Currently browsing category

Digital Identity, Page 2

The Google “Physical Web” Proposal and LID

About ten years ago, I came up with that silly (?) idea that people could be identified with URLs. That those URLs could have particular functionality around them by which anybody -- with the right permissions -- could interact with them. And that, when people walked around with their mobile devices, those devices could broadcast…

What’s the opposite of the Web 2.0 architecture?

Dave Winer was nice enough to respond to my question: So what do you call this architecture where your data is on your site, running the code you want, with your own terms with a full blog post titled My Architecture is called RSS.  I guess I should have seen this coming ;-) but I…

Sen. Wyden: Your data’s yours no matter on whose server it lives

This is significant, and very welcome. US Sen. Wyden is quoted by the Washington Post as follows: "Some will still argue that by sharing data freely with Facebook, Google, Mint, Uber, Twitter, Fitbit or Instagram, Americans are choosing to make that data public. But that is simply not the case," And he continues with one…

Marcus Povey and PGP-based login

Marcus Povey is proposing to use PGP/GPG to log into personal websites such as Known. Where have I heard this before? ;-) Oh, yes, LID, circa 2005, before OpenID etc. Here is how a digitally signed LID requests looks like, broken into separate lines for better readability: http://example.com ?lid=http%3A%2F%2Fmylid.net%2Fjernst &lid-credtype=gpg%20--clearsign &lid-nonce=2014-05-30T16%3A54%3A57.016Z &lid-credential=SHA1%0AVersion%3A+GnuPG+v1.4.11+%28GNU%2FLinux%29%0A%0AiEYEARECAAYFAlOIt%2BEACgkQsIOiz0BhWYZ9MACcCelf5T6XyywOZ5jVq3eyMw9m%0A8C4AoJ6Vz47PKR2%2FEvNqDkv7OWFyHdSU%0A%3DpVzh%0A where: lid:The URL…

Is there anything about identity on the internet that’s not broken?

We know that usernames and passwords are broken, password resets are, SSL certificates, hacks like certificate pinning etc. and many other things. Apparently even domain name ownership proof is just as broken: there seems to be no method to authoritatively determine whether somebody who claims to own a domain actually does. If somebody came to…