top | item 39282356

(no title)

epaulson | 2 years ago

One of the long-standing challenges in the federated identity space has been that most of the solutions are built around domain names, which are a pain for most users to create on their own. There's a sense that people would prefer email addresses as their identifiers, but without some server help that's hard to do. The WebFinger protocol works well for translating email addresses into something that could be used for federated data servers, but alas most of the big email providers (ala gmail) don't participate in WebFinger.

A while back Brett Slatkin and Brad Fitzpatrick built out a protocol called 'Web FistBump' that could bring WebFinger to people who's email providers to support it. It was a clever hack with DKIM - you emailed their webfist.org server with what you wanted to be your Webfinger info, and because Gmail signed the message with DKIM anyone could verify the message. The webfist.org server just proxied WebFinger requests into lookups for those signed emails. Even better, because it's just a signed email you can treat it as a blob and have a pool of different resolvers do the proxying, kinda like a blockchain. I think there was a post from Brad somewhere that estimated that the total data needed if everyone in the world used WebFistBump for storing a blob was in the low 100s of GB, which is pretty managable for a wider community to keep online.

I need to read up on DIDs but it feels like DIDs just standardize on what the message format should be that would come back from something like WebFinger/WebFistbump, but if WebFistbump were actually up and running, it could make WebFinger more widely available. (Alas, I think the webfist.org server has been shut down but maybe they could flip it back on!)

https://www.onebigfluke.com/2013/06/bootstrapping-webfinger-...

discuss

No comments yet.