-
Is there anything about identity on the internet that’s not broken?
We know that usernames and passwords are broken, password resets are, SSL certificates, hacks like certificate pinning etc. and many other things. Apparently even domain name ownership proof is just as broken: there seems to be no method to authoritatively determine whether somebody who claims to own a domain actually does. If somebody came to…
-
Digital signatures on JSON payloads — let’s call it ‘jsonsig’
I’m finding myself wanting to digitally sign JSON content, keeping the signature and metadata inside the JSON file, and I’m largely coming up empty looking for a solution that exists already. I only found: Camlistore: it signs JSON documents but creates an “outer wrapper”. It’s also a bit too specific to Camlistore for my needs.…
-
Making relationships verifiable
(This is more of a note to myself, but you might find it interesting anyway) Let’s say there are two people, M and D, who supposedly are mother and daughter, i.e. they are supposedly in the relationship “is parent of”. If I come across a piece of information that expresses “M.isParentOf.D”, should I believe it?…
-
IndieWebCamp San Francisco this Friday and Saturday
Last June, I went to IndieWebCamp Portland, and had a blast: a few dozen alpha geeks were demonstrating their latest projects, most of which have to do with wrestling control of their own data from various on-line silos, and using that data in innovative ways on their own site. In other words, right down my…
-
On Mozilla’s Persona Post-Mortem
There’s a great summary on the Mozilla wiki about what did and didn’t work about Persona, Mozilla’s attempt at a new identity protocol for the web. (Given the existence of that page, I’m not sure the project continues to be actively pursued? Techcrunch reports that Persona is dead.) Having been in the middle of the…