Digital Identities Now Available

Largecranium writes, "I-names, the only globally unique, resolvable namespace in parallel to the DNS system and compatible with OpenID, are being introduced during Digital ID World in Santa Clara. I-Names are only as useful as the services they enable; the services that are available today are interesting but not life-changing. The ones that are coming in the next 6-12 months could change the way people interact online. I-names and their value (today and tomorrow) are casually explained at iwantmynamenow.com." I-names are the lineal descendant of the technology that began as XNS and continues evolving today as XDI.

excellent!

[macadamia_harold]

Digital Identities Now Available

Excellent! Because, you know, regular identity theft was just becoming boring.

Re:excellent!

[rf0]

Now people can go virtual dumpster diving to find out all about you. I will be hoenst that I don't quite understand how this works but from the little I picked up there may be 3rd party broker services. How long before one of those loose a laptop or similar?

Re:excellent!

[macadamia-harry]

Excellent! Because, you know, regular identity theft was just becoming boring.

Not with a name like macadamia_harold!

Re:excellent!

[Poltras]

Yeah I've been virtual dumpster diving my brother's trash can for a while now...

Big words make BadAnalogyGuy crosseyed

[BadAnalogyGuy]

Let's reduce this project to something simpler and more easily understood than the gibberish in the writeup.

Pay $5 to use the internet.

or

Passport.NET for money.

Either way you slice it, it's unnecessary and dumb when the alternative is free and already exists. What is the alternative? Your email address and password. On top of that, you can get virtually any email address you'd like from any number of free online webmail sites like GMale and Hotmail.

What's the point?

Re:Big words make BadAnalogyGuy crosseyed

[Vihai]

email address and password do not work, unless you want everyone to know (and, why not, use) your password.

email address and a digital certificate are fine, thought. The critical point becomes the CA, but there are good solutions to that.

Re:Big words make BadAnalogyGuy crosseyed

[jimstapleton]

GMale? That doesn't sound like a place to get email addresses. I'm not even gonna tray that on my browser, I can easily guess what it'll bring up...

Sorry, I just found the typo amusing.

Re:Big words make BadAnalogyGuy crosseyed

[Shaper_pmp]

I dunno - it seems like a potentially interesting idea.

It would be useful to have a single point of contact which doesn't ever have to change. For example, for one reason or another, most people I know seem to change their e-mails or mobile numbers at least once every few years. (PEDANTS: Yes, yes, I know, you've had yours for the last three centuries. Sit down - I said "most people". I'm not talking to you.)

If you could have a system that makes that unnecessary (or at least, painless for all concerned), surely that's a good thing?

If you want to change your identity, you simply register a new i-name and let the previous one lapse.

If you want to (for example) change your e-mail address or move house you just update your info in one single place, safe in the knowledge that people can still contact you. No more phoning around banks, credit card companies, utility companies, phone/broadband companies, loyalty card companies, friends, relatives, etc, etc, etc, etc, etc.

If you want to avoid someone you simply revoke their privileges to read your contact info. If they happen to remember your info even so then simply change it (see above). Even better, once the infrastructure's in place you set your e-mail client/phone/whatever to check your i-name privileges before allowing the e-mail/call through each time.

The only bit that made me really itchy was the associated idea of i-numbers which are "registered to a person... and never reassigned" - why no facility to change them (eg, if they're compromised)?

However, this is only even mentioned on a third-party site, and there's no indication at all that it's a necessary or even optionally included part of what iwantmyname is doing.

Sure, if you're an uber-geek you can presently hack together a system that allows you to dump out info from a central resource (eg, a website), you can require people to log in with a unique username and password before they can see your contact info, you can present different info to different people and selectively killfile people, and you can hack together something that'll make some mail readers automatically check this resource and filter your mail accordingly, but that doesn't mean:

• It'll work well
• It'll always work (start a new corporate job which mandates using Outlook Express, and try getting that to killfile based on your hacked-up solution)
• It's within the reach of 99% of the population
• It's remotely standardised
• Anyone will be bothered to jump through the hoops you've set up to bother contacting you in the first place

I mean, even though it's possible, and even though it would save a lot of hassle when moving house/job/e-mail/phone #/whatever... how many of you have actually bothered to do it?

Sure, if they're conning $5 out of you essentially for snake-oil then by all means all throw your toys out of your prams. However, (less some important caveats) it sounds to me like an interesting proposal, which could improve life on-line immensely if you have enough control, it's secure and it becomes widespread.

Re:Big words make BadAnalogyGuy crosseyed

[jimstapleton]

bwahahahaha. Touche (don't know how to do the accent, sorry).

Re:Big words make BadAnalogyGuy crosseyed

[Shaper_pmp]

Touché

Like that. Bwahahahaha.

Re:Big words make BadAnalogyGuy crosseyed

[jank1887]

ASCII (extended) escape sequence 0233. So, within windows, hold down ALT and type 0233 on your numeric keypad (TEST: é). Translation to HTML questionable when fed into a text field. If it takes HTML, the HTML escape sequence is &#233. (these comments seem to keep that as plaintext no matter what you select in the comment format drop down box (HTML Formatted, POT, xtrans, etc. The code option displays the Test character above as the html escape code, however.)

Re:Big words make BadAnalogyGuy crosseyed

[jimstapleton]

ahh, thank you, the codé is the piécé information that I was missing.

Re:Big words make BadAnalogyGuy crosseyed

[lavaface]

I think it's a little more than that. I first came across XDI when I was researching open alternatives to Myspace. I signed up for friendster several years ago but never really used it much. When I finally got a myspace account, I had to fill out the same info yet again (interests, etc). On top of that, I found the myspace interface annoying. What would be great, I thought, would be a basic profile that could be shared across different sites. Kind of like a vCard on steroids. Something that would preserve your relationships with other people. XDI makes this possible.

I found the following article on XDI a good introduction: The Social Web: Creating An Open Social Network with XDI I encourage anyone interested in trust networks and reputation systems to read it.

I suppose mentioning Myspace is no way to ingratiate myself with the Slashdot mods but I think that the underlying model paves the way towards The Net in Osrson Scot Card's novel Ender's Game. For those unaware, The Net is a global forum of governance. Different "salons" debate policy issues and are voted upon. It's distributed democracy.

To just wrap up my short post (it's too early still), these issues are rather abstract, but will become more important as our world becomes increasingly interconnected. Another essay on the general subject is by Shawn Murphy, the man behind Nooron. He explains the idea behind nooron in How to Build a Global Brain I've submitted links on nooron and XDI to slashdot before, only to have them rejected in favor of the latest iPod "killer." So it's good to see something finally published . . .

I'll post more later after breakfast and coffee . . .

Re:Big words make BadAnalogyGuy crosseyed

[bogado]

In fact there is an easier way to translate "é" to HTML, é this is 'e' with and acute accent and it works with other letters also :

á = á
é = é
í = í
ó = ó
ú = ú

In portuguese we use those, but they have the inverse function they make the letter sound in a higher tone so 'é' in portuguese sounds like 'bed' while in french it sounds likes "touché".

Re:Big words make BadAnalogyGuy crosseyed

[bogado]

Where is the preview button when you need it... Those are :

& aacute ; = á
& eacute ; = é
& iacute ; = í
& oacute ; = ó
& uacute ; = ú

Without the space, obviously. :-)

Re:Big words make BadAnalogyGuy crosseyed

[Denial93]

> a single point of contact which doesn't ever have to change

Ever as in: as long as you pay $20 every year?

It doesn't make sense in any way, for customers. For people who seek to collect all data about you and are forever after a unique ID (see SSN) to organize their victi^H^H^H^H^Hcustomer database more effectively, it must seem like something really worth looking into. I reckon we are seeing a particularly blatant grab for investors money. More power to the guys who do it: stupid investors need to be burned every once in a while.

Re:Big words make BadAnalogyGuy crosseyed

[jank1887]

and just for further FYI, here's the page where I looked up the codes: Charlie's Extended ASCII/HTML Codes

Re:Big words make BadAnalogyGuy crosseyed

[Shaper_pmp]

"Ever as in: as long as you pay $20 every year?"

And how much do (for example) domain-names cost? And are they remotely as useful as this? This is like a meta-domain name, a meta-e-mail address, meta-phone number and meta-postal address all in one.

"It doesn't make sense in any way, for customers."

What, you mean apart from all those ways I listed in my previous post?

Hello-o?

"For people who seek to collect all data about you and are forever after a unique ID (see SSN) to organize their victi^H^H^H^H^Hcustomer database more effectively, it must seem like something really worth looking into."

Please explain how a repository of personal contact information that you personally grant access permissions to on a user-by-user basis is a boon to marketing scumbags.

And FWIW, if you've got someone's name and e-mail address you can already de-duplicate them almost perfectly anyway. This provides very little real advantage in that case.

Also, nothing says you can't still just abandon one i-name and simply register another one.

Re:Big words make BadAnalogyGuy crosseyed

[swillden]

Ever as in: as long as you pay $20 every year?

Just like I pay $35 per year for my domain name. If this becomes widespread (which it probably won't), prices will come down. Plus, these i-names can be hierarchical, like domain names, so you can, for example, register = and then give i-names to all of your family members, and they won't have to pay a thing.

The part of the idea that I'm most skeptical of (well, other than the idea that it will actually be used) is the notion that you can "withdraw" access to your information. I think people and organizations would just snag all of the information you allow them to have, and then store it. Sure it might eventually get out of date, but if you used the i-name mechanism to provide long-lived data like your address or phone number, it will be good for quite a while. Even with a system like this in place, if you want to control access to information about yourself, your only real option is not to ever give it out.

There's also the issue that the i-name servers would become nice repositories of information that identity thieves would love to get their hands on, but it's not like there aren't plenty of those around already.

Re:Big words make BadAnalogyGuy crosseyed

[wfberg]

Please explain how a repository of personal contact information that you personally grant access permissions to on a user-by-user basis is a boon to marketing scumbags.

I have a website.
It has a contact form.
Wanna contact me, fill in the form, I gets e-mail and decide what to do with your request.
Costs me less than $20/year, and it works with everybody's existing setup.

Single sign-on? Bah. Either I care about my "identity" on some site and create an account, or I'll just be an anonymous coward (or even create an account using spam.la).

Solution looking for a problem?

Re:Big words make BadAnalogyGuy crosseyed

[wfberg]

I have a way to share a single profile across multiple sites.
It's called; my website.
Simple huh?
Works with any webbrowser.
If you're sick of filling in the same info for every site you come across, you can use the automagical form-filling thingy in your browser already. That is, if you even WANT to leave the same (presumably correct) information on sites like myspace. As far as I'm concerned, they'll get nothing more out of me than 90210 for a zipcode.

Re:Big words make BadAnalogyGuy crosseyed

[Tim+C]

Also, on Windows at least, é is alt gr-e. (Test: é)

Re:Big words make BadAnalogyGuy crosseyed

[mgblst]

Wow, so in several years you had to fill out the same info? Not really that much of a hassle, is it, unless you are signing up to these sites every week or so. Is it really worth the loss of privacy? For example, some sites you want to have your phone number (you bank), but most you probably won't. Some you will want to have your address (ebay), but most you won't. But each site will have access to all your information, and they will won't more than they need, because information is useful.

Re:Big words make BadAnalogyGuy crosseyed

[swillden]

You pay 35$ a years for you domain name?

WHOOOOOSSSSSHHHH

Re:Big words make BadAnalogyGuy crosseyed

[Zeinfeld]

There is one name system for the Internet: the DNS.

Establishing critical mass for a directory scheme requires a huge amount of work. Establishing critical mass for a proprietary scheme which is intended to displace a large, deployed and reasonably open scheme is doomed from the start.

The XDI scheme is controlled through a series of patents which have been vested in a 'non-profit' entity controlled by the original owners which in turn re-licensed them back to the original owners. This series of moves is alleged to make it an 'open standard'.

I think that we will end up using a range of URI identifiers with OpenID in different contexts. In the end though the email identifier is the simplest one for people to use and is the least cluttered. People understand username@example.com.

I don't think that the spam issue is a problem. I can use an identifier without accepting email from everyone who uses it. People want to provide a contact address, they just don't want it to be abused. Anyone could post annoynmous, contactless posts to USENET, people used Wizvax and Julf's annoynmous services because they could receive replies.

So one way for identity providers to compete would be by offering better, more effective means of filtering of contacts. Some identity providers would not accept any email at all, others would relay everything unfiltered. Most people would use (pay even) for services that provide filtering of contact requests.

Re:Big words make BadAnalogyGuy crosseyed

[rduke15]

on Windows at least, é is alt gr-e

No it isn't. I may be on your keyboard layout (English UK or English US-International?), but not "on Windows" in general.

On most European keyboards, Alt-Gr-E is the Euro sign.

Re:Big words make BadAnalogyGuy crosseyed

[Shaper_pmp]

Sorry, but this is so daft I barely know where to begin...

Surely by that metric you can write off the telephone, post, semaphore and morse code as "a boon to marketing scumbags", too then?

In fact, since you can apparently select precisely who gets to see what contact information using i-name, and you can't easily filter who completes a form on your (very public) website, your "solution" is clearly deeply defective compared to the one you're disparaging.

But lets take your assertions one-by-one:

I have a website.

Most people don't, therefore while this may suffice for you, it won't for the rest of the population. Ergo it's not a general solution. Next!

It has a contact form.

Many people don't have the time or knowledge to set one up, or simply can't be bothered. Therefore WTMSFYIWFTROTP.

Wanna contact me, fill in the form, I gets e-mail and decide what to do with your request.

Brilliant. Except that unless I know your URL I can't.
Or if I'm away from the computer but right next to a phone/envelope and stamp/fax machine/semaphore flag/whatever I can't.
Or if you're away from the computer (etc) I can't.
Or I want to send one message to multiple recipients (say, announcing a party to friends), I can't.
Or...

That's 0-for-three so far, then.

Costs me less than $20/year, and it works with everybody's existing setup.

Not even nearly. Unless by "works with everybody's existing setup" you mean "it's theoretically possible to contact me in one specific way if you jump through enough hoops first".

But frankly if you don't see the advantage to a single-point-of-contact that allows people you choose to choose their own method of contacting you (e-mail, telephone, post or even fill-in-a-web-form), depending on what you've chosen to allow them to use... well, I don't know where to begin.

You do understand the concept of convenience, don't you? And how, if you make yourself hard to contact, people won't bother contacting you as much? And how while they don't like spam, most people want to be contactable by other people? And how most people instinctively see the problem with, for example, living like a hermit at the top of a mountain, refusing to talk to people unless they contact them in sign language while wearing one blue sock and chewing on a rabbit's foot?

Just checking, because from your response you'd never know it.

Fine. You have no need of i-name. Other people might find it really useful.

So it's not useless or pointless, because many people will have a use and a point for it.

You != everybody.

What's so hard about this to work out?

Re:Big words make BadAnalogyGuy crosseyed

[Guignol]

I don't really know much about this, but couldn't you also rely on 'trustable' entities for this kind of data ?
I mean, who would need your address in the first place that you feel you would want them to 'not know anymore' ?
I suppose you (correct me if I whoosh too :)) are thinking about some online store that needs to ship whatever you bought online, maybe to facture too.
couldn't that also rely on external services ?
(the online store ships with only your digital identity that the delivery service (dhl, fedex, usps, whatever) is able to translate into your shipping address because it is the one trusted organism for this particular piece of information)
I guess the first idea is precisely not to have to hand out information that really shouldn't be out in the first place...

Re:Big words make BadAnalogyGuy crosseyed

[jank1887]

umm.. for other ignorant people in the U.S. like me, the AltGr key is explained Here

in short, it's the Right Alt Key on International Keyboards. Layout shown on that Wikipedia page. (for non-US'ians, US standard keyboards just have identical left and right Alt keys.)

