[OpenID] What does "identity" MEAN?

SitG Admin sysadmin at shadowsinthegarden.com
Tue Sep 16 22:41:05 UTC 2008 

>My OpenID identifier could also (but does not have to) contain a 
>list of all the notes that I have created, so someone can see what I 
>have done with that identifier.

I would love to have that! It is something I have given thought to, 
in the past; if the referer is not empty, I tell the visitor "You 
appear to have some from [this site], would you like to see a list of 
all the comments (and other activity) I have engaged in at that 
site?". The visitor can thus immediately check these comments (I can 
duplicate them at my site, I still have the copyright after all) 
against the versions on that site, to ascertain whether the copies on 
that site have been altered, and perhaps discover that comments 
attributed to me elsewhere were entirely fabricated (never existed in 
*any* form). This doesn't prevent me from *removing* awkward details 
that I would like to no longer be held accountable for, but if the 
system were automated (say, using an XRDS file to index further XRDS 
files at my site that kept track of certain sites, perhaps further 
subdividing into certain date ranges) and standardized, other sites 
could plug into it and act as trusted mirrors of my records, 
providing proof even if *I* later deleted anything.

>You talk about other systems that can track who created which note. 
>What are they? I'd like to get one of them widely deployed!

Some of them are theoretical, and will presumably be developed in the future ;)

One is described above, it uses a web of trust to substitute for PKI 
(though to avoid having to constantly transmit entire sets of 
content, it might be better to merely publish hashes for the 
automated part, which *is* another use of cryptography - still, you 
only need to implement a handful of algorithms, whereas PKI would 
require learning and storing more keys with every user).

I think XRI might be another. OpenID is already compatible with it, 
though, which is cool - we're prepared to transition users directly 
to XRI when they're ready, without having to learn a whole new system 
(assuming they've acquired some familiarity with OpenID by then).

The key attribute of the systems I was talking about, though, wasn't 
tracking; and I forgot a word when I was describing it, so I'll 
restate it here:

There *are* systems that allow us to exert utter, granular control 
over our privacy. Informing select readers of select notes that the 
author of those notes was also the author of select other notes, 
without any of this information being contagious.

Elaborating upon this, Alice can inform *just* Bob (who read note A) 
that Alice also wrote note B, but Carol, who had access to note A, 
won't know this. Furthermore, when Tom reads note C (written by 
Alice), he can learn that Alice also wrote note B, without Tom and 
Bob comparing notes to find out that the author of note A was also 
the author of note C.

I'm sure there are more convoluted use-cases, and of course 
technology can't negate humans' ability to communicate with one 
another out-of-band, but this should be enough to illustrate the 
general idea: the identity correlation technology (XRI or whatever) 
uses a unique identifier for every note, and these discrete 
identifiers may be associated with one another by the user to 
authorized parties.

I did think of a way to do this with OpenID (using Directed 
Identity), and can describe this if you wish, but at this point it's 
strictly theoretical. Certainly possible, but not actually 
implemented anywhere I know of ;)

-Shade

More information about the general mailing list