MicroID

From Wikipedia, the free encyclopedia

This article or section may contain original research or unverified claims. Please improve the article by adding references. See the talk page for details. (January 2008)

This article does not cite any references or sources. (January 2008) Please help improve this article by adding citations to reliable sources. Unverifiable material may be challenged and removed.

MicroID is an open source, decentralized identity protocol. It was originally developed in 2005 by Jeremie Miller [1]. A MicroID is a simple identifier comprising a hashed communication/identity URI (e.g. Email, OpenID, and/or Yadis) and claimed URL. Together, the two elements create a hash that can be claimed by third party services.

Contents 1 MicroID Exchange 2 Security Limitations 3 Architecture of a MicroID Claim 4 MicroID and the DOM 5 Known MicroID providers 6 Known MicroID verifiers 7 MicroID Resources

[edit] MicroID Exchange

Here is an example of a MicroID hash, in pseudocode:

MicroID = sha1_hex( sha1_hex( "mailto:user@email.com" ) + sha1_hex( "http://website.com" ) );

The computed MicroID would then be placed on a web page to be claimed. A verifier, which would independently generate the MicroID, would then visit the page to see if the generated MicroID is the same as the MicroID on the page. If they are the same, a claim exists.

MicroID is based on a communication URI. Since both the MicroID provider and verifier can verify the communication URI, a proper MicroID implementation allows for trusted identity claims.

[edit] Security Limitations

A MicroID is essentially a content URI signed with an email address or other attribution. Since the content URI is known for comparison purposes, a MicroID claim can be forged by anybody who knows the communication URI (e.g. email address) associated with the identity. In particular, since a verifier must generate the MicroID in order to compare it, it follows that any party who is trusted to verify a user's MicroID must also be trusted to generate new authorship claims with it.

[edit] Architecture of a MicroID Claim

An example of a successful MicroID claim is as follows:

1. A user signs up for a web service. That web service verifies the user's email, and creates public web pages for the user that contain a MicroID. That MicroID comprises the hashed email (communication URI) and the URL of the webpage.
2. The user then signs up for a verifier service. The service also verifies the user's email.
3. The user inputs the URL of the page she wishes to claim into the verifier service. The verifier service computes the MicroID and attempts to verify the MicroID in the claimed page.
4. If the MicroID in claimed page is the same as the one in the verifier service, a claim exists. The verifier will then claim ownership of the page.

[edit] MicroID and the DOM

MicroID allows for the claiming of semantic HTML elements. For example, a MicroID inserted in a block-level element will constitue an ownership claim of anything in the element. A MicroID inserted in the header of a page will constitute an ownership claim of the page. Claims are only verifiable at the granularity of URIs.

[edit] Known MicroID providers

The following web services provide MicroIDs to their users:

• Last.fm
• ClaimID
• ma.gnolia
• Wikitravel
• Del.icio.us
• Yedda
• Lingr
• BusyTonight
• Digg

[edit] Known MicroID verifiers

The following web services verify MicroID claims:

• ClaimID
• Wink

[edit] MicroID Resources

• http://microid.org - MicroID homepage
• http://microid.org/blog - MicroID blog
• http://lists.ibiblio.org/mailman/listinfo/microid - MicroID mailing list
• http://microid.org/code/ - MicroID Open source code