Re:Big words make BadAnalogyGuy crosseyed

I have my own Star named after me. Plus, for vacations, a square foot
of land on the Moon. Why settle for a name on the Innernet?

Re:Big words make BadAnalogyGuy crosseyed

[wfberg]

Wow. You're really crabby about this.

I'll just point out the obvious ones
1) How would people know my URL? How would they know my "i-Name"? Hey! Same thing! FWIW there already are X.500/LDAP directories on the web (one was even pushed by microsoft and included in NetMeeting) and guess what, no one really thought it convenient enough so that it rose to any sort of popularity.
2) you can't invite all your friends to a party? Why, perhaps they're not all on "i-name".. Perhaps I don't want to receive mass mailings ("boon to marketing scumbags") unless I specifically hand you my e-mail address?
3) "if I'm away from the computer but right next to a phone/envelope and stamp/fax machine/semaphore flag/whatever" - great, so you've got working implementations of the directory for all those media, huh? Ohh, that's right, you don't.

But wait a minute. There's NO service on offer. But it's being sold for $5 a year!

What is convenient about that? A convenient way for me to pay $5 per year (a limited time offer, that goes up to $20) FOR NOTHING IN RETURN.

What's so hard about this to work out?

Taking $5 for nothing in return = scam.
What's so hard about that to work out?

Friendster, myspace, orkut, facebook, etc. aren't about finding someone's contact information based on name, if you haven't figured that out yet. Besides of which a flat namespace like i-name's will only result in cutesy names like tggrgrrrl16, since Jane.Doe will have been taken already. Much like the usernames on hotmail, gmail, oh wait, myspace etc.

You seem to be a bit too enthusiastic about this. Are you one of the people launching this? I'm just telling you; prepare to be disappointed.

Re:Big words make BadAnalogyGuy crosseyed

[WeblionX]

Obviously General Motors is moving into the drink market.

Re:Big words make BadAnalogyGuy crosseyed

[swillden]

Good points... I hadn't thought about how useful it would be to have one service provider hand your i-name to another, and for each of them to be able to translate it into the information they need, and *only* the information they need.

Taken to the extreme, you could even put the payment information into the i-name and give the retailer access to that. The retailer wouldn't have access to your shipping address, though. Then the retailer would pass your i-name to the shipper, who could use it to look up your shipping address, but couldn't see payment information.

Throw in the ability to have different i-names for different purposes (perhaps even from different registrars), and I can see this being a really useful tool for privacy.

Re:Big words make BadAnalogyGuy crosseyed

[swillden]

I thought it was pretty obvious. Domain names did cost $35 per year at one point, and now they're cheaper. I expect that if i-names were to become widespread, they'd follow a similar course.

Re:Big words make BadAnalogyGuy crosseyed

[AnyoneEB]

Yeah, that's sorta the whole point of OpenID, which is one of the techs discussed in the article: anyone can use their own website as an OpenID URL.

Re:Big words make BadAnalogyGuy crosseyed

[FinalCut]

Your post clearly states: "Just like I pay $35 per year for my domain name" There is nothing about that comment that infers sarcasm or past tense.

perhaps if you communicated more clearly you wouldn't have had to respond to the guy who was offering you advice.

Re:Big words make BadAnalogyGuy crosseyed

[swillden]

Your post clearly states: "Just like I pay $35 per year for my domain name" There is nothing about that comment that infers sarcasm or past tense.

Read the sentence that follows that one.

Re:Big words make BadAnalogyGuy crosseyed

[Eivind]

If you want to (for example) change your e-mail address or move house you just update your info in one single place, safe in the knowledge that people can still contact you. No more phoning around banks, credit card companies, utility companies, phone/broadband companies, loyalty card companies, friends, relatives, etc, etc, etc, etc, etc.

It may amuse you to notice that Norway (and other scandinavian countries) already has something sorta like this (and did for atleast the last 30 years!).

It works like this, somewhat simplified:

• The state maintains a register listing where everyone lives.
• When you open an account with a bank, or with a library, or with a utility-company or similar, you typically have the option of allowing them to automatically update your adress from this central register. (you can also refuse to give them this permission, in which case you need to yourself inform them of any adress-changes)
• Relax.

End-result ? I don't need to tell my bank, my insurance-company, the tax-people, my credit-card company or most other companies that I have a new adress. They discover this by themselves, saving me the trouble.

Even those companies where I haven't given them a permanent permission, many of them have a button on their webpage where you can explicitly allow them to one-time-only update your adress. Which saves typing in the new and old adress etc. For example, after logging in to Skandiabanken and clicking "personal information" there is a button that says in effect; "Update my adress NOW to the one I'm listed under in the central register". Thus even though I *do* need to inform them (since I ain't given them permission to auto-update) that informing is a question of logging in to the bank as I normally do, and then clicking the mouse twice.

You still need to inform some people (like friends) yourself. But guess what, *if* you allow the norwegian Post to auto-update your adress, they will by themselves notice when you move, and in response send you a stack of pre-filled-out postage-paid cards with your old and new adress. All you need to do is fill in the adress of the recipient and put the things in the mail. (they do this to reduce wrong-adressing which costs them lot in tracking down people)

Re:Big words make BadAnalogyGuy crosseyed

[Shaper_pmp]

"Wow. You're really crabby about this."

Sorry - it's just that people posting "X is crap because I personally don't need it" are a pet hate of mine.

Regarding your other points... good points, every one.

I'm not saying i-name is an unimpeachably good idea, merely that BadAnalogyGuy had yet to voice a good objection. The overwhelming majority of people immediately wrote this off as a scam, apparently without even bothering to consider if it could turn into a useful idea.

You're right - at the moment (lacking widespread acceptance) they aren't offering anything worth $5 - hell they aren't offering anything worth $0.50. However, I think the idea of a flexible identity/contact system like this is an interesting one, and (less the technical problems you highlighted, like lack of namespaces) it could turn into a useful service.

Finally, just a couple of points you raise:

"you can't invite all your friends to a party? Why, perhaps they're not all on "i-name".."

Your friends don't have to be on i-name if your e-mail system supports it. The idea was that you could send to normal e-mail addresses for the people without i-name, or to an i-name for people with it. The advantage of i-names is that as long as they're still your friends (ie, haven't revoken your "view my e-mail" perms) you know your message is going to get through, even if they changed their address in the mean-time.

"Perhaps I don't want to receive mass mailings ("boon to marketing scumbags") unless I specifically hand you my e-mail address?"

Again, controlling who's allowed to see what details means it's effectively useles to marketers - you'll no doubt have a "Deny *" as the first permission set, optionally enable one method as your preferred method for unrecognised people, then enable extra mathods for people and orgnisations as-and-when you like. If someone you've allowed to e-mail you starts sending you obnoxious advertising mails or spam, you can cut them off in a second (and then your e-mail client starts rejecting their mail automatically).

If anything this could make online marketing harder and less obnoxious - spammers harvesting e-mail addresses would be pointless (as the addresses won't work for them until you enable their "e-mailing" permissions), and even "legitimate" e-mail marketing would have to be more careful, since it'd be trivial to block them if they annoyed you even slightly.

Picture a world where companies view being able to contact you as a privilege, not a right, and moreover a privilege which can be revoked at any time for any reason...?

""if I'm away from the computer but right next to a phone/envelope and stamp/fax machine/semaphore flag/whatever" - great, so you've got working implementations of the directory for all those media, huh? Ohh, that's right, you don't."

Heh - good point. Maybe the semaphore flag and pen-and-paper were pushing it a bit. But it would be relatively trivial from a technical standpoint to get a GPRS phone, IM client, e-mail client (etc, etc) to use a system like this. The only reason they don't do it at the moment is that there isn't a good, open, widespread identity system for them to hook into.

"You seem to be a bit too enthusiastic about this. Are you one of the people launching this? I'm just telling you; prepare to be disappointed."

Heh, I knew someone would suggest that... but no, I'm nothing to do with it.

I'm not neccessarily expecting this to work at all (and I certainly haven't signed up and paid $5 yet), but everyone seems to be writing it off as a scam or worthless without bothering to think of the implications if it did work.

