Tuesday, January 24, 2006

More sxore

Sxip responded to my "Writeable Web & sxore" post of a few days ago in which I tried to understand the sxip-based sxore system for controlling blog spam.

Fundamentally, what I wrote yesterday was that sxore, like many other identity systems, relies on a trusted 3rd party to make assertions about users to relying parties. In the sxore system, the trusted 3rd party is sxore.com and the relying parties are the blogs at which a user wishes to post a comment. By either signing in to their sxore account, or completing a captcha there, would be commenters rise above the suspicion threshold sufficiently such that sxore.com recommends to the relying parties that their comments are authentic and not spam.

Sxip acknowledges that I had it mostly right based on what info is available but don't have all the details:
Paul Madsen thinks that Dion Hinchcliffe is off the mark about how sxore works. However sxore does more than Paul describes.
They go on to say

In sxore, as members write comments and are moderated, they build up an aggregate reputation that sxore can then use to auto-moderate comments. That aggregate reputation will also be portable, members of sxore will be able to take it to other sites using SXIP 2.0. Those other sites can verify that a user has a good reputation on another site, in this case at sxore.com.
So, as bloggers use sxore to moderate my comments, sxore.com builds up an overall reputation for me across the different blogs at which I've commented. Eventually, and presumably based on a preference specified by individual bloggers, my comments could be automatically approved based on that reputation. Also, the above gives the impression that the reputation, established in the context of blog posting, could be transferable to other contexts, e.g. online commerce or rating systems.

While I think such functionality is valid and useful (and makes me think that perhaps Liberty should be thinking about a 'Reputation Service' built on top of our Identity Web Services Framework) , I don't think it changes the model. Portable reputation won't mean a thing unless it's coming from an entity that a consumer of such reputation has reason to believe gives its stamp of approval only to deserving individuals (twisted grammar above to ensure that I didn't use the word 'trust')

If I show up at a blog and self-assert 'I have a reputation for making witty and relevant comments' I can guess where any such comments will be filed. If however, sxore.com were to assert the same thing, then I would be much more likely to have my spelling corrections and similarly insightful comments approved.

No comments: