WEBVTT

00:00.000 --> 00:18.760
I will ask for your help because I have some plans and I need more knowledge and it's a very

00:18.760 --> 00:21.520
big, very big project which I'm trying to do.

00:21.520 --> 00:27.280
I will go to a little bit about the size project and the DNS stuff is only a small part

00:27.280 --> 00:28.280
of it.

00:28.280 --> 00:32.440
Now let's first start a little bit about the project.

00:32.440 --> 00:38.360
So I try to do this project with fundings and I start off as an announcement project

00:38.360 --> 00:42.920
as so many projects here, but there's not much more which is sponsored by the EU and one

00:42.920 --> 00:50.280
of the project is the open web search and our web search is also 8 million money from

00:50.280 --> 00:55.760
the EU and they try to do something with search engines in Europe combining the results

00:55.760 --> 01:03.040
of calling, reusing it for different projects for different research, building language

01:03.040 --> 01:09.360
models and so on and you may not have noticed, but on this whole conference there's

01:09.360 --> 01:14.600
no single talk about search engines so apparently you don't think it's important.

01:14.600 --> 01:20.600
So I will try a little bit about this open search web search, a bit about my project

01:20.600 --> 01:26.920
in there and then where I can use your help.

01:26.920 --> 01:35.000
So the open web search is funded by mainly German universities and German research institutes

01:35.000 --> 01:42.360
and so that's how they try to grow web data and do all kinds of nice things with the web data

01:42.440 --> 01:52.840
and not try to detect a profanity speech, try to do many different things and it's a really

01:52.840 --> 02:05.640
serious project and one of the related associations or the foundations or is the open open web search

02:05.640 --> 02:11.160
and you have to open search foundation and it's open search foundation tries to make

02:11.240 --> 02:18.120
Europe ready for search, our own search, what is different, Francis privacy, Francis ethics,

02:18.120 --> 02:23.800
we have to think about that and it's really difficult with new laws, there's no correspondence

02:23.800 --> 02:29.160
about how to tweet certain cases and so on, things that we usually see on Google, it's not

02:29.160 --> 02:35.080
allowed here, so there are many groups and it's very interesting conferences as well and there's

02:35.080 --> 02:39.880
a tech group and they make an index that's currently only 14 terabytes if you compare to

02:39.880 --> 02:47.160
their Americans, they do that after two months, a new crawl and this is just for the results

02:47.160 --> 02:55.800
of the past two years but it's getting somewhere. So what's my my thing? Well one thing is I think

02:55.800 --> 03:03.960
a really really vacation, you have all these projects and the projects they collect information

03:04.120 --> 03:11.400
which may be a privacy sensitive or which should only be presented to the website owners,

03:12.280 --> 03:19.000
you don't want to be able, Francis, to do a take-down of a website when it's not your own website

03:20.200 --> 03:25.400
with the competitors website and so you need proof of ownership, you need proofs of email

03:25.400 --> 03:31.560
addresses and so on and if everything is owned by Google it's easy then Google can make an interface

03:31.640 --> 03:35.640
to you for all kinds of features they have. I don't know whether you know this exists in

03:35.640 --> 03:40.920
some Google search console, you can prove once that you own the website and then you can all

03:40.920 --> 03:45.720
kinds of information what Google has collected about your website and you can see what takes down

03:45.720 --> 03:51.240
what is indexed and so on but if you have a very fragmented group like us where you have different

03:51.240 --> 03:57.240
universities doing this you also would like to have a kind of central interface to this.

03:58.200 --> 04:06.040
So this is a major competitive advantage, look in by Google, look in by Microsoft and then

04:06.040 --> 04:11.480
where are we as open source communities. So this is the basic idea you have these these

04:11.480 --> 04:18.040
groups within this open web search and they all do things and they have to for legal reasons

04:18.040 --> 04:24.440
and all kinds of age and direction rights and so on they need some common interface because it's

04:24.440 --> 04:31.720
far to complex to have everyone implementing the themselves. One of the things that's really

04:31.720 --> 04:40.280
needed of them is website ownership proof or domain ownership proof and I don't know if you