And there were an awful lot of posts I can only class as "fucking stupid" - people who hadn't RTFA, assumed all your personal info would be up for grabs by anyone, assumed "I won't use it" makes it "a stupid idea", etc, etc. ;-)

Trust / No Trust

[Sub+Zero+992]

They say:

You can store your personal data (like your shipping address or your email address) at a trusted source and give access to it.

But they don't explain anything which might make me consider them to be trustworthy.
This is a skethcy sketch, methinks.

Re:Trust / No Trust

[elFarto+the+2nd]

I was looking at OpenID the other day, and if you really want, you can run an OpenID server (there's one written in PHP) on your own webserver.

Regards
elFarto

Re:Trust / No Trust

[jimstapleton]

would you prefer .NET/IIS? What would you recommend over PHP/Apache?

Re:Trust / No Trust

[Goaway]

"You don't WANT a punch in the stomach? What would you prefer, getting shot in the head?"

Re:Trust / No Trust

[Gr8Apes]

Smalltalk/Seaside?

Re:Trust / No Trust

[Control+Group]

Could you stop doing that? These are...new shoes.

Slashvert

[1u3hr]

From TFA:

Goals of this site:
First, it's a place to park the big orange button that says "Buy a Name Now!" so people that want to get a name that means something to them, can..... First-Year-For-$5 promotion was born....Normally, an = i-name costs about $20 per year.

Goals of this reader: no thanks.

Re:Slashvert

[arun_s]

In contrast, the OpenID site says:

Nobody should own this. Nobody's planning on making any money from this. The goal is to release every part of this under the most liberal licenses possible, so there's no money or licensing or registering required to play.

Now I really haven't heard about OpenID or I-Names before, can somebody clarify? Is OpenID the (free) specification or standard, and I-Names the (charged) implementation?
And as everybody's already pointing out, whats wrong with good ol' email ID authentication, HTTPS etc?

Re:Slashvert

[arun_s]

Sorry, RTFA'd a little more (http://www.iwantmynamenow.com/details.html#openid ):

I-Names and XRI developers are an active part of the emerging OpenID 2.0 specification process. With the release of those specifications and the libraries, i-names will be accepted alongside all OpenID identifiers...
[snip]
And, of course, there is a lot that i-names can bring to OpenID. Without i-names, your globally unique identifier is a URL that might be complex (http://www.myurl.com/member/my.name) where your i-name could be simpler =my.name. OpenID is also mostly about authentication (soon it will exchange some data) where i-names are build around XRI and XDI which is all about data exchange.

Still not interested, no thanks.

Re:Slashvert

[kevint241]

OpenID is an authentication system for web applications.

The advantage of OpenID over email ID authentication is that you generally don't want to have to click through your email box every time you log in anywhere. OpenID can provide something like that in a more usable fashion.

OpenID authenticates an identifier. For many people (e.g. LiveJournal users, WikiTravel users, myopenid.com users, etc) this identifier is a URL (e.g. http://frank.livejournal.com/ ). The i-names people would like that identifier to be an i-name instead. (e.g. =frank or @livejournal/frank).

OpenID is one service, an authentication service, that may be used with i-names. The i-brokers plan to offer others as well.

YATBFARIADS

[spectrokid]

And for those who didn't get the subject line: Yet Another Twenty Bucks For A Record In A Database Scam

Re:YATBFARIADS

[Pacifist+Brawler]

When all of the cool kids are in the database, won't it be worth your twenty dollars to join?

Re:YATBFARIADS

[jamesh]

More important than that, you'd better register your name now before someone else registers it first and then pretends to be you.

Seriously though, can't we all just use our slashdot ID's? I'd much prefer to be a member of an organisation that looked deep into my soul and assigned me a number based on the order in which i joined.

Re:YATBFARIADS

[IpalindromeI]

More like: When all of the cool kids are in the database, we'll know who to avoid.

Re:YATBFARIADS

[ConceptJunkie]

Seriously though, can't we all just use our slashdot ID's? I'd much prefer to be a member of an organisation that looked deep into my soul and assigned me a number based on the order in which i joined.

I wonder how many low ID's are inactive. I figure we should be hitting user 1000000 soon. That makes me feel elite since I will be in the first 3% of ./ users. If that mattered, it would be cool. All it really means is I've wasted an awful lot of time.

Re:YATBFARIADS

[CRiMSON]

24823?! Pssshhh

Re:YATBFARIADS

[defile]

Still here and still living in mom's basement.

Re:YATBFARIADS

[tolan-b]

:(

laaaaaameneeeesssss

Re:YATBFARIADS

[kkovach]

Uh, it's only $5 today.

Re:YATBFARIADS

[ConceptJunkie]

Yeah, but you've only posted 72 times. I'm closing on 3000 comments, so I have wasted so much time than you. Nyah! ;-)

Re:YATBFARIADS

[crosseyedatnite]

Hey! I'm the new guy here.

Never mind all those ebayed 4-digit UID folks, its us real fivers who matter.

Re:YATBFARIADS

[RingDev]

4-digit /. UID's on EBAY? Wow! That's way cooler than $5/20 per year for this stupid name database.

-Rick

Re:YATBFARIADS

[Muffhead]

Just because I don't post doesn't mean that I don't waste time here. Some of us waste plenty of time lurking.

Re:YATBFARIADS

[ConceptJunkie]

Good point.

Let's just agree that we both need lives.

Re:YATBFARIADS

[joshv]

I'm still kicking. I almost never post any longer. There are so many users now you are guaranteed that someone has already said what you had to add, by the time you get around to commenting.

Re:YATBFARIADS

[charlesnw]

Nah. I'll just steal an identity and open a credit card. Then I'll join :)

Re:YATBFARIADS

[phil+reed]

3495? Har.

Re:YATBFARIADS

[ConceptJunkie]

I searched. I couldn't find any.

Re:YATBFARIADS

[Muffhead]

Oh yeah...

Re:YATBFARIADS

[kevint241]

Your question may have been tongue-in-cheek, but it's really not so far-fetched. Slashdot could certainly become an OpenID server, in which case you could sign in as http://slashdot.org/~jamesh (or, I guess, slashdot.org/87723, if you really want to). Or /. could buy the @slashdot community i-name, and perhaps then you could be @slashdot/~jamesh.

All we need is for someone to integrate OpenID with slashcode. There's already a perl library. And a $5,000 bounty if it gets into the slashcode main distribution.

Re:YATBFARIADS

[CRiMSON]

I concur my good man?

New.Net?

[erig]

Why does this remind me of new.net's custom TLD registrations, that only worked if you used them as a root nameserver? (or had spyware that added that). Same thing here apparently, you register and get an "i-Name" that only works for providers that offer authentication based on it.

Re:New.Net?

[Rob+T+Firefly]

This also feels like all those agencies that will let you pay a pile of money to name a star after yourself... in the records of that one agency, which aren't actually recognized by anyone ever.

If this takes off remind me to fire up some spare domain name, install a big pile of whatever apps are lying around (forums, chats, IMs, auctions, blogs, networking, all that junk,) name it "teh REAL internets!!!" and then auction off the login names.

Re:New.Net?

[Shaper_pmp]

Probably because it is exactly like that.

Nevertheless, that doesn't stop it being a good ide, if enough people get on-board.

I have absolutely no doubt there were forums full of people saying exactly the same things about DNS before that took off, too[1]. For-pay? Publically-accessible contact details? Right, like anyone's going to use *that* minority system! Fnord! FNORD!

Not to say it'll definitely take off, but I think the tide of scorn being heaped on it is perhaps a little premature.

[1] Or would have been, had the internet had a peanut gallery back then.

Re:New.Net?

[inviolet]

This also feels like all those agencies that will let you pay a pile of money to name a star after yourself... in the records of that one agency, which aren't actually recognized by anyone ever.

Hey now, no fair bashing the star-naming agencies. From starregistry.com:

Because these star names are copyrighted with their telescopic coordinates in the book, "Your Place in the Cosmos," future generations may identify the star name in the directory and, using a telescope, locate the actual star in the sky.

