There's been some interesting debate recently
over how to handle one of the thornier issues
of the blogosphere: comment spam. What's puzzling is that the conversation is taking place in parallel
to the quest to deal with spam e-mail, while both problems hinge on the same basic issue: verifying someone's
identity, and determining whether they can be trusted.
Maybe it's just me, but it would seem the answer to these two problems would be the same–a way for someone wishing
to communicate to assert their identity without having to resort to a digital signature (the most, er, “robust” way to
verify identity, but not necessarily practical for weblog comments or quick e-mail missives). That sounds like a job for federated single-signon. This is the sort of
application Microsoft had in mind for its Passport identity system when it planned Hailstorm, and it's
the impetus behind the Liberty Alliance.
So, why is there this disconnect? There is an open-source
implementation of the Liberty Alliance spec,in Java and in .Net. But, erm, despite what the marketing people will
tell you, most websites (particularly weblog comment systems) do not run on .Net or Java. And why would SixApart or Userland
want to choke on the hairball of single-signon code that they'd have to create just so someone could assert their identity
with their, say, AOL account?
Well, because it might work, for one thing. It would save them the trouble of setting up and maintaining
their own identity systems, and ensure compatibility between their solutions. It would simplify their users' lives,
because they could globally assert trust levels for e-mail, instant messaging, and weblog commnents. While digital signatures are
bound to become more prevalent in corporate e-mail, it would make a ton of sense for identity systems based on Liberty
to be applied to consumer e-mail systems at least; enterprise-class users could serve up their own identity federation.
And it sure
beats the hell out of using digitally-signed FOAF files for user simplicity.
That, plus it will probably scale better. But considering the constant dickering over syndication standards,
it would be hard to imagine anyone in the blogware world (other than, say, Google, who could turn Orkut into
one giant identity assertion service) would try to follow someone else's standards. And aside from the sheer
intimidation factor that the Liberty spec has, I'm sure there are other reasons I'm missing that it doesn't
apply to the blog world.