While you cite a couple of potentially valid reasons for wanting to "automatically maintain the identities of the Monks," I know of at least a few monks that do not want their "real life" identity connected with their Monk tag. Each case you cite suggests some form of active participation on the part of the Monk you wish to confirm. That's fine and there are several mechanisms available for doing that.

However, if I'm reading your subtext properly, you want to ID Monks without their knowledge and that raises several concerns.

There is a great deal of information already available about our real lives on the Internet. Given that google logs the ChatterBox, there's a risk (however small) that the results of your automated process would eventually appear on standard search engines. As an example, note the first hit on my 'nym. While my actor's instincts are gratified by the top billing, my wife would be less than pleased if there were a connection from that to my RN. (She's been stalked and is very sensitive to public information of her name, address, or other vitals being readily available.)

Similarly, a certain monk maintains an gender-opposite online identity for reasons that have not been made public. There's a risk (however small) that an automated process would compromise this without that individual's knowledge.

I can think of (or know) several other reasons why certain monks have not publicized their real lives in various online communities.

You might believe that this information is useful in the right hands. That's true and it's also why I argue against this so strenuously. Automated processes do not question the validity of a request for information. Only people can determine whether those hands are the right ones or not.

If, for whatever reason, a monk has declined to provide details of their RL, then we should respect that choice.

If you absolutely must have some form of automated identification, I would only support it if a) there was a way to opt-out and b) that was the default. It's not that I don't trust you, per se, but I don't trust every member of our community. Some have demonstrated that they have little professional (or personal) courtesy and I would be extremely leery of any process that did not allow me to prevent those people from accessing more details of my life than I wish to publicize on my home node.

Should I wish, at some point, to provide services to PM, then I will happily submit to whatever verification that vroom deems appropriate. I might even be willing to provide that to people he trusts. However, I will not support any process that unfettered access to my RN, my personal email address, or other details I've chosen to keep private.

Sorry...

--f

However, if I'm reading your subtext properly, you want to ID Monks without their knowledge and that raises several concerns.

Happily, this is the only point I need to respond to. This is not at all what I mean. I would not support, much less suggest, anything which would compromise the privacy of people here... especially mine. ;-)

What I mean is simply this: if each Monk had the option to specify a second, secret password, he could use that password to verify his identity outside the site, without giving up his primary password. That is all. There is no connection with anyone's real identity.

So, for instance, I set up another website, Perlmonks' Bar & Grille. You wish to get in. You supply your normal username, footpad, and your secondary password. My login CGI sends the pair to a CGI on Perlmonks, recieves a "YES" back, and lets you in. Without your needing to divulge your real password, and compromise your PerlMonks account,

It seems that the word "automatic" (and probably some unclarity on my part) gave you a different impression. I meant it in reference to the way authentication is implemented. By having set your secondary password, you now automatically have access to my web site. This scheme has various strengths and shortcomings (as do other schemes) but it is totally voluntary, and not at all injurious to personal privacy.

Sorry if I mislead you.

This seems pretty limited to me. Once a monk has given you their ID and 2nd password, you could effectively imitate them anywhere outside the Monastery. This means that monks would have to be very careful with this second password, making it little more useful than the first for ID purposes.

How about this: A person claims to be Petruchio, and wants an account on my site as such. I simply use the Monastery to /msg a monk of that name with a default password for his/her/its account on my site et voilą. No extra work for anyone, and the ID verification is as good as your primary password here. Even if someone who isn't a monk wanted to do verifications (seems unlikely ;-) they'd merely join the Monastery and they'd have the same ability. This also provides an automatic mechanism for a monk to know that someone is trying to impersonate them elsewhere ("/msg Albannach what the heck is this password for?").

--
I'd like to be able to assign to an luser

/msg cc:petruchio dude, cool idea!

Would result in a /msg to myself, as you suggest, in the form of the feedback provided in the chatterbox nodelet:

you said "dude, cool idea!" to petruchio

Perhaps also including a timestamp (which is already part of the private messages xml ticker):

you said "dude, cool idea!" to petruchio on 3/5 at 4:20pm

Going one step further, to enhance the context, include the text of the message being replied to when using the message inbox's reply-to feature:

you said "dude, cool idea!" to petruchio on 3/5 at 4:20pm in response to "check out 62208 for my nifty CB enhancement"

your pal - epoptai

Update: If you want to reliably associate activity on external sites with a monk's account you might want to try something like jcwren's monktags.

I can't comment on the chatterbox features, as I'm still a user of the plain old web interface.

As to verifying a monk, I think if we forget about zero-knowledge proof, the easiest way to verify a monk would be to talk with that monk about his posts.

Of course this dosen't guarantee that the person you are talking with is indeed the monk on Perlmonks, but at least it will verify to you that this person knows enough about that monks posts to immitate that monk.

Other than that, monks that wish to be verified can simply post their email address on their node or /msg you their email address, and you can swap some PGP stuff then.

In fact, there is no way to verify that I am indeed the person I claim to be, except by visiting the given address and interviewing me about my posts...

Corion: the easiest way to verify a monk would be to talk with that monk about his posts

Of course... if you want to talk to him. Identifying him in that case doesn't require much at all. As I said, if someone wished to provide services for PerlMonks.

Let me give you an example. Say I write a brain-bench type quiz. Or, more interestingly, a timed quiz which requires people to write one-line solutions to problems, and evals the answers for correctness. Of course, you'd want to keep track of scores. Or an auxilliary web site... another person could write what amounted to an extension of the Monastery, and automatically maintain the identities of the Monks. Or a chat channel, or (very likely) any number of things I haven't thought of, but which some clever Monk will. Anything where people want to be able to "be themselves", and maintain their established identities.

In these cases, it is not reasonable to authenticate identity personally, and no mechanism yet exists for doing it automatically. Monks have thus far shown great creativity utilizing the rudiments which the site has provided (the XML tickers, in particular) to extend the functionality of the site. It would be interesting to see what people would come up with, given more such tools. As it happens, by the way, neither of my suggestions is rooted in speculation; I've actually worked on things which would require (or at least be greatly facilitated by) such functionality.

Besides the fact that such things could help alleviate the burden on vroom to add all kinds of features and services by himself.

Give the external server a PerlMonks account. Have people who sign up have to send a private /msg to that account. Seems pretty easy to me.

Reminds me of the *old* howler: "The Iliad was not written by Homer but by someone else with the same name"

How can anyone know that the person you claim to be has actually posted the nodes that appear under what you claim to be your name?
...errm sort of...

At some point we have to take things on trust. After all the important thing is the information being shared, rather than the name. And no-one can imitate information content... either it's there or it isn't.

For the record, I have not once been asked for proof that I am indeed tilly. YMMV.

No one questions a 'bots identity, tilly.

--Chris

e-mail jcwren