[uf-discuss] MicroID - Identity in a shade of microformat
Kevin Marks
kmarks at technorati.com
Mon Mar 27 16:51:31 PST 2006
On Mar 27, 2006, at 3:40 PM, jer wrote:
> Boy, once Doc gets a hold of something... I was going to send out a
> little note here asking for some feedback, but it's gone full circle
> already :)
>
> Anyway, MicroID isn't exactly a microformat all by itself but it can
> be expressed in conjunction with one. It's really just an opaque but
> verifiable owner token, allowing anyone to point at something and say
> "that's mine" which can be verified by using their email address (or
> any supported communication identifier).
I'm not sure how useful an email address is as a shared secret. If you
use a publicly-known one, anyone who knows it can spoof your signature;
if you use a unique address per service then you need multiple
microid's.
> The itch I'm scratching is two part, I'm tired of having to put some
> button or javascript code (or upload a funky named empty file) on my
> blog/site to verify that I have editorial control over it. This
> practice is becoming more and more common, and the technology to do
> this once and for all isn't brain surgery.
Your long hash reminds me of the original Technorati claiming model,
which was a hash of the user ID and blog URL, which I deprecated as the
ID's were too long and cumbersome to send around easily - urls with
them in tended to get wrapped in email, so people ended up making their
blog invalid by adding a url with a newline in the middle, and my
parser had to cope with that.
Hence we went to a 10-character randomly-assigned ID model, as the ID
is not guessable.
As Chris said on his blog, the bidirectionally-verified rel="me" is a
sounder way to do this - see http://gmpg.org/xfn/and/
> The second part is to have a MicroID published with a "score"
> microformat (well really just class='score' unless someone has a
> better idea) that is wrapped around any comment or content published
> on a moderated system. If I get modded up and have a good reputation
> on that system, why can't there be a solid technical way for me to
> verify my reputation (or just a bag of all my scores) to anyone that
> cares? If these moderated systems publish a simple MicroID with the
> score output, it makes my reputation portable as much as I want it to
> be.
As your model is spoofable if I know your email, I'm not sure what this
gains for you over showing the ID or email directly in the moderated
system.
More information about the microformats-discuss
mailing list