Re. Can we do requirements before technology?
Perhaps a critical requirement is that we provide a way to tie addressing to legal identity - the way we tie official physical addresses to names & officially issued documents. Passports, Driver's Licenses, Voter Registration, that sort of thing. For legal
purposes - all of our various id cards, credit cards, etc. are authenticated by an issuing authority.
Taking a step back from the idea that the author contact is an SMTP address, a better approach would be to have it be a means of getting a contact card for the author.
The approach I am currently working on is based on JSContact with some extensions so that Alice only needs to use the human readable identifier for an initial contact exchange, JSContact format is extended so it has information to locate and validate updates.
The IPFS (or IPNS) approach seems attractive as a way to bind a contact card to a name & its legal identity.
The question becomes: Who signs the contact card? And the individual contacts within it.
My thought:
Records get signed by legal authorities who own a namespace (e.g.. The Federal Government, State & Local Governments - perhaps local clerks for physical address records, folks who issue drivers' licenses, internet registries, the folks who issue TSA cards,
etc.). For that matter, I expect that TSA cards, like CAC cards, are signed by a key management authority. I'm sure folks like Verisign & Clear would sign up to generate records (if they don't already), and the folks who issue USID cards. Legal entities
(e.g., corporations) sign role-based identities & credentials.
Which leads to the notion of a calling card that contains a list of records of the form:
LegalIdentity, RegisteredIdentity, UID, AddressesRegisteredWithIssuingAuthority CrytpoSignatureOfIssuingAuthority
E.g. Miles Fidelman, Miles Richard Hailer-Fidelman, PassportNo., (mailing address, email address, IPNSpath,), CrytpoSignatureOfPassportOffice
And then combine multiple records into one, stored as an IPNS record that self-authenticates
Use IPNS & IPFS as one big Registry/Repository for Identity & Directory Services.
And take advantage of existing certifying authorities to generate authenticated name-address bindings.
Miles
Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx> Wrote
Can we do requirements before technology?
The weaknesses I see in the existing technology are:
* Limited to SMTP email.
* Identified doesn't have control over the identifier.
* Identifier can be stale
I don't like the idea of IETF giving out email accounts, that would be a point solution, not a general case solution. So lets add in another requirement:
* Identifier must be global
There are basically two types of identifier we can apply here:
* Human readable
* Fingerprints of public keys
The pattern Blue Sky have adopted for ATprotocol seems to be a good way to overcome the limitations of each. The permanent identifier is a fingerprint of a public key controlled by the
user, but there is a human readable label for ease of use.
Taking a step back from the idea that the author contact is an SMTP address, a better approach would be to have it be a means of getting a contact card for the author.
The approach I am currently working on is based on JSContact with some extensions so that Alice only needs to use the human readable identifier for an initial contact exchange, JSContact
format is extended so it has information to locate and validate updates.
Not sure how far we would want to go down the updates route. Sure, I can do the Merkle tree thing, got all the code. But I am not sure it is essential.
Salz, Rich wrote:
I don’t think it’s a good use of IETF resources to provide email accounts for over a thousand people.
I'm thinking that IPNS & IPFS make for a good platform for universal id & mailboxes. Add to that a blockchain & certification service - to allow binding legal & financial identities to specific self-published identities
- then we can just each publish a "shingle" to IPFS space, and an IPNS record that points to a maildrop file.
Then all we need are SMTP clients that can read & write to IPFS files.
Just a thought.
Miles
--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra
Theory is when you know everything but nothing works.
Practice is when everything works but no one knows why.
In our lab, theory and practice are combined:
nothing works and no one knows why. ... unknown
|