04:40.280 --> 04:45.320
are aware you're the DNS group but there is an attempt to make a kind of standardized proof

04:46.120 --> 04:52.520
or system how to prove that you own a website but my problem is not that there's no standard for

04:52.600 --> 04:59.240
this things but it's gets unmanious but when everyone is going to ask for you to prove it their way

04:59.960 --> 05:04.360
when you have to deliver the proof everywhere and over and over again and now an email proof is

05:04.360 --> 05:10.360
pretty easy if you have to register somewhere and you have to just confirm that you you read the

05:10.360 --> 05:16.920
image address not just one single click but the DNS proof is much more work now you have to go

05:16.920 --> 05:23.400
often even to the DNS maintainer of your company to get our record added and so on so the

05:23.400 --> 05:30.440
issue my the thing I want to solve is not the technical side not the delivery of the proof

05:31.000 --> 05:34.600
but the sharing of the proof so that you don't have to do it over and over again.

05:35.720 --> 05:42.200
There are lots of projects like this key of sites where you can tell you how to collect the

05:42.200 --> 05:48.600
proofs and how to use the proof but only technical people can do it. It's a lot of work so to do it

05:49.240 --> 05:55.000
so that's the issue. Now you have a key clock click clock tells you how within your company

05:55.000 --> 06:04.680
your user base how you cut to all kinds of other applications. What's going to this in the first place

06:04.680 --> 06:11.080
it's already a lot of work so I try to if I look at my own home situation I have for wiki and I have

06:11.640 --> 06:18.120
hundreds and hundreds of registrations to get into all these proof systems you know to get into

06:18.120 --> 06:25.480
key clock for a work cut into this and this so I try to go and that's side so and I haven't found

06:25.480 --> 06:32.040
any project which is trying to to solve that in a user case for many backends and there are many

06:32.040 --> 06:40.440
European reasons especially to try to implement this. Besides this open web search it's also usable

06:40.520 --> 06:48.120
for things like blacklist. When I once register my domain as being mine I would like to be

06:48.120 --> 06:56.840
to hear from blacklisters back to me that I'm blacklisted and not that I have to wait until

06:56.840 --> 07:01.960
someone warns me that you don't receive email anymore for me what's happened to a lot. So there are

07:01.960 --> 07:08.440
a lot of places where outside the search engines we could also use this. So Google environment you

07:08.440 --> 07:20.440
have to Google search console and what I built is something called open console open and what

07:20.440 --> 07:25.400
it is is well you will see a lot of things which match somewhere is something with wallets and

07:25.400 --> 07:30.440
something with proofs and so on but there's no homogeneous solution on that level on the user

07:30.440 --> 07:37.240
level. There's only solutions in the technical level. It's also from the start on I was really

07:37.240 --> 07:42.440
worried about the size so I built everything for real big size. I will not tell much about it but

07:43.160 --> 07:47.960
it's clusters of databases and clusters of servers and so on which I implemented already.

07:49.480 --> 07:54.120
Where to on this on because yeah you never hope that you project a successful but when it's

07:54.120 --> 08:02.680
gets there then you may get a users and that's a pain. So what do you need if you want

08:02.680 --> 08:07.880
to single front ends things like login system it's nice emails I try to do it nice have an

08:07.880 --> 08:14.680
account okay I skip through this a little bit fast because I have a little time then there are two

08:14.680 --> 08:20.760
users modes so once you're in this open console you can run front ends to many other applications

08:20.760 --> 08:26.200
which can share the data about you and here you see all kinds of things you own what you have

08:26.280 --> 08:31.640
collected so the email address is websites and so on and then you see the applications but are

08:31.640 --> 08:37.480
two ways the applications which want to present something to you can be say bear it's a frame where

08:37.480 --> 08:44.040
you can they they don't need to make anything around it so integrate display or a login button

08:44.040 --> 08:52.680
like login via Google but then login via open console so you little bit how this is Google search

08:52.680 --> 08:59.960
console here you see all kinds of data sets and your your personal information is hidden here

08:59.960 --> 09:05.560
here you see your personal information in open console and which kind of data sets and you can search

