How can people be sure that a blog comment left by "Bill Gates" is from the real Bill Gates? How does your lifestream aggregator know? Web developer Kyle Brady, creator of lifestream aggregator OneSwirl, has proposed a system he calls idAuth that he thinks addresses this issue. idAuth is a "push" system for data that can be linked to a specific identity. Theoretically, it would allow lifestream aggregators to collect data from across the web without the need for RSS/Atom feeds, and verify the validity of the id of the data owner.]]>
There are two parts to idAuth: the part that verifies your identity, and the part that pushes anything you create once you've been verified back to your lifestream aggregation service. The spec would have to be supported on both ends (i.e., there would need to be support for idAuth on both the site or service you are creating new data, and by your lifestream aggregator).
It works something like this: Let's assume your lifestream aggregator supports idAuth. From within your aggregator, you specific a unique identifier that you'll use around the web (such as OpenID or email address -- it is important to note that while idAuth has low-level support for identity systems such as OpenID, it is using them only as an identifier, not for authentication). You'll also specify some keys for use, such as "blog comments" or "readwriteweb.com blog comments" or "photos." These details are then set in a cookie.
When I add data to a service -- which would also support idAuth -- it searches for an idAuth cookie and then looks for an appropriate key. For example, ReadWriteWeb would search for a "readwriteweb.com" key or a "blog comments" key, Flickr might search for a "photos" key. Once it finds the right key, it packages the data you've entered and pushes it back to your lifestream aggregator (whose information is included in the idAuth cookie) in XML format, which the aggregator compares to your cookie to make sure the keys match and the data is valid. You can think of this as something akin to the trackbacks that blogs use to notify one another of links, with a layer of identity verification.
It might seem that something like idAuth wouldn't be necessary for Flickr -- whose stream you verified as yours when you added it to your aggregator -- but the idea here is that your lifestream aggregation service can collect data you create from anywhere on the web and verify that it was indeed you that created it. And you don't have to add a million feeds into your aggregator (nor do they have to bake in support for a million different services), to get it done. That would be supremely useful for something like blog comments, which are very fragmented.
Brady hopes that moving forward he can gain the support of some current lifestream aggregators, then start creating libraries for popular languages and plugins for popular blog clients. His entire proposal, which goes much more into depth about the technical specifics than this post, can be downloaded on his blog in PDF, Word, and OpenOffice formats.
]]>