DIY DigID

Our homegrown digital ID function is the part of Xpertweb that Doc and Eric are most tuned into right now, so here’s some techie background.

Peering for Fun and Profit

Xpertweb users equip each other to use peering protocols. By peering, we mean that every participant has their own Xpertweb server, located on any ISP that offers PHP support. Xpertweb users have tools to set up a new user by using any FTP client to upload a script that sets up a new site. This seemed a pretty dramatic and excessive requirement when we first specified it, but blogging and grandkid picture hosting is making a personal web site less controversial.

Digital ID is very hard when you’re relying on a central server to authenticate people. It becomes trivial when each participant has exclusive control over their own website and easy-to-use forms to administer their ID info.

Peering means Peering

If you and I are peers, we allow each other to peer into our lives more than we allow others (ain’t English a fun language?).

Each Xpertweb user has an ID file (like, me.xml) on their site, containing the usual fields (required) and any other optional fields the owner might want to selectively expose to:

  1. the world
  2. other Xpertweb users
  3. transaction partners
  4. “blessed” Xpertweb users with established relationships
  5. mentors
  6. protegés.

Using the W3C XML Encryption spec, any of the owner’s data may be encrypted at the field level, and even the names of the fields/tags may be encrypted.

Trusting the casual visitor

All Xpertweb vendors want the world to know about their skills, reputation, products and, probably, thoughts and ideas on their blogs. Those are all published as broadly as possible, with skills and products organized into an Xpertweb index. The blogosphere is demonstrating that we crave notice more than we fear exposure.

However, Xpertweb vendors only want to transact with others having a proven reputation since, like a waitperson, the vendor’s compensation is subject to the buyer’s rating of their work. So here’s our homegrown digital ID sequence, assuming a vendor whose unique ID happens to be FFUNCH and a shopper with BRITTB as a unique ID (gross simplification in effect–unique IDs are hard but possible).

  1. An Xpertweb-equipped shopper is attracted by FFUNCH’s reputation and clicks on a product link.
  2. The product page asks the visitor to enter his unique Xpertweb URL.
  3. Upon submitting the URL, FFUNCH’s site visits the URL and discovers there IS an Xpertweb site present with a properly formatted me.xml file at the root level and a script that says it’s ready to play nice. Only then does FFUNCH’s script learn that the visitor purports to be BRITTB.
  4. FFUNCH’s script still doesn’t know if this visitor is BRITTB, so the script notes the current time, the visitor’s IP number, composes a unique ID for this contact and places a cookie on the visitor’s browser, something like:
         taskid FFUNCH.BRITTB.1054746754; IP 66.65.84.10 + some product info
         (a task ID = users’ IDs + the Unix epoch [# of seconds since 12/31/1969])
  5. FFUNCH’s script directs the visitor to the URL presented
  6. The script at BRITTB’s site asks the still-mysterious visitor to enter BRITTB’s name and password.
  7. If the challenge is passed, we need a stateless way to confirm to FFUNCH’s script that this is indeed BRITTB.
  8. BRITTB’s script looks in its buystuff/sellers directory for a subdirectory labeled FFUNCH.
          [If absent, it creates a buystuff/sellers/FFUNCH directory]
          It creates FFUNCH.BRITTB.1054746754.xml in buystuff/sellers/FFUNCH
             … listing the now-current epoch, BRITTB’s IP # and the product info
  9. BRITTB’s script returns BRITTB to the FFUNCH site
  10. FFUNCH’s script visits BRITTB’s site and notes that the properly formatted file was created in the proper directory at a time shortly after the task ID creation, from a browser at the known IP number.
  11. FFUNCH’s script looks in its sellstuff/buyers directory for a subdirectory labeled BRITTB.
          [If absent, it creates a sellstuff/buyers/BRITTB directory]
          It creates FFUNCH.BRITTB.1054746754.xml in sellstuff/buyers/BRITTB
             … listing the current epoch, BRITTB’s IP # and the product info

It may not be perfect, but it’s close enough for FFUNCH and BRITTB to proceed with a transaction, whether it’s reading a blog for $.06, trying a $15 shareware, ordering a $75 Afghani carpet or paying a personally negotiated $10,000 retainer.

Because each product has different requirements, BRITTB’s site can selectively expose needed information, like a physical address or website admin info.

If the Liberty Alliance has something to offer the world, me.xml is where Xpertweb users will maintain their Liberty ID, hijacked as a cooperative effort, as suggested by Andre Durand.

4:22:06 PM    

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s