Spec Update Suggestions
There are two important things that I’d like to get feedback on for the actual mechanics of MicroID.
First, Ben Laurie pointed out an obvious “why didn’t you…” in that we should be using HMAC to combine the two hashed identifiers. So, unless there are any objections, I’ll be updating the spec soon to use HMAC (it seems to be as widely available as sha1 alone).
Second is a deeper question, should the site or published-at URI be a complete one, or just a reference to the authority? Simply put, should it be ‘http://jeremie.com/blog/entry.php?x-y-z’ or just ‘http://jeremie.com/’? The former would require a unique MicroID generated for every URI it’s published at (is this even always known?). The latter would require a better description and common understanding of what the ‘authority’ is for any given URI. What this really comes down to is normalization, for the hashes to match, everyone needs to ensure the URIs are normalized the same.
Suggestions are welcomed here, I’m working on this project for how deeply useful it can be, not because I’m an expert in this area.
May 25th, 2006 at 3:37 pm
I advocate liberal URI authority references, so a MicroID is portable between pages. Content often finds itself exposed via many different pages of a site (front page, permalink, date archive view, category archive view).
I’m still questioning the requirement of the published-at component, though!
May 25th, 2006 at 6:48 pm
PersonCode…
A few years ago I was musing about the need to “tag” online resources with personal identifiers more secure than email addresses and less exclusive than URLs, and thought it might be nice to encourage the use of mailto: URI hashes as in the…
May 26th, 2006 at 10:28 am
[…] Hans calls out MicroID as the closest conceptually, though it doesn’t appear to extend much past validating ownership of content. The suggestion that MicroID may be repurposed to also allow generating a unique ID for every URI one would want to claim further leads me to think it’s not ideal for specific identity concerns. […]
June 1st, 2006 at 12:50 pm
I like the idea of using a high level url when possible. Some sites, especially home grown sites, will be impossible to claim if you have to generate a new microid for every page until someone builds that into the application.
I added microid to two pieces of software I run
Tikiwiki (www.gmartin.org)
Gallery (linux2.gmartin.org:82/gallery/index.php
Generating the mID (you can use that abbrev. BTW) for each page would be impractical for a piece of 3rd party web software.
\\Greg
June 11th, 2006 at 2:45 pm
I think MicroID has the potential to identify the message, the messenger and any other identifiers needed to contextualize a ‘conversation’. The method could be delivered in a concetanated manner. (i.e., 654964984984-32151965498498494984, etc).
This would allow a more efficient RPC call to be performed by obtaining multiple data sets within a literal MicroID string. The result could be parsed for lexical analysis, or for other reasons.
I also think the use of standards will become important for MicroID to become widely adopted. The two areas that come to mind are:
1. Token Handles (ie, ‘mailto:’) that identify the content.
2. Hash algorithm that creates the token.
The potential use of this format may open the door for machine translation of conversations across multiple sites, or the start of a cross platform (portable) reputation management system.
I’m working on a framework for reputation and would like to explore the idea of MicroID. Thanks for the inspiration.
June 15th, 2006 at 9:45 am
If you change from sha1 to HMAC now, anyone using microid will have to update their service… that seems kind of a pain unless there’s a huge benefit.
Realistically, either URL pattern can be used depending on the nature of what one wants to verify. To verify that I blog at http://singpolyma-tech.blogspot.com one would need to check againt that URL… to verify (for sure) that I wrote a particular post would probably use the class=”micoid-HASH” version on the post page, but could use the META tag on the post page with its URL. Realistically if I own the blog I wrote the post, and CLASS would be used for multi-user blogs.
June 22nd, 2006 at 9:27 pm
1. Yes, use HMAC.
1.1. Isn’t SHA1 broken? Shouldn’t there be an identifier along with the MicroID to indicate the hashing algorithms used in case SHA1 needs to be changed or someone wants to just use something stronger?
2. URI should have the option of being normalized. In other words, I can see the need/usefulness for both. Since there’s nothing secret about the URI, the URI used can be included along with the ID if it’s different than the actual URI. Maybe just allow the path since the host portion should be required to be the same.
June 28th, 2006 at 9:46 pm
I like the idea of using a high level url when possible. Some sites, especially home grown sites, will be impossible to claim if you have to generate a new microid for every page until someone builds that into the application.