lj_dev: Distributed Identity: Yadis

Brad Fitzpatrick (

bradfitz) wrote in

lj_dev,
@ 2005-05-16 16:14:00

Distributed Identity: Yadis
Consider this my public announcement of Yadis (a temporary name). Yadis is a distributed identity system.

Here's a demo:

http://www.danga.com/yadis/demo/demo.html
(Note that while this demo is all AJAX-ified, that's not a requirement of the protocol.)

In a nutshell:
-- Your FOAF file points to your chosen identity server. (your LJ FOAF file already contains this, as of last night)

-- Your identity server is responsible for telling the rest of the world if you're you or not, and digitally signing a receipt saying that you said so, but only if you've told your identity server if you want to.

-- Clients on the web that want to verify your identity: ask for your blog or FOAF URL. ("bradfitz.livejournal.com") fetch your blog HTML, find your FOAF URL, fetch your FOAF, find your identity server, then ask the identity server if you're who you said you are. If you're not, or you're not logged in, or you haven't setup trust... in all 3 cases the identity server just tells the client "Sorry, I can't tell you. Throw there user to this URL." So client provides link, or redirects user. User sets up trust on identity server, goes back to site, logs in again.

-- Your global identifier throughout the web isn't "happygirl234324" or an email address, or "bradfitz@identityserver.com", but your FOAF URL. So you also choose how much info you do or do not want to share in there.

-- If you don't trust LiveJournal to be your identity server, run your own identity server, and point your FOAF at that. Or use somebody you trust more.

Future implications:
-- offsite LJ toys that know who you are, without asking for your password
-- adding a yadis user as a friend, and letting him/her read friends-only entries and leave comments to "friend-only-can-comment" entries
-- marking yadis users as can-comment-without-moderation
-- history of comments from FOAF users
-- comment on MovableType/blosxom/etc blogs, retaining your LJ identity, and vice-versa
-- DeadJournal users commenting on LiveJournal (with the little DeadJournal skull icon!)
-- .....
-- .....

Status:
Yadis is functional on LiveJournal now, and offsite tools can (and already have) started using it. But it's subject to change.

Much more sample code for Perl, PHP, Ruby, Python forthcoming. I'll also be releasing an identity server, if

mart,

supersat, or

revjim don't beat me to it. (please do! :-))

This is a call for discussion and place for questions, but first read at least the Yadis page and the specs page. Note that this has been in development for a whole 4 days, so be kind, and beware of changes. (though it has been on my wishlist for at least as many years)

Enjoy!

Page 1 of 2
<<	[1] [2]	>>

(Post a new comment)

	vampwillow 2005-05-16 11:20 pm UTC (link)
	gets ready to play ... (Reply to this) (Thread)

	missinight 2005-10-06 05:52 pm UTC (link)
	oooou =) If game will begin is there will be an impressing show. (Reply to this) (Parent)

	isfacat 2005-05-16 11:26 pm UTC (link)
	Bug to mention already: After granting permission, it still requests permission. But this is a demo, for the most part. It's just there to be fun right now :) (Reply to this) (Thread)

	bradfitz 2005-05-16 11:44 pm UTC (link)
	Uh, works for everybody I've seen. You logged in to LJ with the same account you told the demo app? (Reply to this) (Parent)(Thread)(Expand)

	crschmidt 2005-05-16 11:32 pm UTC (link)
	Is there a reason you made the property point to a literal instead of a URI? (Reply to this) (Thread)

	bradfitz 2005-05-16 11:46 pm UTC (link)
	In the FOAF? I'm neither a FOAF nor RDF master. Recommend something better and I'm all ears. (You're Mr. Semantic Web / RDF, right?) (Reply to this) (Parent)(Thread)(Expand)

	sidelobe 2005-05-16 11:43 pm UTC (link)
	Why not submit an RFC to the IETF? This is worthy of that level of scrutiny and publication. This seems to be a handy way of handling low-level trust. That is, trust at a level that won't screw with my bank account or real-world identity. In theory, it may be expanded to any level of trust. (Reply to this) (Thread)(Expand)

	bradfitz 2005-05-16 11:47 pm UTC (link)
	I guess I took the more pragmatic approach of building something tangible first to use and play with. The spec route is a possibility, but I'm not considering it at the moment. (Reply to this) (Parent)(Thread)(Expand)

	duskwuff 2005-05-16 11:52 pm UTC (link)
	Demo doesn't work without Javascript enabled. You probably want `method='post'`, not `action='post'`. (Reply to this) (Thread)

	bradfitz 2005-05-17 12:10 am UTC (link)
	This is an AJAX-only demo. I haven't made the "plain" version, but nothing in the protocol requires JavaScript. (Reply to this) (Parent)

	illynova 2005-05-16 11:52 pm UTC (link)
	I really, really like this idea. I think I'm going to implement a sample server in both perl or c#, and help with libraries. Thanks for a fun summer project! (Reply to this)

	bradfitz 2005-05-17 12:23 am UTC (link)
	It's "is_foaf", not "foaf_url". But yes, that should work otherwise, and I just verified it does using the same steps you just did. (Reply to this) (Parent)(Thread)(Expand)

	valiskeogh 2005-05-17 12:02 am UTC (link)
	so the more "layperson" reason this is neat is: if you're logged into livejournal, you can be automatically logged into anywhere that uses this scheme? (Reply to this) (Thread)

	bradfitz 2005-05-17 12:30 am UTC (link)
	Yes. And thanks for mentioning "can be" before somebody got freaked out. :-) (Reply to this) (Parent)(Thread)(Expand)

	nikolasco 2005-05-17 12:03 am UTC (link)
	This seems to be almost identical to SEA and very similar to mIDm. Both use simple authentication servers. SEA uses FOAF, like Yadis. mIDm uses user agent header (ick). The major difference I see us the use of a redirect page, which isn't much. I'm also reminded of UMCP's common login system, inasmuch as the redirect API's are similar. (Reply to this) (Thread)(Expand)

	bradfitz 2005-05-17 12:14 am UTC (link)
	Thanks! (I wish I would've had those links a few days ago....) I'll go do some reading to see if I can't merge with one of those. I found the redirect the only way to avoid man-in-the-middle attacks, though, so if neither of those do that, and don't combat the problem in a different way, they may not work. (Reply to this) (Parent)(Thread)(Expand)

	nikolasco 2005-05-17 12:09 am UTC (link)
	They're different servers, as far as DNS is concerned. When you visit livejournal.com, you get redirected to www.livejournal.com . This does raise the interesting question of whether or not one identity server should be able to hand you off to another. If so, things like purl could be used for greater consistency. Just a detail. (Reply to this) (Parent)(Thread)(Expand)

	poisonkitty 2005-05-17 02:25 am UTC (link)
	I haven't read the specs page yet, but based on the description, I just wanted to say a very big THANK YOU! (Reply to this)

	mvc 2005-05-17 02:59 am UTC (link)
	I'm not sure whether this is a serious security hole or just an unavoidable consequence of using http rather than https, but if someone can sniff the URL that you're redirected to, they can spoof your identity. Is there any way around this? (Reply to this) (Thread)

	crschmidt 2005-05-17 02:41 pm UTC (link)
	If someone can sniff the traffic that you're doing at that level, isn't it equally likely that they could read your cookies, in which case they could spoof your identity anyway? (Reply to this) (Parent)(Thread)(Expand)

	crschmidt 2005-05-17 03:05 pm UTC (link)
	And, an equivilant version, using minidom instead of Redland to find the identityServer: http://crschmidt.net/yadis/minidom?source=1 (Reply to this) (Parent)

	duskwuff 2005-05-17 03:30 am UTC (link)
	The AJAX demo is broken in Safari 2.0 (webcore 412) under Mac OS X 10.4.0 and 10.4.1 - even if you've already approved the access, you still get told you need to approve. Works just fine in Firefox, though. (Reply to this) (Thread)

	You need to change your cookie settings... bennolan 2005-05-17 06:46 am UTC (link)
	to allow third party sites to read cookies. (Reply to this) (Parent)(Thread)(Expand)

	brentdax 2005-05-17 08:36 am UTC (link)
	I'm not sure I understand the scope of Yadis. Specifically, I can see the identification component, but not the authentication component (if there is one). If Alice allows (say) Wikipedia to use her LiveJournal identity, is there anything to stop Eve from plugging in Alice's address? (Reply to this) (Thread)(Expand)

	Can I enable 'all'? andrewducker 2005-05-17 11:42 am UTC (link)
	I can't, at the moment, think of a problem with allowing all requesters to verify that I am who I say I am. Rather than having to whitelist every blog that I comment on (a barrier to me actually bothering to comment) - how about having the option to just allow all? (Reply to this) (Thread)

	Re: Can I enable 'all'? crschmidt 2005-05-17 11:50 am UTC (link)
	In which case, anyone who knows your Livejournal name can comment on any blog. Unless I'm really missing some step, but it doesn't seem like there's any extra verification: You enter a site name: andrewducker.livejournal.com. Assuming you've "allow all"'ed, anyone can now pretend to be andrewducker. (Reply to this) (Parent)(Thread)(Expand)

About

Help

Get Involved

Legal

Store

LJ Labs

	crschmidt 2005-05-17 11:52 am UTC (link)
	That depends on what you want to say. LiveJournal already says "The weblog for Brad is www.livejournal.com/users/brad/": But I'm not sure how that helps. What end would it serve, exactly? You want someone to fetch an RDF file, read it, then fetch another (different) RDF file instead? (Reply to this) (Parent)

	crschmidt 2005-05-17 11:54 am UTC (link)
	I'm not sure how I'm supposed to use LiveJournal's public key to decrypt the data: I can't find anything simple on decrypting DSA signatures in PHP, and when I try to tell GPG to import the public key LJ is spitting out, it claims there is no OpenPGP data in it. Tips? (Reply to this)

	teemus 2005-05-17 12:45 pm UTC (link)
	AWESOME! (Reply to this)

	minor issue with the demo node 2005-05-17 12:51 pm UTC (link)
	It doesn't like urls with underscores escaped to hyphens — like `anonymous-bozo.livejournal.com`. It's okay with `http://www.livejournal.com/users/anonymous_bozo`. (Reply to this)

	davesawyer 2005-05-17 03:16 pm UTC (link)
	Sometimes I wish I knew what the hell everyone was talking about around this community. It's still interesting to read and feel like I'm on the cutting edge though. :) (Reply to this)

	shepline 2005-05-17 07:48 pm UTC (link)
	Interesting. Does www.flickr.com support Yadis yet, as it is the only off-site tool which I have trusted to "blog to my journal"? (Reply to this) (Thread)

	Foopad bennolan 2005-05-17 10:35 pm UTC (link)
	I added this too foopad.com as a demo of what you can do. It'd be cool to be able to be able to grant access the livejournal metaweblog api via YADIS as well. :) (Reply to this)

Username:		Create an Account Forgot your login or password? Login w/ OpenID
Password:
	Remember Me
	English • Español • Deutsch • Русский…