See? See?! The star names are in a copyrighted book! Future generations may even look it up some day!

P.S. What I do not understand, is how anyone can work for companies like that and manage to not hate themselves.

Re:New.Net?

[digitalcowboy]

I agree. Call me a sucker. Maybe I am. But most of the criticism of this idea in this thread is clearly coming from people who don't understand it.

I think this is useful now and will be even more useful if/when it gains wide acceptance. I think there's a good chance that it will eventually.

It would be interesting to follow up on this thread in 12 or 24 months and see how many of these 3733t naysayers have an iname.

If I'm wrong, I'm out $5. Whether I am or not, I still have control of a concise, easily remembered point of contact for any data I want to be available. And if I'm right, it will also be quite valuable. It could be, and in many ways it already is, better than a TLD name.

I'm not dumping a bunch of money into speculation here, but I'm willing to risk $5 on it. There are quite a few domain names that I wish I had had the forethought to register in 1996. I can see the real possibility that ten years from now my (now eight year old) daughter's friends, kylie5467 and sara98743, might envy her for having her first name as her iname.

Again, if I'm wrong, it's only five bucks.

I'll keep my analog identity

Ive always prefered the warm feeling of my analog identity, just like i prefer the sounds of vinyl and tubes.

Re:I'll keep my analog identity

[kfg]

i prefer the sounds of vinyl and tubes.

Yeah, me too. But you really only get the benefits of streaming over vinyl tubes when you solve the last mile problem. My cable modem doesn't even have the right sort of connector.

KFG

Re:I'll keep my analog identity

[legoburner]

But as with all analog/digital differences, you wont be able to clone your identity as easily in analog. In digital it is 1 database record to make another you!

Re:I'll keep my analog identity

[delinear]

Yeah, but the analog reproduction process is a lot more fun than the average SQL query.

A permanent online identity?

[Dekortage]

The Wikipedia article on i-names says this: "One problem XRIs are designed to solve is persistent addressing -- how to maintain an address that does not need to change no matter how often the contact data for a person or organization changes."

Uhhh... I don't want persistent addressing. I like the idea that if I really wanted to, I could change my e-mail accounts or shut down my web site I have several e-mail accounts for use with different kinds of contacts: some for shopping, some for friends, some for business. I don't mix them. I don't want to mix them.

This also sounds like what Social Security Numbers have become in the U.S.: a catch-all identification number that you are asked for by every bank, employer, insurance company, hospital, car dealership, etc. I don't want to give them all my SSN. It's private, meant for government/tax purposes, but now everyone claims they need it. If I-names become popular, will something similar happen with them? (not trying to sound alarmist, just thinking out loud)

Re:A permanent online identity?

[eMbry00s]

I've seen people here at slashdot tell their banks they don't need their SSNs, and after a discussion get their point accepted (as I gather it should be). Since these i-names would be commercial, they certainly wouldn't become a requirement anytime soon.

There's nothing to say they won't, ever, though. Any business has the right to decline doing business with anybody, and thus you can be exiled if you don't cough up the $20/yr.

Re:A permanent online identity?

[Magada]

"If I-names become popular, will something similar happen with them?"
That's what they want you to think, so you'll cough up the dosh. Stay cool. There is no tech reason for this, just another step in the colonisation of the Internet. People are driving stakes into the ground. At some point, some sort of government will emerge and settle the resulting disputes.

Re:A permanent online identity?

[kfg]

I don't want to give them all my SSN. It's private, meant for government/tax purposes, but now everyone claims they need it.

This is what happens when the government sees itself as an interested party in all financial transactions.

KFG

Re:A permanent online identity?

[Shaper_pmp]

Errrrm... ok...

I'll agree with you 100%...

Just point to the bit that says you won't be able to register more than one i-name. ...

Anyone?

Re:A permanent online identity?

[swillden]

I have several e-mail accounts for use with different kinds of contacts: some for shopping, some for friends, some for business. I don't mix them. I don't want to mix them.

As I understand it, you can do that with i-names. You can create as many names as you want (as many as you want to pay for!) and you can define them to be synonyms, so they link ultimately to the same identification data, but are completely distinct as far as anyone but you (and the registrar) knows. Or you can keep them completely separate and manage them all individually.

Also, I can see one way in which i-names would facilitate the kind of privacy you're talking about. If everyone contacted you by looking up your email address via your i-name, you could change your e-mail address monthly. If there's someone you don't want contacting you any more, you would simply remove their permission to see your current information and since the e-mail address they have used will soon become invalid, they'll be unable to contact you again.

This also sounds like what Social Security Numbers have become in the U.S.: a catch-all identification number that you are asked for by every bank, employer, insurance company, hospital, car dealership, etc.

The problem with SSNs isn't just that they're linked to too many things, it's that they're commonly used as authentication, not identification. There are some privacy risks associated with shared identifiers, and SSNs suffer from those, but in practice they wouldn't really affect people much if SSNs also had some decent authentication mechanism associated with them.

Re:A permanent online identity?

[Jeremi]

Uhhh... I don't want persistent addressing.

Maybe you should re-read the Wikipedia text you quoted. "Does not need to change" is not the same thing as "cannot be changed". If you want to shut down your I-name and start another one, you have the option of doing so. I also don't see any reason why you couldn't open several simulaneous accounts if you wanted to.

Re:A permanent online identity?

[harlows_monkeys]

Uhhh... I don't want persistent addressing. I like the idea that if I really wanted to, I could change my e-mail accounts or shut down my web site I have several e-mail accounts for use with different kinds of contacts: some for shopping, some for friends, some for business. I don't mix them. I don't want to mix them.

Given a system that provides persistent addressing, it is simple to get non-persistent addressing: simply stop using the persistent name, and get a new persistent name.

Golgolfrincham calling...

[Burz]

...we were wondering what happened to the surviving middlemen from the B-Ark.

What's that you say? They work for "i-names" now?

"Internet sanitizers" you say? Well.... we're so delighted their safely with you.

(And not us!)

Re:Golgolfrincham calling...

[KincaidKMF]

But the big question is what color will people want the "i-names" to be?

Re:Golgolfrincham calling...

[ThomsonsPier]

Gosh, you're coming through load and clear. Weren't you eaten by a star-goat?

Re:Could somebody explain it?

[artson]

As it says a little later in the discussion, it's another twenty bucks to register yourself in someone's database.
Supposedly it gives you a permanent internet identity that could be useful for ID and shipping purposes.
See the article in Wikipedia, it has a good explanation and lots of useful links.

They've been trying to get a successful launch of this for some time now and it has so far failed miserably. I'd say it's because many folks on the internet like being anonymous or hiding behind a nym.

iNames?

[bangenge]

Umm... Apple, Steve, is that you?

Re:Could somebody explain it?

[Xiph]

You mean "hide behind a no nym"

Re:Could somebody explain it?

[kfg]

Could somebody explain wtf this is . . .

They want your money.

. . .reveal what a privacy nightmare it's going to be?

Big. Really big. Huuuuuge.

KFG

Bad Idea - Reawakens old problems and solves none

[CFD339]

So, now you have another place for "name prospectors" to hunt down all the best names and try to make money by owning the ones that have marketing value. The site's home page even says:

"these names are unique, so those who are paying attention can get the name or names that they want."

That was enough for me to write it off.

This doesn't go as far toward an actual unique and secure identity as an x.509 certificate, isn't as flexible at handling people who have the same name, has no track record for trust or security, and is controlled by a single organization.

This looks to me like someone's way to make money fast on the interweb by having a signup race for cool names at $5 (then $20) per year each.

We know how well regulated, fair, and efficient the DNS system has been.

don't buy this

[level4]

A little birdie told me a totally free competing system will be available later this year.

shameless pro-mo

[darkchubs]

so you have to install scumware to make Inames work. How much did they pay for this slashspot? they should have spent some of that on a writer.

Re:Could somebody explain it?

[artson]

Sorry, that was not clear at all, was it?

