[standards-jig] Proposal: Jabber as universal ID

Constantin Nickonov Nickonov at jabber.com
Mon Dec 1 15:02:21 UTC 2003


At first glance, this is a good idea. However, Jabber must first adopt a
more extensible (and standardized) vcard/profile standard. At that point,
information will be retrievable reliably -- assuming users are compelled to
enter sensical data there. That brings about the second problem -- privacy
and security. Even if you don't store credit card information in your Jabber
profile, other sensitive information might be easily gathered by shady
parties for purposes of ID theft, spam, etc.

There may be some white-list possibilities, which allow only select sites to
pull vcard's (or new namespace data), but centralizing such permission
parameters for a system that's designed to be as distributed as Jabber would
be no small task.

Those are just initial thoughts.

Constantin

-----Original Message-----
From: Kent Wang [mailto:kwang at kwang.org]
Sent: Monday, December 01, 2003 3:41 AM
To: standards-jig at jabber.org
Subject: [standards-jig] Proposal: Jabber as universal ID


Universal ID services like Microsoft's Passport offer the convenience of
universal login at participating sites. This is useful because you don't
have to retype your personal information like age, real name, etc. at
every single website for which you register. It's also centralized, so
you can change your info once and the change can be propagated to the
participating sites.

The problem with Passport of course is that it's Microsoft and targeted
for big websites like Ebay. Because one of the major pieces of
information Passport is supposed to share is credit card information,
it's important to corporate clients that it's secure and backed by a big
name like Microsoft.

What I propose is a universal ID scheme using Jabber that is focused on
non e-commerce use, particularly site registration. Few websites offer a
"my" section, and even fewer require it, but every website's forum
section requires you to undergo a registration process. This I feel is a
big hassle when you want to just ask a quick question at a tech support
forum for example. It's also quite a hassle considering that I actively
frequent about seven forums and keeping my information consistent and
up-to-date for all them is rather unwieldy.

The way it could work is that the forum software offers a Jabber
universal login option in lieu of conventional registration. The user
simply enters his Jabber username and password and the forum software
pulls certain information like real name and email address from his
Jabber profile. That's it. There'll also be no need for a verification
email.

The forum software can also pull other additional information and even
forum preferences from his Jabber account. It can also regularly poll
the Jabber account for updated information. Of course the user can
always specify site-specific preferences, but the site software can
simply default to his Jabber-specified preferences.

Although it's entirely possible to create a separate infrastructure for
universal ID services, Jabber has an existing userbase. Additionally,
the distributed nature of Jabber servers provides for a sufficiently
wide namespace; simple username IDs has a much smaller namespace than
Jabber's username at domain.tld ID scheme.

I'm by no means a Jabber protocol guru, so I'd like to hear what the
more experienced members have to think. I'm a long-time PHP/MySQL
developer so I can hack phpBB to create a proof of concept, but someone
else will have to code the client part.

Kent Wang
IC2 Institute


_______________________________________________
Standards-JIG mailing list
Standards-JIG at jabber.org
http://mailman.jabber.org/listinfo/standards-jig



More information about the Standards mailing list