Home idAuth: Proposed Push Identity-Data Relationship Standard

idAuth: Proposed Push Identity-Data Relationship Standard

How can people be sure that a blog comment left by “Bill Gates” is from the real Bill Gates? How does your lifestream aggregator know? Web developer Kyle Brady, creator of lifestream aggregator OneSwirl, has proposed a system he calls idAuth that he thinks addresses this issue. idAuth is a “push” system for data that can be linked to a specific identity. Theoretically, it would allow lifestream aggregators to collect data from across the web without the need for RSS/Atom feeds, and verify the validity of the id of the data owner.

There are two parts to idAuth: the part that verifies your identity, and the part that pushes anything you create once you’ve been verified back to your lifestream aggregation service. The spec would have to be supported on both ends (i.e., there would need to be support for idAuth on both the site or service you are creating new data, and by your lifestream aggregator).

It works something like this: Let’s assume your lifestream aggregator supports idAuth. From within your aggregator, you specific a unique identifier that you’ll use around the web (such as OpenID or email address — it is important to note that while idAuth has low-level support for identity systems such as OpenID, it is using them only as an identifier, not for authentication). You’ll also specify some keys for use, such as “blog comments” or “readwriteweb.com blog comments” or “photos.” These details are then set in a cookie.

When I add data to a service — which would also support idAuth — it searches for an idAuth cookie and then looks for an appropriate key. For example, ReadWriteWeb would search for a “readwriteweb.com” key or a “blog comments” key, Flickr might search for a “photos” key. Once it finds the right key, it packages the data you’ve entered and pushes it back to your lifestream aggregator (whose information is included in the idAuth cookie) in XML format, which the aggregator compares to your cookie to make sure the keys match and the data is valid. You can think of this as something akin to the trackbacks that blogs use to notify one another of links, with a layer of identity verification.

It might seem that something like idAuth wouldn’t be necessary for Flickr — whose stream you verified as yours when you added it to your aggregator — but the idea here is that your lifestream aggregation service can collect data you create from anywhere on the web and verify that it was indeed you that created it. And you don’t have to add a million feeds into your aggregator (nor do they have to bake in support for a million different services), to get it done. That would be supremely useful for something like blog comments, which are very fragmented.

Brady hopes that moving forward he can gain the support of some current lifestream aggregators, then start creating libraries for popular languages and plugins for popular blog clients. His entire proposal, which goes much more into depth about the technical specifics than this post, can be downloaded on his blog in PDF, Word, and OpenOffice formats.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.