Implementing YADIS with no new software

Kurt Raschke kurt at raschke.net
Tue Nov 1 10:32:59 PST 2005


On Nov 1, 2005, at 11:49 AM, Ernst Johannes wrote:

> It's interesting to me how many people think only of authentication/ 
> single-sign-on as a feature when they think about digital identity.  
> (This is a general comment but I thought I jump in to outline a  
> broader picture.)
>
> If that feature was the only one that was of interest, I'd agree  
> with you and others and say that a simple add-on to HTML HEAD was  
> sufficient.
>
> But if you take, for example, Doc Searls' often-repeated car-rental  
> example (a variation of which I also talked about at IIW 2005 --  
> slides are at http://netmesh.org/slides/ ), then this points to a  
> future where, among many other things, many different kinds of  
> digital identity-related protocols can enable a Cluetrain-inspired  
> inversion of control between people and organizations/companies and  
> among people themselves. Such as: do I go to car rental websites to  
> see what they have on offer and reserve a car, or do I publish what  
> I need and the car rental companies come to me to make an offer  
> according to what I want?

Eh?  Maybe I'm missing something, but I am not seeing the advantage  
in having to wait for a car rental company to discover that I want to  
rent a car and offer me something.  But that's beside the point.

>
> I can't find a good place right now where this use case is  
> described on the web (can anybody help?) but it's a little a bit of  
> an eye-opener to the impact these kinds of technologies can (will?)  
> have. I assure you it's much more exciting than single-sign-on ;-)  
> but also that without single-sign-on, it won't get very far.
>
> In other words, authentication protocols a la OpenID, LID/SSO and  
> whatever are only the very first baby step, and many are to come.  
> One of the things we are trying to do with YADIS is to create a  
> foundation on top of which these kinds of richer (and much more  
> valuable) protocols can emerge. I let them speak for themselves,  
> but I know that there are several people on this very mailing list  
> that are trying to develop some of those higher-level protocols. To  
> make this possible, we need to build the foundation right so the  
> higher-level stuff can scale and lots of people can come up with  
> lots of cool stuff without everybody hacking yet another special  
> case into HTML HEAD or whatever.

Can you please clarify as to what some of these future technologies  
are and how they fit in to the picture?

If we're going to start adding bulk to SSO and profile exchange in  
the name of future protocols, then I hope that there is a compelling  
case for doing so.

Moving from OpenID tags in the HTML HEAD to a separate page specified  
in a <link> tag is one thing, but having to run another script just  
to negotiate protocols for SSO is another thing--is there any need  
for that, or will static pages do?

Is an RDF-based solution workable, or is even that lacking elements  
needed for YADIS, and if so, then what are those shortcomings?

I guess I'm still having trouble seeing the big picture here.

-Kurt


More information about the yadis mailing list