Sat 27 Jun 2020

Online Identity Management Service

Danyl Strype Public Seen by 110

Would it be possible, with existing tech, to create a one-stop shop* where a person can register an identity (eg myname.me), and point it at services, so regardless of who hosts their accounts for email, chat, fediverse, etc, another user can find and mention them using a universal ID like find@myname.me .

DNS already allows this for email forwarding, and some email services can proxy fully the third-party domain name. The same find@myname.me address can be used for both email and jabber, but only if there are email and jabber servers exclusively using that same domain. AFAIK there is no way a DNS server can respond to a request from;

* an XMPP server for a different jabber address currently associated with find@myname.me (eg me@jabber.org)

* a matrix homeserver for the matrix address currently associated with find@myname.me (eg #me:matrix.org)

* a fediverse instance for the address currently associated with find@myname.me (eg @me@instance.fed)

If these use cases are unhandled at the protocol level, there's no way a user-facing DNS management console can provide these sorts of services. Are there other existing technologies or workarounds that could be used for this? Could Libravatar be a model?

EDIT: * by one-stop-shop I mean a service that can unify an identity across a range of protocols, not that this service should be the one ID portal for everyone on the net. On the contrary, I envision a plethora of these services, as with DNS registrars today, which is why I mention Libravatar as a model. There would need to be common protocols for resolving the DNS based identifier (user@domain.foo) to the underlying address it's being used as an alias for.


Timothy Holborn Sat 27 Jun 2020

This is possible, but likely not entirely desirable for many use-cases. using a persons domain name, whilst certainly essential infrastructure to have and make use of; also means there are significant limitations put upon pseudo anonymity; meaning that all uses of anything connected to the domain, can be linked together - so, the result is 100% associated for all purposes, which can have 'unintended consequences'. The alternative is to have a legally supported framework whereby other URIs that can by law be associated to the actor is provided by infrastructure, that in-turn needs to support an array of considerations associated to ensuring 'identity owners' can migrate their accounts between providers, that the service provider be prohibited from commercially employing the data / data-service & also 'choice of law' (as to support 'rule of law'). Identity has a few different meanings, i guess - all depends on what you want to achieve.


Ubuntourist Sat 27 Jun 2020

[He boldly strides in, always happy to display his ignorance and misunderstanding... 馃槈]

While perhaps not exactly the same thing, 't'would seem that Keybase -- sadly acquired by Zoom last month (May 2020) -- might have been something of a starting point for such a service... It may still inform one's thinking about such an idea.


Jason Mark Sat 27 Jun 2020

None of these are exactly what you're asking about, but they share some similarities: https://en.gravatar.com is pretty universally supported and about.me has also made inroads with this. WordPress and Drupal (which together are something like 75% of all content management systems) have had support these two systems for 10+ years, it's even built into WordPress. That being said they're still not "universal" and it comes down to trust and marketing. Also, Apple IDs have a service where they obscure your email. https://hey.com is another service that's looking at giving you a semi-private email. Not sure if it's going to take off. I feel like what you're proposing would work best if you could piggyback off an already supported platform so that you'll have your first 10m users. I also wonder if someone like Duck Duck Go might be willing to support something like this. Imagine a combination of gmail and hey.com hosted by Duck Duck Go, based on privacy and connection. Might be worth pitching them about it.


Arnold Schrijver Mon 29 Jun 2020

Gravatar is a tracker. It is ranked #56 and according to their parent Automattic privacy policy is using this information to target ads and send PII to 3rd parties. That's why Libravatar is a much more compelling service. Not only can it be decentralized, but look at their refreshing privacy policy.


mfioretti Sun 28 Jun 2020

"Would it be possible, with existing tech, to create a one-stop shop where a person can register an identity (eg myname.me), and point it at services..."

Of course it would with existing tech. This is all already existing stuff that only needs integration and packaging. Not a simple task, but orders of magnitude simpler, and more realistic, than everything else I've seen around in this space since 2012/2013. All the desire for definitive, "perfect" solutions has accomplished since then is to let Facebook and the like double their userbase.

Wrt your question, all you have to do is turn the question upside down, because that would be the only way to go, and has been for decades now, and is future-proof, that is ready for any other service we may not even conceive now. The way to go would be, using your name as example:

your identity is danylstrype.com (or any other domain name you choose, that's no matter). A plain old, universally supported, open standard, future-proof website.

and then I can email you at email@danylstrype.com. chat in real time with im@danylstrype.com, get notification of everything you share on your website with plain old RSS (danylstrype.com/feed) or websub (https://en.wikipedia.org/wiki/WebSub) ....

I explained all this in much more detail three years ago in this series of posts: http://stop.zona-m.net/tag/mastodon . Please (I say this only to save everybody's time) read and quote directly from them, if you have objections.


Danyl Strype Sat 11 Jul 2020

This doesn't really address the question. I already have a domain name I can use for a website, and with an email forwarder, so I can redirect email sent to strypey@disintermedia.net.nz to any hosted email service I choose to use. But I can only use a disintermedia.net.nz address for jabber chat if someone is running a whole jabber server using that as its domain. I'm not aware of a way to use strypey@disintermedia.net.nz as an alias for strypey@jabber.org, the way I can with email.


mfioretti Mon 13 Jul 2020

Hy @Danyl Strype . I really think it addresses the question. Because what I called percloud in 2013 and described again in all the posts linked in my previous comment is EXACTLY a package / bundle of software that includes email, jabber and other servers packaged for personal use all under one domain name. Seven years later, judging from (lack of ) progress and mass adoption of alternatives, that architecture continues to seem to me much simpler than other alternatives to address the same question.


Danyl Strype Tue 14 Jul 2020

@mfioretti wrote:

> I really think it addresses the question.

The question is about how to avoid self-hosting, and migrate our jabber
(or fediverse) presence from one community-hosted server to another,
while keeping the same ID. You proposed this as a solution:

> a package / bundle of software that includes email, jabber and other servers packaged for personal use all under one domain name.

This is already possible. YUNOhost and FreedomBone are GNU/Linux distros
users can install to our own PC, or a VPS, and voila we have exactly
what you propose in the quote above. An individual can install and use
it for themselves, as can a small group.

But it doesn't solve the core problem here. If I set up YUNOhost, I have
to somehow contact everyone who already has me as a contact on jabber,
or follows me on the fediverse, and let them know my IDs have changed
from whatever jabber/ fediverse hosts I was using to the new ones under
my own domain. If I've been running Freedombone for a while, but I lose
my job and can't afford to keep paying for VPS (or broadband for the
personal server in my closet), I can't keep using my personal domain as
my jabber/ fediverse IDs.

The question I asked in the discussion starter was how do we fix that?


martin 鉃 Sun 28 Jun 2020

I would not base this on a 3rd party service like Keybase or Hey, nor Google or Facebook or Apple or Github. Have a look at Keycload, which seems to do this for you, and would mean you get to stay in control.


Ethan Winn Mon 29 Jun 2020

I think WebID is another approach to addressing this need, used for similar use cases in the Solid spec.

@martin 鉃 thanks for sharing Keycloak, interesting to see if it might be set up as part of a WebID-OIDC stack.


Timothy Holborn Mon 29 Jun 2020

Webid is a URI. WebID-[Auth] is an auth schema that uses a URI (IE: TLS, RSA, OIDC, etc.).

Solid (or what was called RWW) employs these tools. But the more interesting and fit for purpose patterns come when support for a Dynamic AI agent is taken I to account whereby those tools built into solid become part of a broader ecosystems solution that incorporates verifiable claims / credentials, and an array of other bits and pieces to support semantic agents, with a level of clarity / sufficiently broad functionality.




Danyl Strype Sat 11 Jul 2020

Another possible model is to use a blockchain to associate a user ID on one service with a multi-service ID like user@domain.foo in a decentalized way. This is the solution Jami uses to map human-readable usernames to the 40 character hash is uses as a unique address for accounts.



Timothy Holborn Sat 11 Jul 2020

lots of people are trying that due to the inherent value of owning/operating the private key infrastructure...

therein is the ideological point. how are the private keys managed... for grandma, for instance.

will personhood survive covid19? will liberalised democracies survive? which global gov would you pick - USA or China?

i can continue on with issues, noting i've been instrumentally involved in some of the underlying work to that sort of 'self sovereign' rubbish,

but it was useful for a different reason. nonetheless, yeah. blockchain can = v.cheap slavery shackles. i just don't support that method.



martin 鉃 Sun 12 Jul 2020

I am so tired of the blockchain hype especially in the identity domain. No matter what the solution, the crux is trust root management, and blockchain has nothing to offer in this space.


Danyl Strype Sun 12 Jul 2020

I share the scepticism about blockchain hype. But it's akin to the dotcom bubble, there are legitimate use cases for the technology, which will survive the wave of financial speculation currently engulfing it. Has anyone looked at the details of how Jami uses it, and whether it might have wider applications?


Arnold Schrijver Sun 12 Jul 2020

there are legitimate use cases for the technology

My personal opinion is to wait until these use cases have been proven to work and their technology matured. I fully avoid blockchain myself, but still read about claims for legitimate use cases on HN. They are either consistently debunked or more straightforward, more feasible solution approaches already exist. Is HN too critical wrt blockchain? Maybe, but I trust the critical thinking and judgment of HN folks more, than I trust any blockchain marketing story.. for now.


Danyl Strype Wed 15 Jul 2020

Hmm. Perhaps I've assumed shared context that doesn't exist. Jami (formerly Ring) is a serverless messaging app that is part of the GNU Project. It doesn't depend in any way on a blockchain for its core functions. But as mentioned, Jami addresses are long and hard to remember. They wanted to give users unique human-readable usernames, without running a centralized identity server, and make it as easy as possible for others to host a node. That's why they chose a blockchain approach.

@Arnold Schrijver

wait until these use cases have been proven to work

AFAIK it works right now. You can test it for yourself by installing Jami (on any major OS) and registering a username. If anyone who's looked at the code and documentation has a technical reason to criticize their approach, I'd be keen to know about it. Otherwise, the anti-blockchain sentiment is noted and let's move on to greener pastures 馃槉