Loomio
Sat 27 Jun 2020 4:52AM

Online Identity Management Service

DS Danyl Strype Public Seen by 143

Would it be possible, with existing tech, to create a one-stop shop* where a person can register an identity (eg myname.me), and point it at services, so regardless of who hosts their accounts for email, chat, fediverse, etc, another user can find and mention them using a universal ID like [email protected] .

DNS already allows this for email forwarding, and some email services can proxy fully the third-party domain name. The same [email protected] address can be used for both email and jabber, but only if there are email and jabber servers exclusively using that same domain. AFAIK there is no way a DNS server can respond to a request from;

* an XMPP server for a different jabber address currently associated with [email protected] (eg [email protected])

* a matrix homeserver for the matrix address currently associated with [email protected] (eg #me:matrix.org)

* a fediverse instance for the address currently associated with [email protected] (eg @[email protected])

If these use cases are unhandled at the protocol level, there's no way a user-facing DNS management console can provide these sorts of services. Are there other existing technologies or workarounds that could be used for this? Could Libravatar be a model?

EDIT: * by one-stop-shop I mean a service that can unify an identity across a range of protocols, not that this service should be the one ID portal for everyone on the net. On the contrary, I envision a plethora of these services, as with DNS registrars today, which is why I mention Libravatar as a model. There would need to be common protocols for resolving the DNS based identifier ([email protected]) to the underlying address it's being used as an alias for.

TH

Timothy Holborn Sat 27 Jun 2020 7:04AM

This is possible, but likely not entirely desirable for many use-cases. using a persons domain name, whilst certainly essential infrastructure to have and make use of; also means there are significant limitations put upon pseudo anonymity; meaning that all uses of anything connected to the domain, can be linked together - so, the result is 100% associated for all purposes, which can have 'unintended consequences'. The alternative is to have a legally supported framework whereby other URIs that can by law be associated to the actor is provided by infrastructure, that in-turn needs to support an array of considerations associated to ensuring 'identity owners' can migrate their accounts between providers, that the service provider be prohibited from commercially employing the data / data-service & also 'choice of law' (as to support 'rule of law'). Identity has a few different meanings, i guess - all depends on what you want to achieve.

DU

Deleted account Sat 27 Jun 2020 10:49AM

[He boldly strides in, always happy to display his ignorance and misunderstanding... 馃槈]

While perhaps not exactly the same thing, 't'would seem that Keybase -- sadly acquired by Zoom last month (May 2020) -- might have been something of a starting point for such a service... It may still inform one's thinking about such an idea.

M

mfioretti Sun 28 Jun 2020 6:43AM

"Would it be possible, with existing tech, to create a one-stop shop where a person can register an identity (eg myname.me), and point it at services..."

Of course it would with existing tech. This is all already existing stuff that only needs integration and packaging. Not a simple task, but orders of magnitude simpler, and more realistic, than everything else I've seen around in this space since 2012/2013. All the desire for definitive, "perfect" solutions has accomplished since then is to let Facebook and the like double their userbase.

Wrt your question, all you have to do is turn the question upside down, because that would be the only way to go, and has been for decades now, and is future-proof, that is ready for any other service we may not even conceive now. The way to go would be, using your name as example:

your identity is danylstrype.com (or any other domain name you choose, that's no matter). A plain old, universally supported, open standard, future-proof website.

and then I can email you at [email protected]. chat in real time with [email protected], get notification of everything you share on your website with plain old RSS (danylstrype.com/feed) or websub (https://en.wikipedia.org/wiki/WebSub) ....

I explained all this in much more detail three years ago in this series of posts: http://stop.zona-m.net/tag/mastodon . Please (I say this only to save everybody's time) read and quote directly from them, if you have objections.


M

martin 鉃 Sun 28 Jun 2020 8:39PM

I would not base this on a 3rd party service like Keybase or Hey, nor Google or Facebook or Apple or Github. Have a look at Keycload, which seems to do this for you, and would mean you get to stay in control.

AS

Arnold Schrijver Mon 29 Jun 2020 7:30AM

Gravatar is a tracker. It is ranked #56 and according to their parent Automattic privacy policy is using this information to target ads and send PII to 3rd parties. That's why Libravatar is a much more compelling service. Not only can it be decentralized, but look at their refreshing privacy policy.

EW

Ethan Winn Mon 29 Jun 2020 4:11PM

I think WebID is another approach to addressing this need, used for similar use cases in the Solid spec.

@martin 鉃 thanks for sharing Keycloak, interesting to see if it might be set up as part of a WebID-OIDC stack.

TH

Timothy Holborn Mon 29 Jun 2020 7:03PM

Webid is a URI. WebID-[Auth] is an auth schema that uses a URI (IE: TLS, RSA, OIDC, etc.).

Solid (or what was called RWW) employs these tools. But the more interesting and fit for purpose patterns come when support for a Dynamic AI agent is taken I to account whereby those tools built into solid become part of a broader ecosystems solution that incorporates verifiable claims / credentials, and an array of other bits and pieces to support semantic agents, with a level of clarity / sufficiently broad functionality.

Cheers,

Timo.

DS

Danyl Strype Sat 11 Jul 2020 11:38AM

This doesn't really address the question. I already have a domain name I can use for a website, and with an email forwarder, so I can redirect email sent to [email protected] to any hosted email service I choose to use. But I can only use a disintermedia.net.nz address for jabber chat if someone is running a whole jabber server using that as its domain. I'm not aware of a way to use [email protected] as an alias for [email protected], the way I can with email.

DS

Danyl Strype Sat 11 Jul 2020 11:53AM

Another possible model is to use a blockchain to associate a user ID on one service with a multi-service ID like [email protected] in a decentalized way. This is the solution Jami uses to map human-readable usernames to the 40 character hash is uses as a unique address for accounts.

https://jami.net/the-jami-blockchain-switches-from-proof-of-work-to-proof-of-authority/

TH

Timothy Holborn Sat 11 Jul 2020 11:58AM

lots of people are trying that due to the inherent value of owning/operating the private key infrastructure...

therein is the ideological point. how are the private keys managed... for grandma, for instance.

will personhood survive covid19? will liberalised democracies survive? which global gov would you pick - USA or China?

i can continue on with issues, noting i've been instrumentally involved in some of the underlying work to that sort of 'self sovereign' rubbish,

but it was useful for a different reason. nonetheless, yeah. blockchain can = v.cheap slavery shackles. i just don't support that method.

timo.

Load More