Weblog software to use PKI/PGP?
Bill Humphries wrote:
- Frank Booseman would like blog tools to support walled garden posting. He's inspired when a friend would love to post photos from a party, but not to the whole world. Live Journal, which I've been playing with lately, supports this. It can, because it's a monolithic (on the server-side) application. I created a LJ account, and friends who were already there added me to their 'friends' list, and added them to mine. They post a private entry, and their friends see it, but not others.
- Drupal's a nice system, but it doesn't do what I really want: I'd like a system which does not require the user to set up an account. I'd like to get a token in the request that says "I'm Jane User, and here's my assertation that I'm Jane User", and since Jane User is my friend and her assertation could be verified (though a public directory, or because someone I trust has signed her key), she gains access to the friends and family-only materials on the server without signing in. And, the key piece is that this may be the first time she's been on the site.
- Live Journal can do that because all the journals are part of the application, and I sign on once. Any LJ user can recognize me as their friend, and I get access to their friends-only materials.
- The godsawful piece is the public key infrastructure.
Which reminds me of this blog entry where Paul Bausch describes how he experimented with PGP-signed comments and how he think it would be a good way to verify identities. The talented folks behind MovableType picked up the tread saying that it could possibly be used to build a web-based verification service with a trust web.
As online communities (incl. the weblog community) continue to grow, and as more and more websites become interactive, identity theft might become a big enough problem that we'll want to deal with it. An interesting challenge for 2003?.