In 2005, it’s really hard to recommend that people include valid email addresses in a public document[s]…

For discussion: A new sub-element of <head>

<ownerId> is the address of a web page that contains an HTML form that allows a human reader to communicate with the author of the document via email or other means.

Example

<ownerId>http://www.opml.org/profiles/sendMail?usernum=1</ownerId>

It’s great that someone as senior and influential as Dave Winer comes to the same conclusion: URLs are very well suited not only to identify companies (like http://www.amazon.com/) and documents (like http://www.opml.org/spec) and so forth, but people as well (like myself at http://netmesh.info/jernst).

The consensus for the use of URLs to identify people is emerging as follows:

  • The user sets up a home page at a URL of her choice. This could be her blog, her ISP’s web account, a Geocities home page or any other page she has control over. She makes sure the home page contains a “magic marker” that states that this is an identity URL (exact details currently being finalized within YADIS.org — the place where all people interested in URL-based identity approaches come together — but most likely an HTML <link> or <meta> tag containing a URL, with shortcuts for those who can configure their own web server).
  • The magic marker points to the identity service that the user chooses, such as a LID or OpenID server. Given that all URL-based digital identity technologies are inherently decentralized, she won’t be locked into one particular company that provides this service, and she might even run her own identity service (e.g. by using an open source implementation).
  • When the user needs to identify herself on the net, e.g. as author of a document (OPML or otherwise), as submitter of a blog comment, or to identify herself when logging into a website, she uses the URL of her home page. The identity server will perform single-sign-on for her, so she doesn’t need to remember more passwords either, and identity-enabled software can easily confirm that it is indeed her instead of somebody impersonating her.
  • When somebody wants to find out more about the user, they can simply go to her homepage and find out whatever she chooses to publish there. She might put a web form there that allows others to contact her as suggested by Dave; of course, there’s nothing OPML-specific about the need to contact people on the internet.
  • If she pointed her magic marker to a LID-enabled identity server, she would also get things like controlled information sharing, and LID profile exchange based on access rights she can define on a per-user or per-group basis. LID Authenticated messaging expands on the idea of a simple message-sending form by allowing the submitter to identify themselves, and allowing the identity owner to define different message routing rules based on the identity of the message sender.
  • Many other interesting features are being created as we speak around URL-based identity by variety of people. They are possible only because it’s easy to build new cool things based on URLs (think tagging, for example), and not so easy with non-URL-based technologies, which is another great argument for URL-based identities.
  • By setting up as many independent home pages as she likes to, she can have as many independent identities as she likes to.

We’ll publish how to do all of this with your home page and a MyLID digital identity and other implementations as soon as the YADIS spec is finalized. You can sign up for one already or download code (open source, or commercial license) to run your own.


Posted

in

by

Tags: