Trust-forum description

Short description of Trust-forum project

A new high-level infrastructure of Internet

Same low-level infrastructure (Web servers, routers, user browsers, http, SSL... whose possible upgrades are here out of subject).
But a new way of using it, combining the advantages of centralization and decentralization for the user's experience.

Approximative assumption. For the sake of simplicity of this description we shall here confuse

"Web server"
= "Web hosting company/organization"
= "Web site, identified by a given domain name"

even if that is of course not a rule : we shall focus on describing "at least one possible way for this all to work", without excluding other ways, up to every organization to offer them for the concern of its own users.

This will take the concrete form of a pack of open-source Web application software, that aims to be installed in any number of Web servers, mainly running on the server side, and that will bring the new experience to their users.
On the user side, all activities of users in the Network will be operated by the ordinary use of an ordinary Web browser.
Thus, users will not need to install any additional software on their computer, but optionally, installing a plug-in (extension ?) in the browser, will help some details to work in a more convenient manner.

We shall call here

"the Network"
= "the list of all those Web servers that have this software pack installed and are recognized as such by others".

This software pack aims to be non-exclusive, i.e. each host is free to install a modified version of that software and integrate it with its own additional applications.
Every server in the Network will have a list of all other servers of the Network with their respective (GPG) public keys.

Potentially, the Network aims to become the whole Web (expecting such software to be finally adopted by all Web servers).

User account and user identities

Nowadays, if a user wants to use 10 independent Web sites in ways that require authentication, he will need to create a different account (thus, 10 accounts) with their respective passwords ; these accounts have no link with each other, i.e. there is no certification that they belong to the same user. This can be seen as an advantage (if a user wants to have another activity anonymously) or a disadvantage (if trust and real identity is needed).

In the Network, user authentication will happen in a quite different way: each user only needs one account in one site of the Network, for all his authenticated Web activities at any other site of the Network.

Moreover, he can benefit anonymity by having several identities (pseudos) contained in the same account.

So, the following things must be clearly distinguished:

User account ≠ User identity ≠ User authenticated session
1 account = several identities (pseudos)

However, we shall make the approximative assumption

1 physical person = 1 account at only 1 server, called that user's "home site"

even if no technical rule will oblige this. Only the context of how all things will work, will result in the fact that, except for risks of breakdown or hacking (for which some procedures will be needed to link together the accounts of the same user at different sites), there will usually be no advantage for a physical person to create more than one account in the Network. Ultimately, the Network will be spread as something like, for example (still this is not a rule but a possible example of how things may work)

4 Billion users = (100,000 sites)*(40,000 accounts per site)
1 account = 1 or a few pseudo(s)
1 site = 50,000-100,000 pseudos

The user board (account's interface)

Now, let us describe how will navigate in the Network.

Sites of the Network maybe browsed by anonymous visitors in read-only mode. But when a user of the Network (with an account there) wants to do something in the Network that requires his authentication, the method will be the following:

First of all, the user must type, in the address bar of his browser, the url of his home site in the Network, where his account is hosted.
So he logs in to his home site, and accesses his board there.
His user account (board) at his home site, will be his starting place that will give him authenticated access to all other sites of the Network.

This account will :

Centrally receive, and display the signals (news) from all his activities in other sites of the Network, no matter the user's chosen identity for the respective activities : titles of new messages (or of discussions that got recent messages or activity, may they be private or public discussions; as well as any other kinds of activities, may they be standard ones (of a kind included in the pack) or from specific services offered by specific sites. Also includes a bookmarks list, which will work just be more possibly authentifying links (as described below) with the only difference that it will not be affected by any update signal received from another site.
Provide user authentication to other sites of the Network. This will take the form of links in the user board, whose first effect is technically to request the home site for an authentication procedure, and (automatically) concludes by redirecting the browser to the other site, opening there an authenticated session where the user's identity is certified by the home site as "pseudo@home" (looking like an email address, except that the email protocol will be no more in use). For the technical details of how this is possible (with several alternative possibilities), see in that page, section "Remote authentication techniques".
For when the user wants to authenticate to another site not yet listed as a link in his board, the board will include (at request) a form that will have the desired effect, looking like an address bar together with the option of choosing the user's pseudo under which to be authenticated to that site.
Also, when browsing any site of the Network in an authenticated way, there can be links "Bookmark this page" that will add this page as a bookmark in the user's account.