(redirected from DomainBasedRealNames)

DomainBasedRealName

MeatballWiki | RecentChanges | Random Page | Indices | Categories

Wikizens, who want to identify themselves in a wiki by a DomainBasedRealName, proceed as follows:

1. they set up a WikiHomePage ; there they set a link to their owned domain-name URL and a link to Whois.com, a central registry for domain-name owners.

2. Additionally they take a snapshot of their WikiHomePage for their blog.

3. From their owned domain-name URL AND from their blog they set a backlink to their WikiHomePage

BenefitsOfDomainBasedRealNames

-- FridemarPache

Discussion:

HansWobbe asked in DomainsWiki for the BenefitsOfDomainBasedRealNames, so I refactored this paged accordingly, to adhere to the ideal of a SlideWiki for the convenience of the readers, who don't want to loose too much time with scrolling.

This seems to be very close to the OpenID concept wherein one signs into websites using an identity verified by a server that they control (so for example you might appear with yourname.website.com, if you had a verified account at website.com and they run an OpenID server). -- EarleMartin (earle.myopenid.com)

The major problem with this scheme is that there is no guarantee that John Doe owns the domain johndoe.com. The domain name registars do not require any valid identification, nor does the whois information match the person's actual information. It's rather rare that it does, actually. Where OpenID makes more sense is that it ties your "new" identity to an existing investment in a SerialIdentity somewhere else, which presumably is bolstered through a network of other people who support that identity. While again it is possible to spoof an entire identity by building up a series of connections both real and fictional (and I know people who have done this), it becomes increasingly unlikely. However, it is trivial to spoof a domain registration since it relies on the honour system alone. -- SunirShah

Sunir, I have not yet seen a registrar, who takes cash for their services. As far as I know, all registrars rely on credit card payment or PayPal (who verify customer's identity via small funds transfers). So they require a valid identification by credit card at least. People, who want to engage in an OpenBusiness, OpenBusinessWiki within the framework of a SocialCommonWealth, i.e. peers who want to buy, develop and resell domain-names have a vested interest, that the revenue is directed to their own account. So I wouldn't play down the slogan of WhoIs?: "We give you an identity in the Web" (or similar, I must look it up). As credit card fraud is a crime, we can normally assume GoodFaith of the clients of WhoIs?. -- [fridemar]

Yes, that's a very serious issue with the system as it stands. My workaround is to place my PrettyGoodPrivacy (strictly speaking, GPG) PublicKey on my website, which is verifiable using the traditional method. The downside to that, however, is that it requires meeting me in person and examining my GovernmentBackedAuthentication, and you may be on a different continent. I could also be using fake ID, but I think for most people it's a lot harder to fake a passport than a domain registration. (Incidentally, don't we have a page somewhere about someone who built up a fake OnlineIdentity, and how it was discovered by their community?) -- EarleMartin

Please consider this partial kludge 'method' (HansWobbe interjects)

Canadian Passport applications have to be signed by a recognized professional (e.g. lawyer, accountant, engineer, postmaster, ... member of a self-regulating organization that has some disciplinary capabilities)
Canada Post has a Bill payment system (epost) that includes a 'watermark' (hash) showing that a message has not been altered.
I scanned my passport, creating an obvious image of the passport picture, my signature the passport number, etc) and attached these scans to an epost message (thereby hashing it) that I sent to a postmaster I know. I asked him to reply stating that he recognized the me, the passport, and this transaction. (I also confirmed this with a phone call, creating a second independant channel.)

His (hashed) reply, which epost retains on their server for 8 years, is now in my inbox, which I can access with my (relatively) secure passowrd via 128 bit encription and the password known only to me.

Effectively, I can now use this to start showing people that I am who I claim to be.
So far I have been able to boot-strap this further quite extensively, creating a whole web of sites where I can present someone with a method of confirming my identity.

This also dovetails with the fact that my employer effectively "vouches" for my identity by giving me...

An email ID that is obviously theirs and which is now linked to my mobile phone-computer effectively giving me an employer issued "certificate" and a "Credit Limit" (via the company cerdit card) that effectively serves as a TrustMetric in the same manner that banks provide each and every one of their emplyees with an "authorization" level (generally expressed in terms of how much money they are authorized to lend, under specific conditions.

-- HansWobbe