On 02/07/2013 06:49 AM, Winfried Tilanus wrote:
On 02/07/2013 01:13 AM, Tobias Markmann wrote:
Hi,
This is highly experimental work, so nothing is set on stone yet. We
would like to encourage everyone to send us their suggestions about how
things should or shouldn't be done.
I like the idea, it can really improve user experience. I also like the
idea of using DHT for this. Some thoughts about it:
When searching on identifiers like phone numbers or e-mail addresses,
they have to be reliable, otherwise the risk of identity theft or
nonsense results is too big. Though an hosting node can verify an e-mail
address or even a (mobile) phone number, there is no way guarantee the
hosting node did so correctly. The only identifier that might be
verified, by federation, is the jid. So I think the e-mail addresses or
the phone numbers should not be searchable, except when it is on the
same domain or the server admins trust the other domain in this. When de
domain is not trustend, the jid (and the associated data) can be
verified by federation, so imho it is essential to federate with the
hosting node before presenting any search results.
Being only able to search on jids, is of course, a big loss of
usability. So I would propose to give users the possibility to add (more
or less) some free fields to indicate how they want to be found. That
might contain a name, a nickname, a company, profession, gender, color
of the hair, whatever. Search results on these fields should be
presented as "these users claim to be ...".
Tobias and I actually discussed about this possibility. It would have
been better to use only the information presently available in the
vcards. However, as you adequately put it, the problem is verification
(and verifying that the verification was correct :P).
As I currently see it, you suggestion might be the only way to do it. It
is certainly simpler than other alternatives that have been considered
thus far.
One use case would be to have a pin of sorts (e.g. 352DG24) and if you
are a person who changes its jid from time to time, the pin could be
used as way to always reach that person no matter how much he changes
his jid.
Of course, we could choose to make this non-restricted to jids only.
Other types of information could be found as well.
Providing additional information in a contact might raise privacy
issues. So I suggest to give the users fine grained access-control.
Like: 'this should be available for everyone', in which case the server
may handle the request, or 'only provide this after my permission', in
which case the client must ask the user what information should be send
after receiving a request.
just my 2
Winfried
