The Digital ID Federation Myth
The key to any federation is understanding who's in it and who's out. The
Digital ID federation concept sounds attractive, but doesn't include the customers,
whose voice and stake in the game are like American Indians in post-Civil War
America. Just because the federation issues get ironed out doesn't mean they'll
do us any good.
But were we to assume that everyone controls their own web space, we have
the foundation of an authentic federation.
Self-hosted Identity
Ming discussed self-hosted
identity on Monday, worth repeating verbatim:
James
Snell talks about being in control of one's own identity and
storing it on one's own site, like as part of one's weblog:
"A discussion on
Sam's blog got me thinking about self-hosted identities. Ideally, I
should be able to put together a file, discoverable through my
weblog, and digitally signed with my private key that contains all
of the personal information that I want to make public. When I go to
any type
of forum (like a weblog) or to a commercial site (like Amazon), if
they want
my information, they would do what Dave suggests and
put a "You know
me" button on their page. When I go to the site, I click on the
button, the site asks me for the location of my identity file. They
download the
file and extract the necessary information."
And he follows up here and here .
We need that, of course. I'm tired of having entered my information on
dozens of different sites over the years, and it
being mostly outdated and forgotten. Much better that it is on my computer.
This is a more sophisticated form of the federated ID solution we
baked into our microeconomy. The first step in letting people control their
ID is to bite the bullet and require everybody to have their own web site.
That seems like a big step, but it's shrinking daily. Blogging is one of the
best reasons to cross the website divide, and identity is pretty close.
Xpertweb users assume their transactions are as public as a public company's.
If you want to do a transaction "off the books" you won't want to
do it using your Xpertweb persona(s). But for most transactions, transparency
solves far more
problems than it raises.
The Xpertweb protocols have no need to expose the buyer's financial information.
Payment is made after the sale, through a trusted third party managed
by the buyer, since the final price is dependent on the buyer's rating of the
transaction. The only data needed to start the transaction is how to get the
product or service into the buyer's
hands. This inversion of the transaction—caveat emptor becomes caveat
vendor—solves most of the difficult problems of identity theft and its
handmaiden, Digital ID.
So Xpertweb's ID need not be as complex as Snell's thorough treatment, but the
approach is perfect. Maybe we can convince Ming or James Snell to help out
on
this
feature
for
our open source microeconomy...
The key to Xpertweb's usefulness will be the ease of using the forms, and
having all the buyer's relevant data filled in automatically is a great start.
Blogging for Dollars
An Xpertweb page is basically a web log that keeps track of your words
and comments of course, but extended with a commercial form of highly structured
trackback. Every time the buyer submits a form, any data saved on the seller's
site is
duplicated
on the buyer's
site, by the buyer's trusted script, in the form of an order confirmation page.
Then, as the transaction progresses, the mirrored data store is enriched, culminating
with each party's grade and comment, which is the point of the whole system.
In the agora, everyone can watch each other shopping. The citizens
are on display like the melons. [Escapable Logic]
11:37:48 AM 
|
