A Way To Add Trust To OpenID?
Thinking about OpenID, the next step is obviously a way to integrate trust into an identity. The first question people will want to ask, I believe, is, "Is this person a spammer?" (Insert your own definition for spammer here, but typically this will mean "Will this person use this site/application/service for the originally intended purpose and will abide by the policies and rules of the site/application/serivce?")
Now that it seems like everyone is getting on board with OpenID (AOL, digg, Technorati, LiveJournal, even Microsoft), there are a lot of identities swimming around. This is a Good Thing. However, nothing stops a spammer or Bad Guy from creating their own OpenID. This is also a Good Thing, because OpenID is only there to verify the identity. Other technologies and layers are then free to add in Trust.
There's a lot of built up trust information out on the web if we can just get to it. Think about all the hard earned feedback profiles and rankings you've amassed over the years. Some examples might include:
* eBay
* slashdot
* digg
* epinions
* amazon (product comments and ratings)
* amazon marketplace
* technorati
* your Google PageRank?
If there's a way to integrate my identity with my profile on these sites, I could build an aggregate of my Trust Rating. If you trust eBay's trust rating, and I have a high rating, then you could trust me. It's trust by proxy, and the entire SSL infrastructure runs on this.
Over time, each of the mentioned services will offer an OpenID. So we'll need a way to be able to assert that all those identities are views of the same entity (person, in this case). Second, we'll need a way to convey whatever ranking or profile each identity has with each service. Third, and optionally, it would be very nice to somehow create a TrustRank given all those statistics.
Services like eBay and Amazon won't only be OpenID providers, but also over time will become OpenTrust providers.
Semantic Web technologies that might help to make this happen:
* OWL with its owl:sameAs, to assert that all my identities are effectively "me".
* A simple RDF vocab with OWL rules for expressing my ranking on a particular site.
Now that it seems like everyone is getting on board with OpenID (AOL, digg, Technorati, LiveJournal, even Microsoft), there are a lot of identities swimming around. This is a Good Thing. However, nothing stops a spammer or Bad Guy from creating their own OpenID. This is also a Good Thing, because OpenID is only there to verify the identity. Other technologies and layers are then free to add in Trust.
There's a lot of built up trust information out on the web if we can just get to it. Think about all the hard earned feedback profiles and rankings you've amassed over the years. Some examples might include:
* eBay
* slashdot
* digg
* epinions
* amazon (product comments and ratings)
* amazon marketplace
* technorati
* your Google PageRank?
If there's a way to integrate my identity with my profile on these sites, I could build an aggregate of my Trust Rating. If you trust eBay's trust rating, and I have a high rating, then you could trust me. It's trust by proxy, and the entire SSL infrastructure runs on this.
Over time, each of the mentioned services will offer an OpenID. So we'll need a way to be able to assert that all those identities are views of the same entity (person, in this case). Second, we'll need a way to convey whatever ranking or profile each identity has with each service. Third, and optionally, it would be very nice to somehow create a TrustRank given all those statistics.
Services like eBay and Amazon won't only be OpenID providers, but also over time will become OpenTrust providers.
Semantic Web technologies that might help to make this happen:
* OWL with its owl:sameAs, to assert that all my identities are effectively "me".
* A simple RDF vocab with OWL rules for expressing my ranking on a particular site.