I was at the Internet Identity Workshop #10 today. I have been to an unconference only once before. It looked like a chaos initially but it was organized chaos. I liked the format. Moreover, I liked how open the participation was both from the presenter and the listeners.
Anyway, while I was slightly familiar with OpenID and OAuth, I am just getting familiar with some of the problems of the initial versions of the Open ID and OAuth 1.0a. Came across several initiatives ... one of which is WebFinger.
"WebFinger is about making email addresses more
valuable, by letting people attach public metadata to them. That
metadata might include:
"The arguments against email as identifiers usually include concerns
over spam and privacy ..."
At least with the Http URI, I don't have to worry about spam. Indeed, there is a phishing problem, but as far as one knows how to protect against it, it might be manageable. How do I know that the email address I am giving to some site in order to enable it to fetch my public meta data won't be misused? Am I missing something here?
Anyway, while I was slightly familiar with OpenID and OAuth, I am just getting familiar with some of the problems of the initial versions of the Open ID and OAuth 1.0a. Came across several initiatives ... one of which is WebFinger.
"WebFinger is about making email addresses more
valuable, by letting people attach public metadata to them. That
metadata might include:
- public profile data
- pointer to identity provider (e.g. OpenID server)
- a public key
- other services used by that email address (e.g. Flickr, Picasa, Smugmug, Twitter, Facebook, and usernames for each)
- a URL to an avatar
- profile data (nickname, full name, etc)
- whether
the email address is also a JID, or explicitly declare that it's NOT an
email, and ONLY a JID, or any combination to disambiguate all the
addresses that look like something@somewhere.com - or even a public declaration that the email address doesn't have public metadata,
but has a pointer to an endpoint that, provided authentication, will
tell you some protected metadata, depending on who you authenticate as."
"The arguments against email as identifiers usually include concerns
over spam and privacy ..."
At least with the Http URI, I don't have to worry about spam. Indeed, there is a phishing problem, but as far as one knows how to protect against it, it might be manageable. How do I know that the email address I am giving to some site in order to enable it to fetch my public meta data won't be misused? Am I missing something here?
No comments:
Post a Comment