Brad Fitzpatrick (bradfitz) wrote in lj_dev,

Distributed Identity: Yadis

Consider this my public announcement of Yadis (a temporary name). Yadis is a distributed identity system.

Here's a demo:

http://www.danga.com/yadis/demo/demo.html
(Note that while this demo is all AJAX-ified, that's not a requirement of the protocol.)

In a nutshell:
-- Your FOAF file points to your chosen identity server. (your LJ FOAF file already contains this, as of last night)

-- Your identity server is responsible for telling the rest of the world if you're you or not, and digitally signing a receipt saying that you said so, but only if you've told your identity server if you want to.

-- Clients on the web that want to verify your identity: ask for your blog or FOAF URL. ("bradfitz.livejournal.com") fetch your blog HTML, find your FOAF URL, fetch your FOAF, find your identity server, then ask the identity server if you're who you said you are. If you're not, or you're not logged in, or you haven't setup trust... in all 3 cases the identity server just tells the client "Sorry, I can't tell you. Throw there user to this URL." So client provides link, or redirects user. User sets up trust on identity server, goes back to site, logs in again.

-- Your global identifier throughout the web isn't "happygirl234324" or an email address, or "bradfitz@identityserver.com", but your FOAF URL. So you also choose how much info you do or do not want to share in there.

-- If you don't trust LiveJournal to be your identity server, run your own identity server, and point your FOAF at that. Or use somebody you trust more.

Future implications:
-- offsite LJ toys that know who you are, without asking for your password
-- adding a yadis user as a friend, and letting him/her read friends-only entries and leave comments to "friend-only-can-comment" entries
-- marking yadis users as can-comment-without-moderation
-- history of comments from FOAF users
-- comment on MovableType/blosxom/etc blogs, retaining your LJ identity, and vice-versa
-- DeadJournal users commenting on LiveJournal (with the little DeadJournal skull icon!)
-- .....
-- .....

Status:
Yadis is functional on LiveJournal now, and offsite tools can (and already have) started using it. But it's subject to change.

Much more sample code for Perl, PHP, Ruby, Python forthcoming. I'll also be releasing an identity server, if mart, supersat, or revjim don't beat me to it. (please do! :-))

This is a call for discussion and place for questions, but first read at least the Yadis page and the specs page. Note that this has been in development for a whole 4 days, so be kind, and beware of changes. (though it has been on my wishlist for at least as many years)

Enjoy!
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 81 comments
Previous
← Ctrl← Alt
Next
Ctrl →Alt →
Previous
← Ctrl← Alt
Next
Ctrl →Alt →