Monday, January 23, 2006

Writeable Web & sxore

Dion Hinchliffe writes about the potential of Sxip's sxore as a means of bringing responsibility to the writeable web.

He wonders

If I understand it fully, Identity 2.0-compliant credentials can be shown to anyone and validated on the spot, without consulting a validating authority
With the same caveat about fully understanding sxore, I think Dion is off the mark here on how sxore works.

From what I can tell from the sxore FAQ and playing around with the sites that are enabled, with sxore, when somebody wants to leave a comment on some post or article, they have 2 choices, they can complete a captcha to prove they are human and not a bot, or they can log-in to their sxore account. Either way, they prove their humanity or authenticate at then uses the sxip protocols in order to assert to the original site that the user is, at minimum, human.

So, with respect to Dion's conjecture above, the individual wishing to leave a comment does very definitely provide their credentials to a validation authority, specifically (and perhaps other similar sxore-enabled authorities in the future).

This is not to question the value of sxore, it appears a slick (and user-friendly) solution for the problem of blog spam. But it does not do away with the role of an authoritative identity provider validating credentials and vouching for identity to relying party sites. And so, at this most basic level, sxore (and Sxip's larger Identity 2.0) appears to be consistent with many of the other identity systems.

1 comment:

Anonymous said...

That is fair analysis of what can be seen of sxore, however I have posted a bit more information about what sxore is doing:

If you were running WordPress you could be using sxore for these comments ...