I used the term nym as shorthand for pseudonym, which is defined here .

Somebody famous once said that small towns were wonderful: show up at school with a runny nose and be called sniffy for the rest of your life, fart at a picnic and be known as stinky until death. It's true.

There are a great many reasons to want to keep our names secret on the internet and most of them are logical and non-criminal. People insist on privacy as a defence against spammers, other marketers, scammers, phishers and psychopaths. People sometimes dirty their internet persona to such an extent that they'd like to start over with a new name and a fresh history. The internet is a frontier society like the old west or Australia or many parts of Africa or South America. People often left everything behind and popped up with a fresh slate.

soapbox off.

You can call me Ray, or you can call me Jay or you can call me Ray_Jay or ....

Marketingspeak sounds familiar...

[Guppy06]

"The ones that are coming in the next 6-12 months could change the way people interact online."

So... we'll all be browsing on Segways?

Weakness of email ID

[Eustace+Tilley]

One weakness of email IDs is that the cost of creating multiple email addresses is very low. A reputation-based scheme such as an auction feedback is of limited value when it is straightforward for a person to give himself thousands of positive feedbacks.

Re:Weakness of email ID

[kevint241]

In fairness, this is also true of all decentralized identifier schemes, OpenID and XRI included. I don't know how it would be possible to both keep the system open and limit the creation of accounts. Some reputation schemes, such as the one Raph Levien developed and deployed over at Advogato, are pretty effective at addressing the attack you describe; reputation only counts if that reputation is contributed by someone who is already trusted. However, I don't know of anyone who has figure out how to scale that up to a system of millions of identifiers distributed across a large number of sites.

(Some problems are hard.)

Re:Weakness of email ID

[Eustace+Tilley]

A twenty dollar annual fee limits the creation of accounts, or at least throttles them. The account provider knows that part of the value being offered is a non-gamed system, so a fee which covers the cost of reviewing applications should make for a self-sustaining business model.

What's that you say? Single sign-in?

[Aladrin]

Hmm... Single sign-in... That sounds so... familiar... OH YEAH! M$ tried to push this crap down our throats for free. Maybe these guys will try to sue M$ for their 'single sign-in' monopoly when they utterly fail to have anyone even care.

Identity-Schmydentity

[archeopterix]

These are not identities, but paid-for logins. Wake me up when you implement a true identity - one login per meat-puppet per lifetime, please.

Authentication? Verification?

[rlp]

It sounds like a single-sign-on system like Microsoft Passport (only w/o Microsoft). I didn't see any discussion of authentication. Microsoft used a central Microsoft controlled database. Companies were reluctant to allow Microsoft to be an intermediary between them and their customers. (And were more reluctant to pay another Microsoft tax). Consumers were wary of a central database of ID's controlled by Microsoft. I saw no discussion of how authentication is supposed to work with this system, or more importantly who maintains the database(s) of credentials. For that matter, I saw no discussion of verification - I register 'George.Smith' and associate it with some contact meta-data. Do they verify any of that? Can I register 'George.W.Bush' or 'Bill.Gates'? So far the site seems mostly to tout the low price. Great, it's cheap. What do I get? And why would I want it?

Re:Authentication? Verification?

[rlp]

If you dig down into links on the site, there's some real technical detail. From my quick viewing I got that the system is distributed, XML-based, and supports two-factor authentication. You choose your registrar - register your credentials with them, and third parties can use XML requests to the registrar to verify your identity (without getting access to your credentials). Interesting - yes. Compelling - way to early to say (but like MS Passport, probably not).

Re:Authentication? Verification?

[mtutty]

Has anyone noticed that the Terms of Service for LinkSafe includes a [link] instead of a link to their privacy policy??

Re:Authentication? Verification?

[AnyoneEB]

I believe the article said they use OpenID.

Advert

[kylegordon]

Slashdot already has adverts around the sides of the stories. We don't need the stories to be adverts as well.

reasonable idea, just horrible execution

[nfarrell]

I like the idea of being able to give organisations revokable pointers to my details. As long as the organisation which kept the details was transparent and accountable, I'd be fairly happy about using it. Get credit card companies to use it to reduce fraud (somehow) and maybe you've even found a way to finance it: greater online security might encourage more online purchases...

The biggest flaw in the proposed scheme (if I understand it correctly) is that the reference you give each organisation is the same. Even if you can restrict access to personal information, companies can share information and put together your profile, just like a cookie only worse.

Wouldn't a better idea to use a secret key system, and each organisation can generate a request for your details which, if approved, gets signed by your secret key and returned to them. They never get your ID, so they can't profile you more than you want to be profiled. If you like, you can "delete your cookies" every 12 months.

Ideally all correspondence would also go through a level of indirection, meaning they'd never have ANY of your personal details - they'd be given a unique email alias, and a meta-address for snail mail that the postal service would recognise and treat correctly.

1M, come and gone.

[Grendel+Drago]

I figure we should be hitting user 1000000 soon.

Don't know who the 1M user was, but they're on at least 1000750.

Re:1M, come and gone.

[Incongruity]

Aw, c'mon, finding the 1M wasn't that hard: richardcpeterson

Um. Email?

[Grendel+Drago]

What, exactly, does this provide that email does not, save a place to throw money away and a vector for fraud and identity theft? How is this not the worst business model since the :CueCat?

Re:Um. Email?

[Tim+C]

I believe that part of the point is that your "digital identity" is independent of any contact details, so you can change your email address and still be idenitifiable as you.

Re:Um. Email?

[digitalcowboy]

What, exactly, does this provide that email does not, save a place to throw money away and a vector for fraud and identity theft? How is this not the worst business model since the :CueCat?

This is an interesting comment if only in light of the dydns link in its header.

Re:Bad Idea - Reawakens old problems and solves no

[swillden]

This doesn't go as far toward an actual unique and secure identity as an x.509 certificate

This idea is orthogonal to the purpose of a certificate. In fact, the ideas are complementary. The purpose of a certificate is to attest to a binding between some identification information and a private key which can be used to identify the holder of that identification information. All of the information in a certificate is visible and static. The (theoretical) purpose of this i-name is to be a link to a bundle of identity and authentication information, with per-viewer control over what parts are available. The i-name lacks any third-party validation of the information, but is dynamic and selective. I can see value in adding one or more x.509 certs to the i-name bundle. Certificates are also useful only to machines, where i-names (like email addresses) are designed to be usable by people. It's practical to write my email address or i-name on a piece of paper and give it to you.

isn't as flexible at handling people who have the same name

Were they to become widespread, i-names would be opaque handles. Kind of like most peoples' email address.

has no track record for trust or security

True. Of course, this is the case with many of the companies we deal with on-line.

and is controlled by a single organization.

From what I read, I don't think this is the case. I think it's intended to work much like the domain name system, where there can be any number of registrars.

This looks to me like someone's way to make money fast on the interweb by having a signup race for cool names at $5 (then $20) per year each.

Very likely.

We know how well regulated, fair, and efficient the DNS system has been.

Yes, we do, and it's been okay. Not perfect, certainly, there have been some domain name disputes whose resolution was just wrong, but on the whole the DNS system has worked reaonably well.

One way in which the i-name system appears to improve over DNS is in the splitting of the namespace into organizational and individual realms. That may allow individual i-names to be inexpensive and still be relatively unsquatted (because they're just not very valuable), while the higher prices on the more valuable organizational names may deter rampant squatting in that namespace. OTOH, the i-name system lacks the division into .com, .net, .org, etc., and country spaces, which may make names more valuable.

But what I wanna know is ...

[AnonymousKev]

... can I use it with my CueCat?

normally, the price is about $20 per year

[bumblefoo]

you mean like the other i-name sites that have all charged 20 dollars a year?

Identity theft is only a mouse click away

[weisen]

Tired of hacking sites only to steal customer information for a single company? Ever wish you could compromise them all at once?

Well, now you can. With i-names! Sign up today!

Re:Identity theft is only a mouse click away

[kevint241]

Well, the hope is, that instead of your information living on lots of customer sites which know lots about their product and jack about online security, your information lives on one server that's actually very invested in having good security. Their reputation as an i-broker (to use the i-names terminology) will depend on it. There's only one registry for i-names and i-numbers, but there are a number of organizations that will provide the associated contact services and whatnot. It's those i-brokers you will be trusting your data with, and as a consumer you should have freedom to switch providers if one doesn't meet your standards.

Naturally, your information will still have to pass through other sites from time to time as they need it, but hopefully those sites appreciate the liability of retaining sensitive information and will flush it whenever possible.

Why

[themachine_05]

I was reading this and thinking haven't other companies tried this technique? If you have a trusted digital certificate from Thawte or other trusted authoritiy then you are almost doing this. I think they are taking it a step forward and combining other information, but why pay for something that isn't going to be widely excepeted by everyone.

One to talk

[Tony]

Two spelling mistakes that I caught in about two minutes should equal about 20 errors found by a more compitent[sic] person.

(Emphasis mine)

Uhm . . . uh . . .

I am overcome with irony.

Evidently you guys don't have a clue about XRI

[Teilo]

To all you who call this nothing but a database scam, ala the darknet DNS registries, you're dead wrong. i-Names is the popular name for XRI, which is an OASIS standard. Those who sell i-Names are not fly-by-nighters just trying to make a money grab. They authorized by the XRI governing body to do so, and are the exact equiavalent of a DNS registry. There are a dozen or so i-Names brokers. The entire system interoperates. Many of the i-Name brokers are also DNS registries, such as Neustar.

XRI is an open standard, and the only such standard that there is. Saying that an "open source" free alternative will soon present itself is absolute nonsense. That's like saying, "Soon a free alternative to DNS will be available". Almost every post I have seen here is treating i-Names like some company. It's not. Stop arguing with me. You don't know what you are talking about.

I think you guys should stop shooting from the hip, and actually (I know this is asking a lot on /.) do a little research. Yes, centralized authentication is one part of this. But there's a whole bunch more. In XRI, services are user-centric, not server-centric. i-Names have i-Numbers in a similar manner to which DNS records have IP's. iNumbers map to a particular broker's server which obey's the iName's contact restrictions, and allows a person to provide services associated with themselves as a person. These services may, for instance, be include a basic web page, and in that way would be similar to a URL. But the service might just as well be email, a VOIP address, heck a dating service even (who want's a piece of me?). The services do not replace things like email and VOIP. They abstract them. They provide a layer where you control who communicates with you and how.

The key point here is that while the services may have backward compatibility bridges in place to allow interaction with the non-XRI world, they are particularly designed for comunication between two different identities, which communication is arbitrated by the rules which both parties establish. It's a new way of thinking about services on the net, and as such it's going to take you all a while to wrap your minds around it.

Don't let the similarities to MS passport scare you. Yes, there are some common ideas, but XRI goes much further, for it provides a generic framework for a wide variety of open source services, vs. a closed system which is little more than a single-sign-on.

Re:Evidently you guys don't have a clue about XRI

[deletedaccount]

What makes this any different from using a URN identity from a SAML identity provider?

Re:Evidently you guys don't have a clue about XRI

[anagama]

I think you guys should stop shooting from the hip, and actually (I know this is asking a lot on /.) do a little research.

If you want people to not think it is just a DB record scam, it would be helpful to link to a site that explains what this is good for. Yes, I looked at every link in the header, and sub-links as well, and for the life of me, I can't see why this is useful. The i-names main site meanders around a bit, but mostly says it is a great deal at $5 because next year it will be $20. Whatever -- even at $5 if it has no use to me, it's a crappy deal.

i-Names have i-Numbers in a similar manner to which DNS records have IP's. These services may, for instance, be include a basic web page, and in that way would be similar to a URL. But the service might just as well be email, a VOIP address, heck a dating service even (who want's a piece of me?). The services do not replace things like email and VOIP. They abstract them. They provide a layer where you control who communicates with you and how.

I still don't see how this is valuable. If I want someone to have my email -- I tell them. If I want them to have my phone number -- I tell them. This sounds like a way to get contacted by lots of random people who might match up some percentage of answers on some questionaire. I just understand why I would need an automated process to give out this information when the fact is, I want to be contacted LESS. Yeah yeah yeah, I control who has access. Well, presently I control who has access fairly well and I don't have as high a risk of the data being leaked either by my own error, or the DB's maintainers.

Anyway, it's up to the people asking for money to explain why I ought to spend it, and these iname people just haven't done that yet.

Re:Evidently you guys don't have a clue about XRI

[stereoroid]

However, none of this is answering the basic question: why do I want this? What's in it for me? I don't want a single unique digital ID, visible to anyone on the internet who wants to see it. I know it is Possible to link peoples' various identities together, but I feel no obligation to make it Trivial by willingly participating in such a scheme. Companies get no more information out of me than I'm willing to give them, on a case-by-case basis. If I buy a book from Amazon, what business is it of theirs are any details other than those needed for a) payment, b) delivery?

I don't care who's behind it: it's still unnecessary and a threat to privacy in general.

Not at all. x509 does more.

[CFD339]

x.509 certificates essentially say "This is who I am, according to this trusted authority. Further, with this identification I've presented to you, you can secure your communication to me."

The "Who I am" is more than just my name. It can include my name, address, and other identifying features which make it far superior to simply a name. There is the uniqueid part, and then there is the name part. They are not the same.

What would help much more, is for x.509 to become more widespread. I suspect that eventually it (or something like it) will end up with governmental buy in. A passport, for example, could eventually include a publically verifiable x.509 certificate. Keeping the secret key part secret would be a challenge -- possibly a physical item like a secureid card embedded in the document itself would be needed.

Or, provide value through history

[RareButSeriousSideEf]

Identity systems can provide real value even if they're pseudonymous and even if IDs are easily acquired: Attach an externally-queryable reputation system (with privacy policies, of course) that makes one's *history* a commodity worth accumulating. Factors in one's reputation could include length of tenure & types of transactions.

Think about it... anyone can get an eBay ID, but have you seen many spambots with a high feedback score? Whether allowed or not, there's not *that* much benefit in getting a new ID. Sure, you might be able to escape the stigma of your past transgressions, but the cost of doing so includes becoming a newbie, an unknown. Using the eBay example, many folks (myself included) won't engage in transactions over about $10 with people having short tenures, few transactions, or poor feedback scores.

Ultimately, I don't need to someone's real identity in order to make a sound decision about whether to engage in a transaction with them - I just need to know that I'm really dealing with the person that's legitimately associated with the ID. So IMO, if an identity system provided robust security against spoofing, an effective history evaluation mechanism, and an effective privacy policy implementation, I'd be all for it, even if it cost a few bucks.

The above qualifications don't seem to apply to the system in TFA - at least not at present. If they get something that robust off the ground though, I'll change my evaluation of them from "expensive row in a database" to "useful and valuable service."

Re:Or, provide value through history

[archeopterix]

Funny you mentioned eBay, as it also shows the darker side of value through history. Gain reputation, sell some bricks as laptops, profit. And of course get a new login...

Re:Or, provide value through history

[RareButSeriousSideEf]

True enough. There's probably going to be an eternal tug-of-war between high and low entry barriers. That which is too cheap, fast & easy to utilize (like SMTP connections) tends to create boatloads of noise for every unit of signal. On the other hand, systems with excessively high entry barriers create very little noise at all, but not much signal either.

But even in the eBay example, brick laptopping activity is at least *hindered* by having a reputation system in place, since the "gain reputation" step in your sequence involves accumulating a comparatively expensive resource (feedback). How many positive feedbacks must one acquire to unload a boatload of DOA laptops? Two negatives in ten would put the seller's rating below most buyers' trust threshold. You're right that the reputation system doesn't stop him, but at least it slows him down a bit.

