Home >  Archive >  2011 >  March >  4

Previous / Next

Using DNS as a thin ID system
By Dave Winer on Friday, March 04, 2011 at 5:39 PM.

A picture named beetlejuice.jpgJust thinking out loud here. #

Suppose a user had control of a name that can be looked up through DNS. #

Something like: dave.me or dave.easy.com, for example.  #

The former would be done through a registrar, the latter by a web service. #

Suppose in both cases the user could define a file whose name would only be known to him. That's the password. When you sign in you'd enter the domain and the name of the file where username and password are requested.  #

Then the site requesting a validated ID would make this request: #

http://username/password #

If what came back is a 404, you're not authorized.  #

If a 200 came back -- you're in.  #

The body of the request could be something like a feed or an OPML file with info about the person. Basic stuff that any authenticated site is allowed to have. #

Seems that's about as thin as an ID system can get. #

A picture named signin.gif #

And there's nothing innovative about it. We just need something like this that's quick easy for users to set up, with a name they're likely to trust. #

Christmas Tree
This site contributes to the scripting.com community river.

© Copyright 1997-2011 Dave Winer. Last update: Friday, March 04, 2011 at 9:11 PM Eastern. Last build: 12/12/2011; 12:58:25 PM. "It's even worse than it appears."

RSS feed for Scripting News

Previous / Next