
Show HN: A decentralized Internet identity system I'm working on. - paul_odin
http://nameblossom.org/akas/
======
tinco
I commend you on the cleanliness of your reference implementation. It looks to
be a completely by the book rails application. Anyone could contribute I am
sure.

This is in sharp contrast to the tent guys who for some reason rolled their
own web framework in ruby, leading to a very messy codebase in my opinion.

But more on topic, I am having a bit of trouble understanding what this
service is going to do. What is the usecase? I think I got this from it:

1\. A user wants an identity, so he registers at aka.nu (or other provider)
and gets a nice url like tinco.aka.nu.

2\. The user uses this url as an openid url to create an account on
stackoverflow.

3\. Stackoverflow gets information about the user by querying the url for meta
information.

But.. this is exactly what openid does. I have an openid account at
myopenid.com, and pointed me.tinco.nl to redirect to it. Now when you go to
me.tinco.nl you see my public openid profile. And I log in to stackoverflow
with me.tinco.nl as the identifier. And stackoverflow filled in some of the
fields with information it got from myopenid.

What is your unique selling point?

~~~
paul_odin
Thank you for your comment.

First off I should note that an aka _is_ an OpenID (see <http://paul-odin-
openid-test.blogspot.com/2012/12/hey.html>) so all of the pros and cons of
OpenID should in principle apply to akas. Akas just have a few constraints (a
domain name served over HTTPS) and extras (the host-meta file metadata).

Here are a few circumstances where I think these additions could prove useful:

(1) Following akas. Given an OpenID like me.tinco.nl I don't think I can enter
it into an app and keep track of what you're up to. The extra metadata allows
an app to find your other profiles and subscribe to your activity. One of the
features I was working on but didn't finish yet (there's some dormant code at
<https://my.aka.nu/hub>) was to have the ability to subscribe to the host-meta
file itself and automatically discover new additions and changes to your
profile.

(2) Using your aka as a personal namespace. I'm hoping to add the ability to
use create subdomains under your aka (for example a blog at blog.paul.aka.nu).
Obviously you can do this already if you have your own domain name but it's
generally viewed as an 'advanced' feature. Also there's no reason you can't
use an aka as a domain for your email address. Incidentally this was the
reason I originally bought aka.nu, as a demo domain for a simplified DNS
administration tool I was working on.

(3) Authentication for non-browser apps. Let's say you've posted a photo
somewhere and authorized access to me, paul.aka.nu. I could log in myself to
wherever it's hosted using that as an OpenID, but what if I'm not using a
browser to access it? My client can send you an assertion that it's accessing
it under the authority of paul.aka.nu but you still need to go back to
paul.aka.nu to verify it, which is where the extra metadata comes into play.
(App.net has similar functionality:
[http://developers.app.net/docs/authentication/identity-
deleg...](http://developers.app.net/docs/authentication/identity-delegation/))

------
ecaron
How is this better than the decentralized Persona Identify solution that
Mozilla's promoting: [https://developer.mozilla.org/en-
US/docs/Persona/Identity_Pr...](https://developer.mozilla.org/en-
US/docs/Persona/Identity_Provider_Overview)

~~~
dreamdu5t
It's not. We should be spending time implementing Persona rather than trying
to come up with new identity solutions. Mozilla browserid/Persona is good
enough or better than any other solution presented thus far, and has the best
chance for adoption.

~~~
StavrosK
I cannot agree with this enough. I implemented BrowserID on one of my sites
once, and never looked back. Now every new project uses BrowserID as the only
way to log in.

It is superior to all other ways I've seen in usability, which is ultimately
what counts, and integration takes all of two minutes, much less than
traditional password auth. Plus, you don't even need to secure any passwords.

I really, really hope it catches on, and Google/Yahoo!/other mail providers
start supporting it.

~~~
gregcohn
How does BrowserID work in the use case of a native mobile app?

~~~
StavrosK
Looks like it works like this:

<https://github.com/mozilla/browserid-ios>

------
tommi
OpenID with host identifiers? You want to create a directory service? Why? Why
have others failed on this?

------
nchuhoai
I have been working on a centralized identity system at
<https://www.credport.org>, and a question that is always looming my mind is:

Can identity systems be designed? Can they be explicitly built or are they a
by-product?

Arguably, the biggest (consumer) identity systems out there (Facebook,
Twitter, Google) have not been designed to be identity systems but ultimately
turned out so. The biggest designed and most open solution, OpenID, has seen
very limited traction.

In many ways, the broad majority of consumers probably don't care much about
the great (and awesome) implications of identity systems and what would be
possible if people were to work together by having a broadly accepted identity
system.

The way we are currently going about it is to always have these implications
in mind, but work extremely hard to provide value to both consumers and
producers outside that realm.

~~~
drivebyacct2
That's because people like you go out and reinvent the wheel and create yet
another centralized platform instead of implementing an existing decentralized
option. It's hubris. Facebook wants to manage my identity. Its no shocker that
they don't implement an identity system that they don't control.

If you're not paying, you are the product. That includes your identity and
that includes forcing others to go through them when they want your identity.
That's annoying. Implement BrowaerID please.

~~~
nchuhoai
It's always the same: <http://xkcd.com/927/>

------
seanalltogether
So I've always wondered, why is myname@mydomain.com only an email address, why
isn't it just an everything address related to an specific user?

~~~
paul_odin
That's in large part what WebFinger was created for, which I used as a model
when developing this project: <http://hueniverse.com/webfinger/>

Gmail actually used to support it to a degree (it came along with Buzz) but in
September I think they removed the host-meta file. WebFinger is still a big
part of OStatus (which is what identi.ca is based on).

The main issue I have with WebFinger is that unless you have your own domain
name, it's either tied to an e-mail service, or you get an identity that looks
like an e-mail address but isn't. Gmail had it, then dropped it, and given
Google+ I don't think they would have too much interest in bringing it back.
OStatus acct: identifiers are a lot like e-mail addresses but I don't think
they function as such.

Of course if you have your own domain you can make it so that isn't the case,
but most people don't and if you try to create a free domain that makes it
easy for people to do that sort of thing you basically end up with aka.nu
anyway.

------
drivebyacct2
BrowserID. please.

~~~
drivebyacct2
No, please, keep reinventing the wheel, keep doing the same thing that
everyone has been doing for the last two years. "We need a better way to do
identity and auth!" "[here's a rehashed email-login system]" or "[here's a new
identity management system I built instead of using an existing one. surely
this one will take off!!!!!1111]"

~~~
slajax
Did you just troll yourself? Wtf.

~~~
drivebyacct2
No?

