Digital Identity Systems - Designing to Keep the Network Up and Spammers Out
Posted by Mike Bijon April 24, 2006
Terrell Russell commented on my earlier ID/trust post in “Can claimID provide credibility?” and a commenter there, Fred Stutzman, pointed out some great info about how trust can be built on a foundation of untrusted URL’s, as well as pointing out several ID protocols in the making: OpenID, LID, and microID.
From my comment at claimID: I think I came down harder on claimID than I meant to in my prior comment about trust and claimID. Their concept and timing is great and should offer an improvement over the current methods of validating ID’s. As far as I can tell the market is currently monopolized by the closed-system of each of the credit reporting agencies. And they certainly aren’t interested in trust or relationships (or even security, it seems) at all. It’s best we take it out of the hands of those agencies and don’t depend on eBay or MySpace to open their systems either. ClaimID is a good start toward opening things up and giving contrl back to the users, even without a working system up. I just hope Terrell and his team at claimID make the system play nice with others - thus, my continued shouting about needing a protocol or open standard so that the “complex network” described by Terrell will stay up regardless of funding, bandwidth, or any commercial players (made apparent by how hard it is just to keep proprietary soap dispensers full).
Fred (comment at claimID blog), you’re completely right about Cote’s description of the identity management process. He’s got it right and the parties he mentions at OpenID, LID, and microID are already well into implementation. Indeed, all of those systems (after a quick glance) should work well - so long as the primary users are geeky enough to own their own URL’s/hosting accounts. However, once a service is offered to freely host ID URL’s those URL’s won’t confirm anything more than having a Hotmail address does now - and in my mailbox a Hotmail URL is more likely to be spam than someone I trust. That, of course, is why closed trust systems like eBay’s are shallow but still worth something. So, we either need to restrict digital identities to a subset of people willing and able to pay for the URL/priviledge or to build in some sort of feedback loop that adds a level of trust to each identifying domain - thus motivating those hosting ID URL’s for free to keep spam registrations low or face migration away from their untrusted systems.
Mike Bijon: I'm a development manager and technologist for a smart, small marketing strategy company, 
Mike - great post. Thanks for this…these are the types of conversations we need to be having in the identity space…
two quick pointers, more later
http://en.wikipedia.org/wiki/Whuffie (read the cc-released book as well)
http://www.affero.com/ (failed attempt but something to learn from)
one quick more
http://microformats.org/wiki/vote-links (votelinks and microformats in general, expecially XFN)
Excellent links Paolo. Thank you.
It’s good to see that Technorati (in the Vote-Links link) has already proposed an open system based on simple HTML links that can accomplish most of the above. Unfortuantely it’s going to be hard to summarize the +/- votes without the help of a spider. Then again, I guess Technorati is only helped by increasing reliance on their systems. Hopefully Yahoo keeps all those Technorati guys around and lets them have enough freedom to try implementing Vote-Links in their engine.