The Digital ID Federation Myth

The key to any federation is understanding who’s in it and who’s out. The Digital ID federation concept sounds attractive, but doesn’t include the customers, whose voice and stake in the game are like American Indians in post-Civil War America. Just because the federation issues get ironed out doesn’t mean they’ll do us any good.

But were we to assume that everyone controls their own web space, we have the foundation of an authentic federation.

Self-hosted Identity

Ming discussed self-hosted identity on Monday, worth repeating verbatim:

James Snell talks about being in control of one’s own identity and storing it on one’s own site, like as part of one’s weblog:

“A discussion on Sam’s blog got me thinking about self-hosted identities. Ideally, I should be able to put together a file, discoverable through my weblog, and digitally signed with my private key that contains all of the personal information that I want to make public. When I go to any type of forum (like a weblog) or to a commercial site (like Amazon), if they want my information, they would do what Dave suggests and put a “You know me” button on their page. When I go to the site, I click on the button, the site asks me for the location of my identity file. They download the file and extract the necessary information.”

And he follows up here and here . We need that, of course. I’m tired of having entered my information on dozens of different sites over the years, and it being mostly outdated and forgotten. Much better that it is on my computer.

This is a more sophisticated form of the federated ID solution we baked into our microeconomy. The first step in letting people control their ID is to bite the bullet and require everybody to have their own web site. That seems like a big step, but it’s shrinking daily. Blogging is one of the best reasons to cross the website divide, and identity is pretty close.

Xpertweb users assume their transactions are as public as a public company’s. If you want to do a transaction “off the books” you won’t want to do it using your Xpertweb persona(s). But for most transactions, transparency solves far more problems than it raises.

The Xpertweb protocols have no need to expose the buyer’s financial information. Payment is made after the sale, through a trusted third party managed by the buyer, since the final price is dependent on the buyer’s rating of the transaction. The only data needed to start the transaction is how to get the product or service into the buyer’s hands. This inversion of the transaction—caveat emptor becomes caveat vendor—solves most of the difficult problems of identity theft and its handmaiden, Digital ID.

So Xpertweb’s ID need not be as complex as Snell’s thorough treatment, but the approach is perfect. Maybe we can convince Ming or James Snell to help out on this feature for our open source microeconomy…

The key to Xpertweb’s usefulness will be the ease of using the forms, and having all the buyer’s relevant data filled in automatically is a great start.

Blogging for Dollars

An Xpertweb page is basically a web log that keeps track of your words and comments of course, but extended with a commercial form of highly structured trackback. Every time the buyer submits a form, any data saved on the seller’s site is duplicated on the buyer’s site, by the buyer’s trusted script, in the form of an order confirmation page. Then, as the transaction progresses, the mirrored data store is enriched, culminating with each party’s grade and comment, which is the point of the whole system.

In the agora, everyone can watch each other shopping. The citizens are on display like the melons.

10:51:59 AM    

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: