Slashdot Mirror
Digital Identities Now Available
Largecranium writes, "I-names, the only globally unique, resolvable namespace in parallel to the DNS system and compatible with OpenID, are being introduced during Digital ID World in Santa Clara. I-Names are only as useful as the services they enable; the services that are available today are interesting but not life-changing. The ones that are coming in the next 6-12 months could change the way people interact online. I-names and their value (today and tomorrow) are casually explained at iwantmynamenow.com." I-names are the lineal descendant of the technology that began as
XNS and continues evolving today as XDI.
Digital Identities Now Available
Excellent! Because, you know, regular identity theft was just becoming boring.
Push Button, Receive Bacon
Let's reduce this project to something simpler and more easily understood than the gibberish in the writeup.
Pay $5 to use the internet.
or
Passport.NET for money.
Either way you slice it, it's unnecessary and dumb when the alternative is free and already exists. What is the alternative? Your email address and password. On top of that, you can get virtually any email address you'd like from any number of free online webmail sites like GMale and Hotmail.
What's the point?
Could somebody explain wtf this is or would this reveal what a privacy nightmare it's going to be?
But they don't explain anything which might make me consider them to be trustworthy.
This is a skethcy sketch, methinks.
They who would give up an essential liberty for temporary security, deserve neither liberty or security - Ben Franklin
And for those who didn't get the subject line: Yet Another Twenty Bucks For A Record In A Database Scam
10 ?"Hello World" life was simple then
Why does this remind me of new.net's custom TLD registrations, that only worked if you used them as a root nameserver? (or had spyware that added that). Same thing here apparently, you register and get an "i-Name" that only works for providers that offer authentication based on it.
Ive always prefered the warm feeling of my analog identity, just like i prefer the sounds of vinyl and tubes.
The Wikipedia article on i-names says this: "One problem XRIs are designed to solve is persistent addressing -- how to maintain an address that does not need to change no matter how often the contact data for a person or organization changes."
Uhhh... I don't want persistent addressing. I like the idea that if I really wanted to, I could change my e-mail accounts or shut down my web site I have several e-mail accounts for use with different kinds of contacts: some for shopping, some for friends, some for business. I don't mix them. I don't want to mix them.
This also sounds like what Social Security Numbers have become in the U.S.: a catch-all identification number that you are asked for by every bank, employer, insurance company, hospital, car dealership, etc. I don't want to give them all my SSN. It's private, meant for government/tax purposes, but now everyone claims they need it. If I-names become popular, will something similar happen with them? (not trying to sound alarmist, just thinking out loud)
$nice = $webHosting + $domainNames + $sslCerts
...we were wondering what happened to the surviving middlemen from the B-Ark.
What's that you say? They work for "i-names" now?
"Internet sanitizers" you say? Well.... we're so delighted their safely with you.
(And not us!)
Why should we use this if PKI is free and is already proven to work?
Umm... Apple, Steve, is that you?
. o O ( TwO hEaDs ArE mOrE tHaN oNe... )
This doesn't go as far toward an actual unique and secure identity as an x.509 certificate, isn't as flexible at handling people who have the same name, has no track record for trust or security, and is controlled by a single organization.
This looks to me like someone's way to make money fast on the interweb by having a signup race for cool names at $5 (then $20) per year each.
We know how well regulated, fair, and efficient the DNS system has been.
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
A little birdie told me a totally free competing system will be available later this year.
Let my new 7-digit UID be a lesson to all - write down your passwords.
so you have to install scumware to make Inames work. How much did they pay for this slashspot? they should have spent some of that on a writer.
by John Perry Barlow
Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.
We have no elected government, nor are we likely to have one, so I address you with no greater authority than that with which liberty itself always speaks. I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear.
Governments derive their just powers from the consent of the governed. You have neither solicited nor received ours. We did not invite you. You do not know us, nor do you know our world. Cyberspace does not lie within your borders. Do not think that you can build it, as though it were a public construction project. You cannot. It is an act of nature and it grows itself through our collective actions.
You have not engaged in our great and gathering conversation, nor did you create the wealth of our marketplaces. You do not know our culture, our ethics, or the unwritten codes that already provide our society more order than could be obtained by any of your impositions.
You claim there are problems among us that you need to solve. You use this claim as an excuse to invade our precincts. Many of these problems don't exist. Where there are real conflicts, where there are wrongs, we will identify them and address them by our means. We are forming our own Social Contract . This governance will arise according to the conditions of our world, not yours. Our world is different.
Cyberspace consists of transactions, relationships, and thought itself, arrayed like a standing wave in the web of our communications. Ours is a world that is both everywhere and nowhere, but it is not where bodies live.
We are creating a world that all may enter without privilege or prejudice accorded by race, economic power, military force, or station of birth.
We are creating a world where anyone, anywhere may express his or her beliefs, no matter how singular, without fear of being coerced into silence or conformity.
Your legal concepts of property, expression, identity, movement, and context do not apply to us. They are all based on matter, and there is no matter here.
Our identities have no bodies, so, unlike you, we cannot obtain order by physical coercion. We believe that from ethics, enlightened self-interest, and the commonweal, our governance will emerge . Our identities may be distributed across many of your jurisdictions. The only law that all our constituent cultures would generally recognize is the Golden Rule. We hope we will be able to build our particular solutions on that basis. But we cannot accept the solutions you are attempting to impose.
In the United States, you have today created a law, the Telecommunications Reform Act, which repudiates your own Constitution and insults the dreams of Jefferson, Washington, Mill, Madison, DeToqueville, and Brandeis. These dreams must now be born anew in us.
You are terrified of your own children, since they are natives in a world where you will always be immigrants. Because you fear them, you entrust your bureaucracies with the parental responsibilities you are too cowardly to confront yourselves. In our world, all the sentiments and expressions of humanity, from the debasing to the angelic, are parts of a seamless whole, the global conversation of bits. We cannot separate the air that chokes from the air upon which wings beat.
In China, Germany, France, Russia, Singapore, Italy and the United States, you are trying to ward off the virus of liberty by erecting guard posts at the frontiers of Cyberspace. These may keep out the contagion for a small time, but they will not work in a world that will soon be blanketed in bit-bearing media.
Your increasi
There are folks who do want this kind of thing. Think about bibliographic citations, for example. The web equivalant is linking via URL's (URI's, whatever). The problem is, URL's may change. Let me give an example. An tenure track academic writes a paper online. It's published by the institution he/she currently works at: http://www.university-a.com/apaper.html. It's an important and influential paper, so this person gets a great offer to move to another university. Now the URL changes, but content does not.
Maintaining accurate bibliographic citations on the web is difficult, because document identities are too mutable. Many people don't really care, but a few do. A couple of efforts to address the problem are DOI's (yuck) and PURL's.
"The ones that are coming in the next 6-12 months could change the way people interact online."
So... we'll all be browsing on Segways?
One weakness of email IDs is that the cost of creating multiple email addresses is very low. A reputation-based scheme such as an auction feedback is of limited value when it is straightforward for a person to give himself thousands of positive feedbacks.
Hmm... Single sign-in... That sounds so... familiar... OH YEAH! M$ tried to push this crap down our throats for free. Maybe these guys will try to sue M$ for their 'single sign-in' monopoly when they utterly fail to have anyone even care.
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
Stupid writeup, sounds like cut straight out from some glossy marketing press announcement.
These are not identities, but paid-for logins. Wake me up when you implement a true identity - one login per meat-puppet per lifetime, please.
It sounds like a single-sign-on system like Microsoft Passport (only w/o Microsoft). I didn't see any discussion of authentication. Microsoft used a central Microsoft controlled database. Companies were reluctant to allow Microsoft to be an intermediary between them and their customers. (And were more reluctant to pay another Microsoft tax). Consumers were wary of a central database of ID's controlled by Microsoft. I saw no discussion of how authentication is supposed to work with this system, or more importantly who maintains the database(s) of credentials. For that matter, I saw no discussion of verification - I register 'George.Smith' and associate it with some contact meta-data. Do they verify any of that? Can I register 'George.W.Bush' or 'Bill.Gates'? So far the site seems mostly to tout the low price. Great, it's cheap. What do I get? And why would I want it?
[Insert pithy quote here]
Slashdot already has adverts around the sides of the stories. We don't need the stories to be adverts as well.
Just registered my name with 2idi. The credit card process works fine, after that, nothing happens. $5 gone, no name registered.
I like the idea of being able to give organisations revokable pointers to my details. As long as the organisation which kept the details was transparent and accountable, I'd be fairly happy about using it. Get credit card companies to use it to reduce fraud (somehow) and maybe you've even found a way to finance it: greater online security might encourage more online purchases...
The biggest flaw in the proposed scheme (if I understand it correctly) is that the reference you give each organisation is the same. Even if you can restrict access to personal information, companies can share information and put together your profile, just like a cookie only worse.
Wouldn't a better idea to use a secret key system, and each organisation can generate a request for your details which, if approved, gets signed by your secret key and returned to them. They never get your ID, so they can't profile you more than you want to be profiled. If you like, you can "delete your cookies" every 12 months.
Ideally all correspondence would also go through a level of indirection, meaning they'd never have ANY of your personal details - they'd be given a unique email alias, and a meta-address for snail mail that the postal service would recognise and treat correctly.
I don't claim to be an English Professor or that I never make grammatical or spelling mistakes. However, if I want to trust someone with my identity, wouldn't I want a company that can proofread their website before publishing it? Two spelling mistakes that I caught in about two minutes should equal about 20 errors found by a more compitent person. Just my observation.
"brix_zx2, What is your sole purpose in this forum!?!?!"
"To do whatever you tell me MODERATOR!!!!"
Funny, TFA didn't even mention Nigeria or a dead Uncle.
"The ferrets, they're every where I tell you!"
...and it's called "Anonymous Coward". You'll find me all over the place here on /. ;-)
--
digitally signed, (using my own digits)
Anonymous Coward
Laws do not persuade just because they threaten. --Seneca
What, exactly, does this provide that email does not, save a place to throw money away and a vector for fraud and identity theft? How is this not the worst business model since the :CueCat?
Laws do not persuade just because they threaten. --Seneca
It would be neat to be able to post comments on many websites without having to register for each of those sites.
...
.au domain is in the process of becoming a cesspool with the Domain Monetisation rules of auDA. If there's a single word to describe what involvement in DNS policy setting and discussion causes, that word would have to be "insanity". If there's a single word to describe the driving force behind the DNS, that word would have to be "greed".
It would be neat to participate in a worldwide reputation system ala Cory Doctorow's whuffie (see Down And Out In The Magic Kingdom).
But
It won't be neat to store private information in this identity system.
It won't be neat that websites you visit can find out more about you than you wish to tell them.
It won't be neat to have to fork out $5 or $20 for a record in a database.
These people seem to be confusing some desirable outcomes with undesirable ones and assuming that all the people are looking for the undesirable ones too. Why should I tell some central database my shipping address? I don't find it too difficult to type in. And I am concerned about who or what can obtain that information from the central database. Apparently they think that websites all around the world should be able to obtain my shipping address. Perhaps there are some controls on distributing this information, but I distrust that they are secure. How can I ensure that only those websites which I choose, can know my shipping address? Presumably the best way is if I type it in afresh for each one.
I believe that single sign-on is useful only if it's a pseudonymous sign-on. The marginal utility is still arguable - I could get a pseudonymous email address. I could prove that I'm the owner of that email address with a signed gpg message.
So these people, who want $5 or $20 for what is essentially a record in a database, are setting themselves up as the monopoly provider of this database. This is the Napster of identity systems. If, as they hope, centralised identity catches on, they hope to be the monopoly provider - the Verisign of identity databases, if you will. I think it won't catch on.
Let me put my cards on the table. I support the destruction of the Domain Naming System. DNS has become a cesspool (and not recently either). The
The DNS has moved well beyond its original purview as a hierarchical database of resources. Its primary purpose now (or at least, the purpose of the majority of domain names registered) is advertising. DNS is one of the few Internet resources which suffers from scarcity - and this scarcity is carefully maintained by registrars and policy setters in order to obtain the maximum revenue from the DNS. You might argue that DNS can't be scarce - with a 64-character wide namespace in each component - but you'd be wrong, because all the good names are taken, and all the short names are taken, and what's left for you to register are long convoluted words which are scarcely easier to remember or type than an IPv4 address. (IPv4 addresses are also scarce, but there's less greed and insanity in the allocation policies, and besides we have IPv6 waiting).
The big problem with the DNS is that it's centralised - from the root servers down it's controlled by the czars of ICANN and the regional registries and policy-making bodies. The folks who ran alternate root servers were early recognisers of this problem, but their solution failed because it didn't address the universal accessibility and uniqueness requirements.
Unfortunately, and perhaps in part because so much of the namespace has been used for junk websites (advertising, typosquatting, link farms, etc) the rules make it pretty easy for the registry or registrar to cancel or transfer your domain name if you do something they don't like, or if you run afoul of a corporation with plenty of money to raise a dispute. GoDaddy for instance will cancel your domain name if your website doesn't meet their rules. If your
This doesn't go as far toward an actual unique and secure identity as an x.509 certificate
This idea is orthogonal to the purpose of a certificate. In fact, the ideas are complementary. The purpose of a certificate is to attest to a binding between some identification information and a private key which can be used to identify the holder of that identification information. All of the information in a certificate is visible and static. The (theoretical) purpose of this i-name is to be a link to a bundle of identity and authentication information, with per-viewer control over what parts are available. The i-name lacks any third-party validation of the information, but is dynamic and selective. I can see value in adding one or more x.509 certs to the i-name bundle. Certificates are also useful only to machines, where i-names (like email addresses) are designed to be usable by people. It's practical to write my email address or i-name on a piece of paper and give it to you.
isn't as flexible at handling people who have the same name
Were they to become widespread, i-names would be opaque handles. Kind of like most peoples' email address.
has no track record for trust or security
True. Of course, this is the case with many of the companies we deal with on-line.
and is controlled by a single organization.
From what I read, I don't think this is the case. I think it's intended to work much like the domain name system, where there can be any number of registrars.
This looks to me like someone's way to make money fast on the interweb by having a signup race for cool names at $5 (then $20) per year each.
Very likely.
We know how well regulated, fair, and efficient the DNS system has been.
Yes, we do, and it's been okay. Not perfect, certainly, there have been some domain name disputes whose resolution was just wrong, but on the whole the DNS system has worked reaonably well.
One way in which the i-name system appears to improve over DNS is in the splitting of the namespace into organizational and individual realms. That may allow individual i-names to be inexpensive and still be relatively unsquatted (because they're just not very valuable), while the higher prices on the more valuable organizational names may deter rampant squatting in that namespace. OTOH, the i-name system lacks the division into .com, .net, .org, etc., and country spaces, which may make names more valuable.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
... can I use it with my CueCat?
Anonymous Kev
Proudly posting as AC since 1997
(Finally got a dang account in 2004)
You see?
Their carefully designed business plan (carefully designed to extract the maximum amount of cash out of Venture Capitalists, perhaps) has been trumped. All it took was a few hours and some random Slashdot dude (thank you nfarrell) came up with a better technical proposal.
1. Post crapola business plan to Slashdot
2. Wait a few hours
3. Pick the best revision of the plan
4. Profit!
you mean like the other i-name sites that have all charged 20 dollars a year?
Tired of hacking sites only to steal customer information for a single company? Ever wish you could compromise them all at once?
Well, now you can. With i-names! Sign up today!
I was reading this and thinking haven't other companies tried this technique? If you have a trusted digital certificate from Thawte or other trusted authoritiy then you are almost doing this. I think they are taking it a step forward and combining other information, but why pay for something that isn't going to be widely excepeted by everyone.
(Emphasis mine)
Uhm . . . uh . . .
I am overcome with irony.
Microsoft is to software what Budweiser is to beer.
To all you who call this nothing but a database scam, ala the darknet DNS registries, you're dead wrong. i-Names is the popular name for XRI, which is an OASIS standard. Those who sell i-Names are not fly-by-nighters just trying to make a money grab. They authorized by the XRI governing body to do so, and are the exact equiavalent of a DNS registry. There are a dozen or so i-Names brokers. The entire system interoperates. Many of the i-Name brokers are also DNS registries, such as Neustar.
/.) do a little research. Yes, centralized authentication is one part of this. But there's a whole bunch more. In XRI, services are user-centric, not server-centric. i-Names have i-Numbers in a similar manner to which DNS records have IP's. iNumbers map to a particular broker's server which obey's the iName's contact restrictions, and allows a person to provide services associated with themselves as a person. These services may, for instance, be include a basic web page, and in that way would be similar to a URL. But the service might just as well be email, a VOIP address, heck a dating service even (who want's a piece of me?). The services do not replace things like email and VOIP. They abstract them. They provide a layer where you control who communicates with you and how.
XRI is an open standard, and the only such standard that there is. Saying that an "open source" free alternative will soon present itself is absolute nonsense. That's like saying, "Soon a free alternative to DNS will be available". Almost every post I have seen here is treating i-Names like some company. It's not. Stop arguing with me. You don't know what you are talking about.
I think you guys should stop shooting from the hip, and actually (I know this is asking a lot on
The key point here is that while the services may have backward compatibility bridges in place to allow interaction with the non-XRI world, they are particularly designed for comunication between two different identities, which communication is arbitrated by the rules which both parties establish. It's a new way of thinking about services on the net, and as such it's going to take you all a while to wrap your minds around it.
Don't let the similarities to MS passport scare you. Yes, there are some common ideas, but XRI goes much further, for it provides a generic framework for a wide variety of open source services, vs. a closed system which is little more than a single-sign-on.
Mir tut es leid, Menschen daß Einfältigfehlersuchenbaumfolgendenaffen sind.
x.509 certificates essentially say "This is who I am, according to this trusted authority. Further, with this identification I've presented to you, you can secure your communication to me."
The "Who I am" is more than just my name. It can include my name, address, and other identifying features which make it far superior to simply a name. There is the uniqueid part, and then there is the name part. They are not the same.
What would help much more, is for x.509 to become more widespread. I suspect that eventually it (or something like it) will end up with governmental buy in. A passport, for example, could eventually include a publically verifiable x.509 certificate. Keeping the secret key part secret would be a challenge -- possibly a physical item like a secureid card embedded in the document itself would be needed.
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
Identity systems can provide real value even if they're pseudonymous and even if IDs are easily acquired: Attach an externally-queryable reputation system (with privacy policies, of course) that makes one's *history* a commodity worth accumulating. Factors in one's reputation could include length of tenure & types of transactions.
Think about it... anyone can get an eBay ID, but have you seen many spambots with a high feedback score? Whether allowed or not, there's not *that* much benefit in getting a new ID. Sure, you might be able to escape the stigma of your past transgressions, but the cost of doing so includes becoming a newbie, an unknown. Using the eBay example, many folks (myself included) won't engage in transactions over about $10 with people having short tenures, few transactions, or poor feedback scores.
Ultimately, I don't need to someone's real identity in order to make a sound decision about whether to engage in a transaction with them - I just need to know that I'm really dealing with the person that's legitimately associated with the ID. So IMO, if an identity system provided robust security against spoofing, an effective history evaluation mechanism, and an effective privacy policy implementation, I'd be all for it, even if it cost a few bucks.
The above qualifications don't seem to apply to the system in TFA - at least not at present. If they get something that robust off the ground though, I'll change my evaluation of them from "expensive row in a database" to "useful and valuable service."
Pi Ran Out
If I want an openid compatible service why wouldn't I just sign up with myopenid.com ? (Actually I have, it works to post livejournal comments, log into zooomr, etc.)
MORTAR COMBAT!
WTS /. User account, excellent karma, 4 digit ID. No journal entries, friends list of pro-linux advocates, many fans, no freaks.
Starting bid of $500.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
I regret to say that we do not currently have a Smalltalk/Seaside implementation of OpenID available. (For some reason, the guys who do the numbers here don't think there's that big a market for it.) However, we do have Ruby (on Rails, if you like), Python, Perl, and maybe some C# and Java, in addition to the PHP.
OpenID Enabled
"iwantmynamenow.com" is only one OpenID service. A better place to start is at the OpenID wiki.
Here it is:
http://www.lifewiki.net/openid/OpenIDServers
In the same way that small-minded investors can be lead down the path with promises of ever increasing returns, only to be completely divested of their money (which they would never, ever part with any other way); the same way that Libertarian individualists can be cataloged and spied upon and boxed into legal and financial dependance on a State with which they would have nothing to do with; SO freedom-loving, cranky isolationist /. reading netizens can be duped into Silos of Feudal Identity management, and abridgement of every possible privacy, through ever longer EULA and massive clandestine weasle-itis by the Presidents of Vice.
What part of "user-centric" and Federated don't you get?! Do you have any idea of how carefully these proposals are scrutinized and vetted, and the caliber of minds on this project. I won't deify Lessig, but think in those terms.
How many of you are taking a pay check from some giant institution, at the same time roaring violently over Five Dollars? Where does the money come from to build Internet Scale infrastructure? More Ads?
Read up a little, and maybe you wont be so quick to bite the hand that is very abely trying to defend your collective Libertarian hides, while at the chasm of totalitarianism on sooo many levels....
x.509 certificates essentially say "This is who I am, according to this trusted authority. Further, with this identification I've presented to you, you can secure your communication to me."
Other than not mentioning the use of the key pair to encrypt communications, that's exactly what I said. A certificate binds identification information to a key pair. All of the information in the certificate is visible and static, whereas an i-name is dynamic and visibility of the contained information is configurable per-recipient. Assuming it's very easy to generate lots of certs, you could, I suppose, generate different copies with all necessary permutations of content, and regenerate as-needed when the contents change, but you'd still have to have a good way to deliver the updates to all of the right people.
One good way would be to add the current cert set to your i-name profile, and make sure that each authorized reader can see the right cert.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Don't worry about id theft, just don't use it. This article is pure spam. On the first page (http://openid.net/): "This will be free, it benefits everybody." From iwantmynamenow.com, OTOH: "Act now we don't know if we can keep prices this low!"
Bet dollars to pesos largecranium is affiliated w/ that website. Don't buy it, in either sense of the word.
The majority of the comments so far only show how poor the online identity problems are percieved even by the geeks around here, and even though almost all of us have them. So the problem that OpenID and similar identity protocols are trying to solve is... :
"Wouldn't it be nice if, instead of keeping a long list of usernames/passwords for all the sites you have registered at, there could be only one that can be used anywhere, and keeping everything secure of course?"
A typical use case would be:
- you get up in the morning, start your browser, authenticate at your Identiti Provider (which YOU have chosen or you can even host it yourself), and you are password-free for as long you keep the browser open (or configured between you and your IdP)
- you go to a site which requires you to login, and supports OpenID
- put it your ID (no password), and click login
- the site resolves the ID and contacts the IdP to obtain an assertion about the user's identity
- (the cool part) the IdP prompts you (the user) about the information that's requested so you can approve the transaction
- (optionally you can streamline the step above for trusted sites)
- you're logged in!
And all except the first step happened in a couple of seconds, with a click. The only thing you have to remember is your ID and password at your IdP, not a whole bunch of them!
Trying to answer some of the questions I've seen:
- Can something like this be done with emails as identifieres? don't think so.
- Is this secure? Yes, but don't take my word for it. Go check the protocol specs. This is what's called user-centric: the IdP needs the user's approval for all authentication requests, and the data disclosed along with them.
- Are the $20 XRIs mandatory? No, you can use URLs as identifiers, though there are / may be costs associated with them as well (registration, setup and hosting, depending how much you want to "own" them). The XRIs are the full service package.
- Are you stuck with an ID for life (someone said he liked being able to regularly change IDs)? No - you can get as many as you want, but if you do want to stick to one - you can, and you will still be able to switch Identity Providers (this is done through the delegation feature).
So please check a bit into the details of it before bashing it, or watch this presentation which explains it pretty well (though it's not OpenID, but something similar):
http://www.identity20.com/media/OSCON2005/
Disclaimer: I do work in this field.
Why, oh why, are I-names (and every other login on the planet) so restrictive? No accents, no question marks, no symbols but periods, hyphens, and underscores, no Unicode, even more restrictions on first and last characters, and God forbid you use spaces!
Why? Supporting these things is trivial! Trivial!
i'd hit it so hard, if you pulled me out you'd be the king of britain [bash.org]
Really. I got an I-name several months ago. Why are they just reporting it on Slashdot now? With the links, I'd say one of the I-name brokers slipped off an advertisment as an Slashdog "editorial".
A few years ago when .name came out I registered my name, John.Doe.name or whatever. I did the whole family, it was pretty cheap. But then we never used them and there didn't seem to be much point. Still it seems like if you want a name space for people's names, it already exists. And it's only $10/year.
Even a brief layman's overview of XDI reveals that it includes in the design of the protocol what are called "link contracts", but which are really just a thinly disguised excuse to place restrictions - rights management - on how remote data on the Web can be accessed and shared. This is yet another step, begun with things like Macromedia's Flash, to obfuscate and control content on the Web. Gone will be the days when any file accessible on the Web is inherently FREE, as in beer. You'd think the open source movement would be all over this, blocking XDI and spinoff crap like OpenID just as fervently as they've fought the broadcast flags and all the rest... so why aren't they?
If XDI or some spinoff existed in wide use today, the Angelides and the Democrats in California wouldn't have been able to access those damning racist comments by the Governator.
If this is the real agenda of Web 2.0, to end the open-source nature of the Web and HTML for good, then no thanks, I'll stick with Web 1.0 for just a while longer.
How does this compare to having an OpenPGP key? I know OpenPGP and trust it. Who is this newcomer and what do they have to offer that an established standard does not?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.