The Web Graph Database

wiki:Lid/Essence

Essence of LID

LID consists of only four basic ideas:

Use URLs to identify Peoeple

The most fundamental idea behind LID is to use URLs to identify people, or more precisely, Personas. That way, people (and their digital identities):

  • can be found on the internet using search engines such as Google
  • can be bookmarked
  • can be pointed to from a web page
  • can be tagged using del.icio.us or similar services
  • can be printed on a business card

and many other uses.

However, LID is not limited to identifying humans; equally well it can identify organizations, web resources (pages, scripts ...), things or software agents, in which case the LID URL is an Entity LID.

Support queries on the LID URL

LID URLs support queries by which a user can obtain information about the owner of the LID URL. How much or how little information the LID URL owner reveals is up to them, but the way of accessing it is always the same.

For example:

http://example.com/joe?xpath=/VCARD/FN

obtains the full name of the owner of the LID URL, if the owner wanted to reveal that information and decided to support the LID 2.0 VCard Profile.

Allow commands on the LID URL

In order to support functionality such as single-sign-on, message authentication etc., LID URLs understand a certain number of commands.

For example,

http://example.net/?lid-action=sso-approve&lid-target=http://example.com/joe

indicates that a 3rd-party site (here: http://example.net/) would like to obtain confirmation that the current browser session is indeed owned by the owner of the LID URL.

Since LID started supporting Yadis, the LID URL may delegate commands to alternate service URLs, an idea that originally appeared in OpenID. Using this delegation mechanism, the owner of a blog, for example, can turn their blog URL into a full LID URL simply by adding the Yadis X-XRDS-Location tag to their HTML markup.

Sign URL requests with requestor's identity

In order to prevent 3rd parties from impersonating the owner of a LID URL, LID requests can be digitally signed.

For example, the request

http://example.net/private/?...&lid=...&lid-credtype=...&lid-credential=...

also carries information about who performed the request (the lid parameter), what type of credential they provided (lid-credtype) and the actual credential (lid-credential), such as an electronic signature of the request.

Since OpenID is also supported as an authentication protocol, the electronic signature function can also be performed by OpenID.

Last modified 2 years ago Last modified on 12/07/11 01:21:25