Welcome, Guest. Please Login or Register. 2024-05-18 05:28:50 CoV Wiki Learn more about the Church of Virus News: Everyone into the pool! Now online... the VirusWiki.

Church of Virus BBS   General   Science & Technology   XID: a simple system for secure internet identity « previous next » Pages: [1]      Author  Topic: XID: a simple system for secure internet identity  (Read 489 times) David Lucifer Archon Posts: 2642 Reputation: 8.93 Rate David Lucifer Enlighten me. XID: a simple system for secure internet identity « on: 2007-02-03 15:39:17 » I think the web can be taken to the next level with a simple design for distributed secure identity I call XID (eXtensible IDentity). An XID looks just like an email address: name@domain (e.g. david@lucifer.com or lucifer@xid.neuronaut.com). The difference is what you can do with it. The key to the whole system is a very simple convention: given an XID you can use http://domain.com/xid/name to retrieve information about the identity. For example: http://domain.com/xid/name/pubkey to get the XID's public key certificate http://domain.com/xid/name/aliases to get an list of other XIDs shared by this identity http://domain.com/xid/name by itself to get a directory of information (just a table of contents) available for this XID An XID can have as much or as little security as the owner wants. For example, password protected or locked to an IP address or military-grade biometrics. An XID can be used to store and share information with selected groups, e.g. contact information (business card), credentials, contact list, bookmarks, ratings and reviews. The information published would depend on the XID of the requester. If no XID is provided only public information is retrievable. If the XID provided (or one of its aliases) is in a known group then potentially more information can be sent. For example if my XID is in your XID's friends group I may be able to see your calendar, photos and current location. Secure credentials can be implemented with XID in a couple ways. An XID can publish a certificate signed by another XID. To prove that I have an M.Sc. from the U of C I would store a text document with the details that is cryptographically signed by the public key of the U of C's XID. To verify it the requester software would retrieve http://ucalgary.ca/xid/name/pubkey (maybe the name would be left blank for organizational XIDs?) and use the public key to decrypt the document and verify the credential. The other way is just to publish a claim to a credential and let the requester software retrieve the documents from the XID of the issuer. In either case the requester must verify the credential with the issuer XID which makes it secure. Email can be signed with an XID. This will allow much better filtering and may eliminate spam altogether. Once you are signed into an XID the potential exists for you to automatically sign into any web site that supports XIDs. This would eliminate the need for a different user account on every site. Some advantages of this approach:     * easy transition from email addresses to XIDs     * no central authority, different domains can install their own versions of XID web server extensions that all interoperate if they follow the protocol     * built on existing web standards of HTTP and XML     * XID providers can differentiate on security level provided, integration with existing services, and features of the XID editor provided to XID owners Some questions:     * can you see any fundamental problems with the approach?     * would you like to help work on it? (request features, design, market, coding, testing)     * what other problems can the XID system solve?     * what is the best way to make this happen?     * can you see any way to make money from developing the system? (the answer might be the key to making it happen) Report to moderator   Logged deusdiabolus Magister Gender: Posts: 53 Reputation: 6.28 Rate deusdiabolus NEVER underestimate monkey!    Re:XID: a simple system for secure internet identity « Reply #1 on: 2007-02-14 03:17:21 » It's an excellent idea.  The first suggestion I can offer is thinking of a slightly different name, as there is already at least one biometrics company using the name XID. http://www.google.com/search?q=xid That being said, implementing crypto is a great idea, because from there each user could have a secure keyring for various facets of their XID data.  You could create a Java or Flash-type widget that could be uploaded to any website that allows HTML and/or Javascript in pagecode or profile sections that would help to link up your data.  (Admittedly I don't know if there's a way to make that work securely with crypto, but it's just a thought.) I'll post more should I think of it. Report to moderator   Logged my WR0N9 is LEGEND Pages: [1]   Jump to:Please select a destination: ----------------------------- General ----------------------------- =>Announcements =>Evolution and Memetics =>FAQ =>Church Doctrine =>Science & Technology =>Society & Culture =>Arts & Entertainment =>Philosophy & Religion =>Humor & Satire =>Creative Endeavors =>Serious Business =>Virian Book Club =>Second Life =>Free For All =>Infections =>Suggestion Box =>Test Area ----------------------------- Mailing List ----------------------------- =>Virus 2006 =>Virus 2005 =>Virus 2004 =>Virus 2003

Church of Virus BBS | Powered by YaBB SE © 2001-2002, YaBB SE Dev Team. All Rights Reserved. Please support the CoV. RSS feed