That said, an obvious shortcoming is the fact that a seller can still game the system by doing oodles of low-dollar transactions quite admirably, but then rip people off on the big dollar ones. Each time she sells 100 of some $1.00 item at cost & gets a positive point on each, she can turn around and sell a $349 paperweight that she garbage-picked, get a negative feedback, and still enjoy a 99% rating. That's not a failing of reputation systems in general, it's a shortcoming with this particular implementation, and it could be remedied by smartening up the system a bit (e.g., start applying a partial weighting on feedback, to account for the dollar value of the transaction being rated).

MyOpenId.com ?

[MORTAR_COMBAT!]

If I want an openid compatible service why wouldn't I just sign up with myopenid.com ? (Actually I have, it works to post livejournal comments, log into zooomr, etc.)

Re:MyOpenId.com ?

[DragonWriter]

Well, if you did that, you wouldn't get to pay as much.

I can see the EBAY add now!

[RingDev]

WTS /. User account, excellent karma, 4 digit ID. No journal entries, friends list of pro-linux advocates, many fans, no freaks.

Starting bid of $500.

-Rick

OpenID on what platform?

[kevint241]

I regret to say that we do not currently have a Smalltalk/Seaside implementation of OpenID available. (For some reason, the guys who do the numbers here don't think there's that big a market for it.) However, we do have Ruby (on Rails, if you like), Python, Perl, and maybe some C# and Java, in addition to the PHP.

A better list of OpenID providers

[bgspence]

"iwantmynamenow.com" is only one OpenID service. A better place to start is at the OpenID wiki.

Here it is:
http://www.lifewiki.net/openid/OpenIDServers

Re:Not at all. x509 does more.

[swillden]

x.509 certificates essentially say "This is who I am, according to this trusted authority. Further, with this identification I've presented to you, you can secure your communication to me."

Other than not mentioning the use of the key pair to encrypt communications, that's exactly what I said. A certificate binds identification information to a key pair. All of the information in the certificate is visible and static, whereas an i-name is dynamic and visibility of the contained information is configurable per-recipient. Assuming it's very easy to generate lots of certs, you could, I suppose, generate different copies with all necessary permutations of content, and regenerate as-needed when the contents change, but you'd still have to have a good way to deliver the updates to all of the right people.

One good way would be to add the current cert set to your i-name profile, and make sure that each authorized reader can see the right cert.

Re:Could somebody explain it?

[kevint241]

Of course, you can use an i-name for a nym too. And registering an i-name exposes far less details about who you are to the world at large than registering a domain name does.

The Identity Problems

[jonel]

The majority of the comments so far only show how poor the online identity problems are percieved even by the geeks around here, and even though almost all of us have them. So the problem that OpenID and similar identity protocols are trying to solve is... :

"Wouldn't it be nice if, instead of keeping a long list of usernames/passwords for all the sites you have registered at, there could be only one that can be used anywhere, and keeping everything secure of course?"

A typical use case would be:
- you get up in the morning, start your browser, authenticate at your Identiti Provider (which YOU have chosen or you can even host it yourself), and you are password-free for as long you keep the browser open (or configured between you and your IdP)
- you go to a site which requires you to login, and supports OpenID
- put it your ID (no password), and click login
- the site resolves the ID and contacts the IdP to obtain an assertion about the user's identity
- (the cool part) the IdP prompts you (the user) about the information that's requested so you can approve the transaction
- (optionally you can streamline the step above for trusted sites)
- you're logged in!

And all except the first step happened in a couple of seconds, with a click. The only thing you have to remember is your ID and password at your IdP, not a whole bunch of them!

Trying to answer some of the questions I've seen:
- Can something like this be done with emails as identifieres? don't think so.
- Is this secure? Yes, but don't take my word for it. Go check the protocol specs. This is what's called user-centric: the IdP needs the user's approval for all authentication requests, and the data disclosed along with them.
- Are the $20 XRIs mandatory? No, you can use URLs as identifiers, though there are / may be costs associated with them as well (registration, setup and hosting, depending how much you want to "own" them). The XRIs are the full service package.
- Are you stuck with an ID for life (someone said he liked being able to regularly change IDs)? No - you can get as many as you want, but if you do want to stick to one - you can, and you will still be able to switch Identity Providers (this is done through the delegation feature).

So please check a bit into the details of it before bashing it, or watch this presentation which explains it pretty well (though it's not OpenID, but something similar):
http://www.identity20.com/media/OSCON2005/

Disclaimer: I do work in this field.

Re:The Identity Problems

[phonics]

For being someone who called everyone ignorant, you still didn't answer:

What happens when someone else knows (/steals) your single-sign-in identity and password?

I think that's really what everyone jumped on.

Re:The Identity Problems

[jonel]

We'd like the answer to that question to be 'nothing', i.e. the IdP to automagically detect it's not really you at the other end of the line.

But since the IdP cannot look you in the eye or touch you, it comes down to the authentication mechanism between the two of you, and the good thing is that the choice is yours. OpenID doesn't solve this problem, but it does help it a bit.

You can choose an IdP that provides authentication mechanisms that satisfy you, and these mechanisms can evolve; see for example what idanalytics.com are doing - trying to detect fraud based on behavior trends.

Or you could choose to run your IdP on your laptop for example, which in turn requires your physical presence (through biometric devices). Or you could employ a form of two-factor authentication, or have the IdP confirm every transaction through a separate channel (e.g SMS/phone call etc.)

But true, all of these can fail in one way or another.

P.S. I read many of the comments as "what possible good is yet another identifier namespace" and not so much your question.

'Special' characters

[bar-agent]

Why, oh why, are I-names (and every other login on the planet) so restrictive? No accents, no question marks, no symbols but periods, hyphens, and underscores, no Unicode, even more restrictions on first and last characters, and God forbid you use spaces!

Why? Supporting these things is trivial! Trivial!

Whats wrong with .name?

[SiliconEntity]

A few years ago when .name came out I registered my name, John.Doe.name or whatever. I did the whole family, it was pretty cheap. But then we never used them and there didn't seem to be much point. Still it seems like if you want a name space for people's names, it already exists. And it's only $10/year.

Re:Whats wrong with .name?

[jonel]

Yes, but in order to be able to use it as an online ID for authentication at third party sites (instead of having dozens of different IDs for each -- which is what OpenID is trying to address), whatever is behind that URL will need to speak some kind of protocol, so that authentication requests coming in will be directed to an Identity Provider and processed accordingly. In other words, the stuff that i-names do for you for the extra $10.

Otherwise, the .name/URL ID is usefull just for printing on business cards and displaying static information on a webpage, and not as global online ID.

Sneaking DRM in the back door again....

[macraig]

Even a brief layman's overview of XDI reveals that it includes in the design of the protocol what are called "link contracts", but which are really just a thinly disguised excuse to place restrictions - rights management - on how remote data on the Web can be accessed and shared. This is yet another step, begun with things like Macromedia's Flash, to obfuscate and control content on the Web. Gone will be the days when any file accessible on the Web is inherently FREE, as in beer. You'd think the open source movement would be all over this, blocking XDI and spinoff crap like OpenID just as fervently as they've fought the broadcast flags and all the rest... so why aren't they?

If XDI or some spinoff existed in wide use today, the Angelides and the Democrats in California wouldn't have been able to access those damning racist comments by the Governator.

If this is the real agenda of Web 2.0, to end the open-source nature of the Web and HTML for good, then no thanks, I'll stick with Web 1.0 for just a while longer.

OpenPGP keyid

[Sloppy]

How does this compare to having an OpenPGP key? I know OpenPGP and trust it. Who is this newcomer and what do they have to offer that an established standard does not?

Re:OpenPGP keyid

[kevint241]

You and I have OpenPGP keys and know that system, but the vast majority of the web users out there don't and aren't ever likely to. "Does not require public key exchange" is, for better or worse, a pretty compelling feature when trying to reach the mass market.

To attempt to answer your question a bit more directly: OpenPGP and i-names provide completely different things. OpenPGP is about signing and encryption, i-names (XRI) is a system of identifiers. Perhaps you would even use them together, adding your i-name to the comment or email field of your public key. An i-name is more like a URL than a key ID. Key IDs aren't really addressible by themselves.