Menu

IdM Takes Lessons From the Microformats Crowd

#identity #identity architecture #identity assertion #identity management #identity verification #idm #microformats #microid

A tip from [Ryan][1] sent me [looking][2] at [MicroID][3]:

a new Identity layer to the web and [Microformats][4] that allows anyone to simply claim verifiable ownership over their own pages and content hosted anywhere.

The idea is to hash a user’s email address (or other identifier) with the name of the site it will be published on, giving a string that can be inserted — in true Microformats style — as an element of the html on the site.

Examples:

To verify a user’s home page or ownership of any page:

> 
> To verify a user’s membership in (or content/microformat published on) any (trusted) 3rd party site:
> 
> ```
<div class=“agent vcard microid-a9993e364706816aba3e25717850c26c9cd0d89d”><br />
<a class=“email fn” href=“mailto:jfriday@host.com”>Joe Friday</a><br />
<div class=“tel”>+1-919-555-7878</div><br />
<div class=“title”>Area Administrator, Assistant</div><br />
</div>

To validate a user’s feedback or reputation on any moderated system (slashdot, digg, etc):

<span class=“score microid-a9993e364706816aba3e25717850c26c9cd0d89d”>5</span>


I’ve gotta admit that it seems too simple to work and I’m gonna have to think about this a while.

> Once this [MicroID] is published via one of the number of different ways or as part of a microformat on any page or site, they appear as opaque strings, but unique to a particular ID on that site. When the owner of the communication identifier forms a relationship with a new site, and (critical) that new site validates the communication identifier, they can then immediately validate the MicroID published on any other site for that given communication identifier.
> 
> MicroID also allows any third party to crawl and index these microformats and provide a web service that may return a weighted response (for reputations), list of references, etc. This index is anonymous and queries into it may simply provide the hashed version of a validated user-provided communication identifier.
> 
> While it may seem that spoofing would be an issue due to the nature of using communication idenitifers and how widely they are sometimes shared or published, the assertion of ownership must always originate from the owner, the MicroID simply allows anyone to validate that relationship very simply.



 [1]: http://blog.ryaneby.com/
 [2]: http://identityfuture.com/story/idm-microformats-microid/
 [3]: http://microid.org/
 [4]: http://microformats.org/