I don’t know where Jason gets his inspiration but I continue to be impressed.
However, there are a couple of queries I have about his most recent flash of genius.
Firstly, he talks about how applications will no longer work in the traditional sense:
“Thus, instead of a user registering to use an application as it
typically done with Web applications these days, we need to turn this
concept around and the application now needs to register with the user.”
My question around this would be how the application would deal with users’ permissions. If I own my private server and therefore my own online Identity, are the only claims that I hold on the server self-asserted ones? Therefore, when I launch and application, how does it know what permissions to give me in the application? Is this just based on the self-asserted claims that I make? Alternatively, does Jason envisage this private server plugging into something like CardSpace so that I could use third-party verified claims instead of just my own when accessing external applications.
Furthermore, Jason talks about the uses of the private server:
“The user can use it to administer their public Web presence, send and
receive messages, launch applications, and a bunch of other fun stuff
which I’ll talk about another time.”
I wonder if the launching of applications could be done by using something like Heartbeat-ID that I have talked about previously? Is this the sort of way Jason was thinking about launching and running applications or has he not gone to that level of detail yet. Plus, it does rely on Heartbeat-ID open-sourcing their software used to launch applications.
Jason has clearly thought through his idea well and I can’t wait to see a working prototype put out to the wider Identity community for comments, feedback and input.