Draft identity
This commit is contained in:
parent
c8cd1870d3
commit
d955b62a1d
|
@ -10,12 +10,12 @@ Users joining Diaspora pick a pod to register their identity with. User identiti
|
||||||
|
|
||||||
`alice:example.org`
|
`alice:example.org`
|
||||||
|
|
||||||
|
Diaspora uses the Webfinger protocol to discover users from other pods. User information is returned via hCard, an open microformat standard for identity.
|
||||||
|
|
||||||
It is not possible to move a user account to another pod once created.
|
It is not possible to move a user account to another pod once created.
|
||||||
|
|
||||||
### Networking/Message passing
|
### Networking/Message passing
|
||||||
|
|
||||||
Diaspora uses the Webfinger protocol to discover users from other pods. User information is returned via hCard, an open microformat standard for identity.
|
|
||||||
|
|
||||||
Messages sent between servers are serialized to XML, then signed using the Salmon Magic Signature protocol.
|
Messages sent between servers are serialized to XML, then signed using the Salmon Magic Signature protocol.
|
||||||
|
|
||||||
### Data Storage/Message Persistence
|
### Data Storage/Message Persistence
|
||||||
|
|
|
@ -1,44 +1,59 @@
|
||||||
# Identity
|
# Identity
|
||||||
|
|
||||||
(trace online accounts across various kinds of contiunity)
|
Centralized identities are tied to a single service. Decentralized identity . Identity needs to be communicable across interoperable systems. Ideally, a user's identity would be detached from any particular service, allowing them to authenticate and migrate seamlessly across services.
|
||||||
|
|
||||||
## Use Cases/Motivations
|
# Purpose of Identity
|
||||||
|
|
||||||
Why do we care about identity anyway?
|
We will call entities with identities "actors", because non-human entities such as companies, organizations, and bots may have identities on a social network.
|
||||||
|
|
||||||
- ability to control access to private data and over an account (ie need to identify myself, this is me, this is my account)
|
Identity allows an actor to:
|
||||||
- ability to communicate with a person across platforms, ie 'send this message to X on whatever platform he is on' (ie need to find another person by their identity as a person)
|
|
||||||
- ability to track reputation and credibility of a user across platforms
|
|
||||||
- ability to identify things other than humans, ie accounts, corporations, organizations, documents
|
|
||||||
|
|
||||||
## Decentralized identity
|
- control an account and access private data
|
||||||
|
- communicate with another actor
|
||||||
|
- establish visible reputation and credibility
|
||||||
|
|
||||||
- [DIDs or Decentralized Identifiers are a W3C standard](https://www.w3.org/TR/did-core/)
|
Desirable qualities for decentralized identities:
|
||||||
Simple example: `did:example:123456789abcdefghi`
|
|
||||||
^^ scheme identifier
|
|
||||||
^^ did method
|
|
||||||
^^ method-specific identifier
|
|
||||||
|
|
||||||
|
- Interoperable or portable between services
|
||||||
|
- Unique, global, and memorable
|
||||||
|
|
||||||
## Pseudonymity
|
## Decentralized Identity
|
||||||
|
|
||||||
- reputation requires a long term handle of some sort
|
OAuth is currently the most successful identity standard. OAuth was created to securely transfer user credentials from one site to another. OAuth identity providers became centralized because users could not run or choose their own identity providers.
|
||||||
|
|
||||||
## Key management
|
### Federated identity:
|
||||||
|
|
||||||
## Key verification
|
- email
|
||||||
|
- XMPP
|
||||||
|
- Diaspora: User identities in Diaspora are tied to their pod, and cannot be migrated. Diaspora uses the Webfinger protocol to discover users from other pods. User information is returned via hCard, an open microformat standard for identity.
|
||||||
|
- Webfinger
|
||||||
|
|
||||||
## Key backup
|
### P2p identity:
|
||||||
|
|
||||||
|
P2p systems key management, key verification, key backup. Account recovery.
|
||||||
|
|
||||||
|
### Blockchain identity
|
||||||
|
|
||||||
|
Namecoin
|
||||||
|
Handshake
|
||||||
|
|
||||||
|
### Decentralized Identifiers (DIDs)
|
||||||
|
|
||||||
|
[DIDs](https://w3c-ccg.github.io/did-primer/) are a new type of globally unique identifier that do not require a centralized registration authority, and can serve as a decentralized public key infrastructure. DIDs are a [W3C standard](https://www.w3.org/TR/did-core/).
|
||||||
|
|
||||||
|
The format of a DID is: a scheme identifier, followed by the DID method, followed by a method-specific identifier. A simple example: `did:example:123456789abcdefghi`
|
||||||
|
|
||||||
## Reputation, Trust
|
## Reputation, Trust
|
||||||
|
|
||||||
## Social graph proof
|
## Social graph proof
|
||||||
- Handshake problem and collusion protection (see IRIS)
|
|
||||||
|
|
||||||
## Account recovery
|
- Handshake problem and collusion protection (see IRIS)
|
||||||
|
|
||||||
## Privacy
|
## Fail cases
|
||||||
|
|
||||||
|
Account recovery. Sybils
|
||||||
|
|
||||||
## Links
|
## Links
|
||||||
|
|
||||||
[What are Decentralized Identifiers](https://www.evernym.com/blog/what-are-decentralized-identifiers-dids/)
|
- [What are Decentralized Identifiers](https://www.evernym.com/blog/what-are-decentralized-identifiers-dids/)
|
||||||
|
- [Decentralizing the Social Web](https://hal.inria.fr/hal-01966561/document)
|
||||||
|
|
Loading…
Reference in New Issue