Tour




FindMeOn and the findmeon Open Standard Explained

We designed FindMeOn to be the last verified identity system you'll ever need, or want, to use.

With FindMeOn, you will never have to copy-paste a unique code onto your website or profile to prove that you own it to a tracking/identity service again. Even better… FindMeOn.com offers Plug&Play badges that let your site visitors quickly and easily flip between your different accounts. Our mission is to give you the best cross-site internet experience imaginable: you won't use FindMeOn to share photos with friends, or leave comments -- instead you'll use FindMeOn to enhance your experience on websites where you social network already, and introduce social networking elements to websites that don't support them yet.

We leverage the online friendships you've made already - and the ones you will make in the future - against each other. We show you the true social network that is around you -- the one made up of real people, not just users of a specific service. Our vision is to help you and your friends jump seamlessly across networks, taking full advantage of what the internet has to offer.

Best of all -- our features are entirely network independent. We don't require networks to participate with FindMeOn ( though we have an API + Network Services program designed to compliment their systems ) -- everything cross-site on FindMeOn happens within a widget. And in case you were wondering: all of our offerings are modular-- use what you want, ignore what you don't.

The findmeon Open Standard -- the Core of FindMeOn.com

At the center of the enhanced social networking that FindMeOn.com provides is the findmeon open standard. In GeekSpeak: The findmeon standard is an XHTML Strict compliant node structure that combines elements of digital signature cryptography with some commonplace identity assertion semantics. Together they create a distributed and secure identity system that is fully open-- allowing anyone you want to verify your identity without ever copy-pasting a code onto your webpage again.

We use the findmeon nodes as 'anchors' to map your accounts on networks against each other, letting us derive your relationship to other people on each network. You continue using your existing networks as-is -- except you now get added information from the findmeon badges.

A walk-through of the system
1) Timmy creates a FindMeOn badge for his Blog
  • Aside from some useful FindMeOn.com cross-site content, this badge contains a specially formatted bit of text -- that includes the URL, the date, and some information about Timmy's relation to the URL.
  • The special bits of text the badge is Digitally Signed with Timmy's private cryptographic key-- which means that Timmy's public key - and only Timmy's public key - can be used to verify the signature.
  • This relationship between the two keys works the other way too-- Timmy's private key - and only Timmy's private key - can be used to create badges that are verified by Timmy's public key.
2) Timmy creates a second FindMeOn badge for his Photo Service
  • The FindMeOn badge on Timmy's Photo account is just like the one on his Blog-- except that its for a different URL. It's also digitally signed with the same cryptographic key-- which means that both sites are linked to one another through Timmy's key.
  • FindMeOn.com uses the badge as an 'anchor', associating Timmy's greater identity -- which is tied to his cryptographic keys -- to his identity on a website or social network.
  • Since the two sites are linked together through Timmy's cryptographic key pairing -- and not Timmy himself -- the sites don't need to know about each other , or even Timmy.

Now if Timmy wanted to, he could use the findmeon Open Standard to publish his public key and link any two web identities directly together.

Instead, Timmy decides to be pro-active about his privacy.

Timmy decides to do two important things:

  1. Timmy 'shields' his public key from the public-- he doesn't publish it for all the world to see.
  2. Timmy also uses some services that FindMeOn.com offers
    • Timmy links them to unique pages on his FindMeOn.com account. The pages are unique to each link, and let Timmy centrally manage which of his identities are linked/visible to one another -- changing them whenever he wants.
    • Timmy has FindMeOn.com manage his public/private key pairing. Whenever Timmy needs to create a new node or sign something with a key, he can just use FindMeOn.com to do it, without struggling with open source programs.

3) Timmy signs up with a new web service that wants him to prove that he owns his blog.

Under all the existing systems, Timmy has to place a special bit of text on his blog that the service generates specifically for him. The rationale behind that, is that Timmy - and only Timmy - can put that text on his blog. It's a great system in terms of getting the job done -- but when every new service you use wants to verify you like that, it gets to be annoying.

Using FindMeOn, Timmy can prove he owns his blog to the new service - or anyone else - without ever touching his blog again. Here's how:

  • Ideally, the new service gives Timmy a profile page. Timmy creates a FindMeOn badge for that page (signed with his private key), and shares his Public Key with the service. The service then uses that public key to verify both the signature on Timmy's profile page, and any web identities that Timmy claims he owns. Any two (or more) items verified with the same public key were signed with the same private key-- meaning Timmy has verified that he owns all those identities by completing a single challenge.
  • If the service doesn't give Timmy a profile page , they can just give Timmy a unique bit of text for him to sign with his private key. The service then uses Timmy's public key to verify that bit of text , and any web identities Timmy claims.

4) Timmy imports his contacts from a social network profile

Once Timmy imports his contacts from a social network, he expands his circle of friends. FindMeOn can keep track of what goes on in his friend's websites - and can use them as waypoints in mapping out his relation to people across networks.

5) Timmy leverages his online identies on each account against one another.

Timmy places an interactive badge from FindMeOn.com onto his profile. The badge gives his visitors a chance to check out his other sites-- and if Timmmy places a FindMeOn node on each site, they can be publicly verifed against one another.

Because verification is tied to a digital signature, nobody has to take FindMeOn.com's word that Timmy 'is legit' -- anyone can use free software to verify for themselves that Timmy is connected to any two sites.



The Extended Tour