MicroID and Social Webs of Trust
June 23rd, 2006 - Fred StutzmanSince we rolled out MicroID verification, we’ve seen lots of people using the service. That’s so cool - we’re really thrilled to see it take off. At the same time, we’re also more than willing to admit that our implementation is kind of hard and limited. It’s hard because, well, you have to edit a page to add in your MicroID, and it’s limited because there are lots of pages you can claim that you can’t necessarily edit - like your flickr or del.icio.us page. Naturally, we decided it was time to solve this problem.
Before we delve into particulars, take a second and think about how you trust things on the web. You trust your friend’s sites because at one time or another they said “Hey, go check out my Flickr pictures”, or they sent you an email with their del.icio.us links. That’s how we trust people in real life, too. You meet someone, ask them where they went to school or how many siblings they have - trust has to start somewhere. When you meet someone new, you don’t completely trust them. You learn from them, verify, and renegotiate your trust. This pattern happens cyclically until you decide they are the kind of person you wouldn’t mind having for a roommate, or the kind of person you wouldn’t loan twenty bucks to (my grad student mind state slips though again).
Well, so that’s how we do things on the web, too. But on the web, things are a little different. We’re global, we can’t always look each other in the eye, we need things like https and PGP. We want a level of verification - a way to actually prove that things are part of our production. Using the MicroID, we create a web of trust. When you take your ClaimID and verify your sites with MicroID, you’re creating trust relationships; if someone trusts your Flickr, why should they trust your claimID? Well, if you verify your Flickr to your claimID, you’ve just created bi-directional trust. People can enter the web anywhere, and transverse your trusted web - rather than create a single place of trust, you’ve decentralized - an idea that makes a lot more sense than just asking people to trust you at face value.
When we dropped MicroID into ClaimID, we thought that it was a neat way to give people what they wanted in terms of link verification, and not a lot more. But as we’ve gone to the whiteboard, thought about it, talked to people about it, scratched our heads and gawked at the simplicity of it all - we realized that MicroID could quite literally change the social nature of trust on the web. These are big concepts, and rather than dumping it all here, I’ve written it up on two posts on my blog. The first post covers the why’s of using MicroID to create a system of social trust, and the second post covers the hows for content providers.
So what does all this mean? Well, we’ve been hit by a bolt of lightning on this idea. As MicroID is a standard, we’ve officially contacted both Flickr and del.icio.us to see if they would implement MicroID automatically for your pages - meaning you could claim your sites in these pages, but it means a whole lot more. It means leverage - leverage to get other big names to start adopting MicroID - so you can make verifiable claims of ownership on your content, so you can create webs of trust on the internet.
If you’d like to help us get started, head over to the Flickr ideas forum and add your “me too’s” to the MicroID idea. Now, we’ve contacted Flickr (both officially and back channel) and this ain’t gonna happen overnight - but if you show your support, it just might help Flickr realize the value of MicroID. To show our support for MicroID, we’ve released a standard perl implementation of a MicroID verifier under the GPL. We believe in this technology, and we’re willing to help get people start using this important standard. You can download a tarball or zip file.
So this is a big concept - a little MicroID could change the nature of trust on the web. And I’m sure I didn’t explain it so well (hopefully I’ll draw up some diagrams pretty soon, but my Photoshop skills are…well, you’ve seen em). However, if this notion has caught your interest, you’ll probably want to review my posts, the MicroID FAQ, and the MicroID home page. We’re on to something big here - please consider joining us.
June 24th, 2006 at 8:20 pm
Hi guys,
I am glad you finally launched, I look forward to seeing what happens in the future with the effort you are spear heading.
Also I posted on my blog a discussion piece that relates to your organisation, but in a wider concept of how your work complements that of others. I hope someone gets a chance to take a read.
Cheers,
Roger
http://prof.rogerkondrat.com/2006/06/24/what-do-rapleaf-blogging-and-claimid-have-in-common
The simple fact is they are all based on trust - either providing trust or being supported by it.
Never heard of these three before? Okay maybe you heard about blogging but did you think about trust much when you did your blogging or when you read what others blogged? This is early days in the blogosphere and so like most small towns today (or according to ‘bowling for columbine’ most of Canada) we don’t yet lock our doors because everyone knows everyone else (not to be taken too literally).
June 25th, 2006 at 5:31 pm
Great post Roger! Thanks for the link.
June 29th, 2006 at 11:01 pm
All this thinking about photos has given me another idea. What would happen if EXIF data fields were extended to include MicroIDs? If the MicroID were saved in the .jpeg file itself, you’d be associated with that photo wherever it showed up. This could ease the process of complying with Creative Commons licenses that require Attribution, and go some way to detecting opportunist plagarism (I know a determined person could just copy the image and edit out the tag). What say you?
June 30th, 2006 at 2:07 pm
Richard, that’s an interesting use. The problem I see is that the microid needs to be a hash of a communication identifier (email) and a url - and you can only have that after you’ve uploaded the picture. However, creating a unique MicroID-like hash (out of your email and a checksum of the photo) would create an insteresting verifiable signature. V interesting..
July 27th, 2006 at 1:28 pm
Pardon my ignorance, but it won’t change many things. indeed, they are plenty of sites where I want to claim *one* page as mine, but where I can’t edit the page or even ask the admin to add this microID (as an example, my french page on LinuxFr http://linuxfr.org/~Riduidel is a good example).
I wonder why it’s not possible to check the identity based on the presence of the microID on the page, instead of in the header.
I think it’s mainly due to your will of this microID not to be known.
I can however suggest you a hack : using expiring microID with short validity duration (like, say, 5 minutes), I could add a message to this server with the microID inside and, immediatly after, ask claimID to check that I’m really the owner of this page.
Furthermore, there are plenty of community sites, even in the smaller web 2.0 world. Are you really considering adding this feature to all those sites ? Well, it’s really a big turn in the web world.
July 27th, 2006 at 2:21 pm
Nicolas - MicroID is valuable as it lets you claim one, or all pages. We are working on standardizing the MicroID with the microformats community. Yes, attempting to get a standard is a difficult process, but we believe this idea is valuable enough to give it a shot.
Regarding short-duration claims, don’t see how this would prevent someone from adding a microid to a comment, for example. We realize that adoption takes time, but MicroID is so trivial to implement, we hope that it helps our case. Please see http://microid.org/blog for updates, GPL code, etc.