Signing Comments

Simon Willison has joined a discussion on signing comments.  This is a topic that has fascinated me for some time, but I haven't done anything about... yet.

Having signature authenticating web service would also be valuable in a posting API.

Wed, 23 Jul 2003

Identity at comments really has two aspects, first and foremost, to discourage spam or to ban abusers, and secondly, to trace comments back to the person who claimed to make them.

Neither of which needs to get into the complexity of signing. And both of which can be enabled by a set of centalized identity services, federating, or even each blog maintianing its own identity system, or even caching upstream identities.

I suspect this is one of those cases where decentralization for its own sake makes it harder for the actual user, who now has to install a bookmarklet, rather than having had to do one of those click on link in email signup things. Atleast this proposal dosent waant to do the pgp signing stuff people were talking abot earlier.

Why do we programmers have aa tendency to complicate things more than they need to be (its something i have to actively counteract in me too)?

Posted by Rahul Dave at 10:58

Signing comments

Some interesting ideas from Simon Willison : Signing comments on blogs. (spotter : Sam Ruby)......

Excerpt from Formerly Echo at 11:36
My comments here: http://www.ideaspace.net/users/wkearney/archives/entries/000394.html

Posted by Bill Kearney at 13:10

Prior efforts from Paul Bausch, using PGP to protect identity:

http://www.onfocus.com/pgp-demo.asp
http://www.onfocus.com/index.asp?xml=2002_11_01_past.xml#3005

Posted by scottandrew at 14:26

Thu, 24 Jul 2003

Ben's also done some work on this:
http://www.sixapart.com/log/2002/12/verifying_pgp_s.shtml

Posted by Anil Dash at 03:38
I've played around some here as well, see FoafCheck, with more complete details of the intended comment signing process summarized in FoafIdentityAssurance.

Posted by Ken MacLeod at 10:06
I've put together a prototype. The unique thing about this system is it doesn't require PGP, or any other third party software (in fact it doesn't even require a hashing algorithm) - signatures are made by generating a one-time random string, which is stored with the comment and recorded as belonging to a particular user. The bookmarklet acts as the go-between, and the validation server is used to confirm that the signatures match. It ends up validating the user's homepage rather than the user's name, as the homepage is where the authentication server information is found.

Posted by Simon Willison at 10:41

Add your comment

Name:


E-mail:


URL:


Comment:


Remember info?

Essays

Noun vs Verb

Topology

Evolution of the Weblog APIs

Cohesion

SOAP by Example

A Gentle Introduction to Namespaces

Really Simple Syndication

Expect More

REST + SOAP

Beyond Backlinks

Google's Genius

Neuro Transmitters

Headers and Hrefs

A Gentle Introduction to SOAP

Coping with Change

Manufactured Serendipity

Dealing with Diversity

A Busy Developers Guide to WSDL 1.1

Axis/Radio Interop, Actual and Potential

To Infinity and Beyond: the Quest for SOAP Interoperability

What Object Does SOAP Access?

Favorites

In Praise of Evolvable Systems

Metacrap

The Law of Leaky Abstractions

The Eight Fallacies of Distributed Computing

Permanet, Nearlynet, and Wireless Data

Search

Nav Bar

Home
Wiki

Archives
Citations
Code
Comments
Feeds
Statistics

Blogroll

0xdecafbad
aaron swartz
abe fettig
adam bosworth
andres aguiar
appswitching diary
ascription is an anathema...
be blogging
ben hammersley.com
better living through software
bitworking stories
blogging roller
bookblog
brad abrams
brian behlendorf
burningbird
chris dix
clemens vasters
code feed
corante
d2r
dare obasanjo
dave seidel
debbie
dive into mark
dj
don box
don park
ericfreeman.com
erik hatcher
ernie the attorney
flashgoirl
formerly echo
freeform goodness
gary burd
glen daniels
gordon weakliem
graham glass
greg reinacker
guido casper
guido van rossum
gump
hacking log 3.0
ikvm.net
ingo rammer
joel on software
john.beimler
joi ito
jon stevens
jon udell
ken
ken macleod
lambda the ultimate
loosely coupled
luke hutteman
making it stick.
mark baker
memojo.com
mitch kapor
mnot
ongoing
outer web thought log
patrick chanezon
pet rock star
peter drayton
phil ringnalda dot com
pushing the envelope
raelity bytes
ray ozzie
rebecca dias
robert c. martin
sam gentile
sanjiva weerawarana
sean mcgrath
sellsbrothers.com
sifry
silent-penguin.com
simon fell
simon willison
simplegeek
sjoerd visscher
snellspace
squawks of the parrot
stefano
sterling hughes
ted leung on the...
the .net guy
the james duncan davidson
thearchitect.co.uk
thinking about computing
tima thinking outloud.
toolbox
verba volant
ward cunningham
weblog
weblog for costin manolache
webmink
www.davidwatson
y. b. normal
yasser shohoud blog
yole

Powered by

Apache
blo.gs
BlogShares
Cornerhost
mombo
Tidy
Vim
XHTML 1.0