First off, let me note a few things:
1) Holy mother of Britannica, i've got a mess of half finished blog posts about configuring my home security, halloween projects, The Side Project, and other stuff. i really need to squirrel away time just to finish and post those.
2) i'm not a huge fan of Facebook, or Twitter, Google+, Jabber, LinkedIn or any of the many other countless social networks that are out there. They all have one, highly irritating point for me: You don't control the info you share on those sites.
3) The internet, for being so damn easy, can make things really hard. Early protocols were mindbendingly easy. You opened up a connection to a computer, wrote a command to it, got a bunch of crap back that you could read. Apparently, we've evolved beyond that, now.
The highly esteemed Les Orchard and i got into a bit of discussion this morning about a few things. The first being that Persona is awesome.
The second being that there needs to be a way for me to provide you more information about myself. Stuff like, oh, my name, a picture of myself, and whatever other bits of general information that i want to provide. That's all really useful stuff.
And users can provide that information for sites to use RIGHT NOW, using APIs for one of the many social networks that currently exist and are used. The problem being that your information exists purely at the whim of the holder of that info. If, for whatever reason, Facebook suddenly decides that i am worse than Hitler, or some new celebrity decides that they want my name, or someone files a DCMA against my account, or…, all that info no longer is provided. Likewise, i may have to provide more info than i really want to. Like your information. Because public friend lists are providable information using some of those APIs. Sorry about having your account associated with midget clown porn, but that cat video was hilarious.
The problem with Persona (as it exists today) is that it only provides an email address to the site. You still have to provide stuff like your name, address, picture, favorite drink or whatever else to the remote site. That's great, except if you do it a good deal. Ideally, you'd like to have all that info passed along with the email ID (or at least as close to "along" as is required for you not to do anything). You log in, Magic Happens, and the site knows enough about you that you're not annoyed you have to enter in more info.
There are a few ways to do this, by the way. There's stuff like webfinger, portable contacts, RDF and dozens of other things that presume that the only thing you ever want to do with your life is deal with webfinger, portable contacts, RDF and the dozen other things. Each of these require various, difficult extra steps to make sure that "They" are the only ones that get "Your" information all the while making sure that "Your" information is presented in an extensible manner that is backwards compatible with goat farming in Montana.
Ok, not so much the goat farming, but all of these were built to solve different problems than the one your having right now.
The ultimate problem is that you should own your information. You shouldn't have to go through some third party to broker who gets what information when. i should not be blocked from providing info to someone that they disapprove of (e.g. competition to them) and if i ever decide that a provider has become disagreeable for whatever reason, i should be able to switch to a new provider seamlessly. (i'll note that this is in line with The Side Project)
i'd hazard that a set of URLs to simple JSON files could be provided to the site. The JSON files contain the information the user wishes to publish about themselves. i prefer JSON over XML partly because it's less encumbered, but either is fine.
i'm still sort of hashing about the idea of how the files are hashed, and how the URLs can be included. The file name could be a random string of crap to prevent unintended disclosures. The reason for multiple URLs is so that there's a list of sources, should one provider not be willing to continue to provide the data. A user might use a site like about.me, or dropbox, or google drive, or any public share directories. Facebook could even publish a user's data as part of their services (Yeah, probably not happening, but there's nothing preventing it).
i suppose i probably ought to draft this up, but anyone think of any obvious holes here?
