Let's look at two sample FindMeOn badges in detail…
<embed src="http://synstat.findmeon.com/670d2d3837cad116ca4aba0c24a1c441/v1/badge.swf" type="application/x-shockwave-flash" width="180" height="150" FlashVars="fmo=670d2d3837cad116ca4aba0c24a1c441"></embed>
<embed src="http://synstat.findmeon.com/c8454dc53d20c71e09192244ca7bee96/v1/interactive.swf" type="application/x-shockwave-flash" width="180" height="150" FlashVars="fmo=c8454dc53d20c71e09192244ca7bee96"></embed>
As you can see, the only difference between the two is the part that reads: 'com/STUFF/v1' and 'fmo=STUFF' .
The 'STUFF' is just a unique ID that FindMeOn.com randomly assigned to your item for our own tracking, and to give you per-identity broadcast control. Each item under your account is completely different from all the others.
FindMeOn.com doesn't make you use our badges with the unique IDs -- you're more than welcome to use our service to create just the open standard portion. The open standard and unique IDs are completely independent of one another.
The unique FindMeOn.com IDs just exist to let us manage your items remotely , syndicate text and links for you on a per-id basis -- and to create multiple id repositories that are isolated from one another other. We wanted to use the signature value, but there was the slightest most improbable (yet legitimate) chance of two things having the same value, so we decided against it.
<span class="findmeon"> <span class="Spec" title="http://findmeon.org/spec/0_09"/> <span class="SignedInfo" title="resource;http://findmeon.com|type;url|subtype;business|attributes;|timestamp;2006-08-22 03:42:51" /> <span class="Signature"> <span class="SignatureValue" title="CObsDW/5V10MfqQyLCNG0gQCBJ8tv93/pxnremok65qX+EX4zCwdOxnG3rBsT5zMtRfSHW/dEpB8 dCuRQ/3swZGhsASxk48AriB7+WsB2F7w7JTSMFJ0Qs8WoHVlS8g5A9tDU51DbrE+O62XCIrQTqcg Ly1funv/qdCwG8QYOvA="/> <span class="KeyInfo" title="-----BEGIN RSA PUBLIC KEY----- MIGJAoGBALsdpp1Uux5EBTUc0HISggUhwpYAM9IEhZs4kkfnBSzm8u2HEit2lAXk X0YU2D8jiH5dI3ZsOCle0GRLpKalaysmVpuAi07CvwkTr94c3z84P4sFYWiGztW2 iVQyfh2YjQLvRHtdBWujeXXvaR46oAKQnpsTYdFpq6QhSMrhF6gnAgMBAAE= -----END RSA PUBLIC KEY-----"/> </span> <a class="SeeAlso" href="http://findmeon.com/findmeon/670d2d3837cad116ca4aba0c24a1c441" rel="repository me"/> </span>
<span class="findmeon"> <span class="Spec" title="http://findmeon.org/spec/0_09"/> <span class="SignedInfo" title="resource;http://roadsound.com|type;url|subtype;business|attributes;|timestamp;2006-08-22 03:42:58" /> <span class="Signature"> <span class="SignatureValue" title="AdknAUvlJfoopvwLid7bqdmUlBFRR7KhAiVIJHIZ//7Xf10NZl2slY0JSlvrD2PwOF8wx3R/vT4M GsfF/7gEl488EBYBJhR/5dMFVwqv82zloYzTYxTEDN8eAHCdtYB+QrNVVreCMG5M/SekJCAxxQZS n1LUwnNCOfkjWXpEj5Y="/> </span> <a class="SeeAlso" href="http://findmeon.com/findmeon/c8454dc53d20c71e09192244ca7bee96" rel="repository me"/> </span>
There are a few important things you should notice about this bit of html:
If you're not very computer literate, you might think that those two badges couldn't possibly be linked to one another. Neither one lists the other, and the only similar part- the key - is optional.
If you think that, you would be right and wrong. While the badges aren't linked to one another explicitly -- they're implicitly tied to a single public/private cryptographic key pairing.
The 'SignatureValue' on each badge is digital signature of the 'Signed Info' using the private key associated with the public key. The public key, and only the public key, can verify the signature created by the signed text.
The 'SeeAlso' part lists FindMeOn.com, and a unique page for that URL, as a repository -- that means that other items signed with the same key can be found there. If you want , you could list any URL you want as a repository-- or just link any 2 urls with one another by putting them each in a SeeAlso ( without listing them as a repository -- unless, of course, they are acting as one ).
SeeAlso just helps people who read your tags link sites together-- and it completely optional. Using FindMeOn.com, you get a virtual repository per-id, and can continually change what IDs see what, without updating any web pages.
If you don't want anyone to be able to link two sites together, then omit the SeeAlso tag, or use FindMeOn.com and create a private repository. Then you can share your public key and a list of sites you want verified only with the people you want to know about them.
If thats not secure, open, or privacy minded enough for you, we'd be really interesting in knowing what your requisites are.
If you'd like to see an example of code that shows how you can verify keys yourself, just click here for a Perl example.
