MicroID - A Microformat for Claiming Ownership


This morning I learned about MicroIDs from Doc Searls. Jeremy Miller has proposed MicroIDs as a microformat that "allows anyone to simply claim verifiable ownership over their own pages and content hosted anywhere." A MicroID is a hash of two hashed values. The first is a verified communication ID (like an email address that you can prove belongs to you). The second is the URI of the site that the content will be published on. You end up with a unique, long string of gibberish that can be put in the header of a Web page or even wrapped around one part of a page (using a <div/> or <span/>).

It's important to realize that this is for claiming ownership, not authentication. Jeremy gives some use cases

Many services require you verify your site/blog, Technorati by embedding javascript, Google by uploading a file with a special name, and others by placing a link-back or code in the page. By placing one (or more) MicroIDs on your page, any service can now instantly verify ownership once they've validated your email address.

Any comment moderation system can easily start tagging the resulting scores, and the owners can validate to anyone their aggregate reputation across sites.

Membership sites can publish the MicroID on a member's profile page, enabling that individual to verify their status as a member outside of that system. In reverse, links to other memberships can be validated before being a new user can add them to their profile (just like their home page or blog).

Blog comment systems can check the given email address against a MicroID from the entered home page link to help reduce link spamming and blatant spoofing.
From MicroID - Small Decentralized Verifiable Identity
Referenced Mon Mar 27 2006 14:21:21 GMT-0700 (MST)

Let's take the first use case: claiming ownership of a blog and see how it works. Suppose Bob's Big Blogzooka, a Technorati competitor, wants to give members a way to claim ownership of a blog.

  1. Bob's site asks for an email address and validates it in the traditional way (emails you a unique URL that you click on).
  2. Bob asks for the URL of the site you want to claim ownership of and generates the MicroID token (MID) using the URL and your validated email address.
  3. You place your MID in a <meta/> tag on your page.
  4. Bob comes by, sees the token and knows that it is correct because it can be regenerated from your validated email and the site URL.

Of course, this isn't unique to Bob. If you know my email address and have validated it I can give you a URL to visit and you can verify that the MID on that page is associated with that email address.

Note that this doesn't keep someone else from asserting that you own something you don't. I can generate a MID for your email address and place it on any Web site I control. The MID is a way of validating a claim or ownership. If you're not claiming ownership, I can't use a MID to force you to acknowledge ownership.

This is a "just-in-time" solution for me. We're in the process of adding Web site ownership validation to the reputation framework we're building this semester in my graduate class. This is perfect for what we're doing. This keeps us from reinventing it in some non-standard way.