09:05.560 --> 09:12.440
between. So what's my biggest problem I actually in the whole system I think that we are far too

09:12.440 --> 09:18.600
primitive in working with logins and with the stations you know there are so many nowadays and

09:19.240 --> 09:25.800
you lack a lot of data all the time let's give a picture so what the problem is I am

09:27.800 --> 09:33.400
yeah if you have one application it's simple you register once but then you have organizations with

09:33.400 --> 09:39.800
multiple applications so you can use the kick-luck or something like that to hide all these applications

09:39.800 --> 09:46.360
behind one registration or what you see more and more you have Google third party and then

09:46.440 --> 09:50.120
there you have the registration and they give some of your information to the applications

09:51.800 --> 09:57.320
what are also the applications they require more information than in the past they all wants to have

09:57.320 --> 10:05.960
you to to agree with the terms and conditions so do we implement it every time again do I have to

10:05.960 --> 10:13.320
click I agree every time again and do we trust this bad enough I mean the companies will use

10:13.800 --> 10:18.600
Google to log in give also the data back of your use of that website back to Google

10:20.520 --> 10:29.960
so what we do it trust this is a P2XS your P and login for universities mainly and all these ways you

10:29.960 --> 10:37.240
can log into this system none of them is for normal people yeah there's nothing nothing generic

10:37.240 --> 10:45.880
nothing is really open source in all the ways you look in why why do we miss that so my

10:45.880 --> 10:52.280
my problem is that's the current ways how we work with data collection and proofing ourselves

10:52.280 --> 10:58.760
they lack things about I want to do more about my own collection how I work in groups

10:59.080 --> 11:07.640
I want to be more farmer more transparent and I need more facts I want to pull this

11:07.640 --> 11:13.880
on a high level so if you share more of this information we make out yeah that's a bit I got

11:13.880 --> 11:22.200
less fewer minutes okay so my activities are very diverse so in my at home I have a

11:22.200 --> 11:27.080
weeky and I've pages for my different activities with different strategies for all those activities

11:27.080 --> 11:34.200
but I would like to have a tool which I can do that yeah I want to be able to share

11:34.200 --> 11:41.480
registrations with the colleagues in an easy way I want to be able to manage which kind of facts

11:41.480 --> 11:46.920
I tell to different parties if I move that I don't have to change it in every registration I

11:47.080 --> 11:52.280
have that my address has changed but that I can say okay for this activity I moved with another

11:52.280 --> 12:00.440
activity I didn't move and that it will automatically update yeah and I need some extra things

12:00.440 --> 12:05.160
what everyone uses all the time around that situation and everyone has to reimplement all the time

12:06.040 --> 12:12.280
so in this case we are mainly speaking about managing because we are speaking out DNS managing

12:12.680 --> 12:18.600
you say oh yeah we have no already a solution there's open ID but Google also using

12:19.800 --> 12:26.520
if you look in via Google it gives you a name and a subject and a given name and maybe your picture

12:26.520 --> 12:36.360
and a website so a few things that's open ID yeah but what I want is I think we need much more

12:36.920 --> 12:44.200
which is not only personal information but also be able to share all kinds of other proofs we

12:44.200 --> 12:52.360
have collected so the whole login scheme this is at a log of the projects but you have some

12:52.360 --> 12:57.560
things you want to add here with groups of your company and personal data selective being

12:58.440 --> 13:07.000
what you tell them okay so your personality you can make a kind of identity different things

13:07.000 --> 13:12.840
you are doing and configure your role your name you want to use formal name and this identity

13:12.840 --> 13:17.400
something this is not really unique a lot of things are not unique but I don't know

13:17.400 --> 13:24.680
integrated solutions for it then with your identities you can make a group so your colleagues

13:25.080 --> 13:32.040
and then your identity is in a group and you can select for what's group you use which identity

13:32.680 --> 13:36.680
and the identity are also things like what's language am I using in this group

13:38.920 --> 13:49.720
then on the other side you can collect proofs and this is for instance proof as you have

13:49.720 --> 13:58.520
an email address and you can move these proofs between your identities and the group and the

13:58.520 --> 14:06.280
groups you have so just by dragging you can say okay this proof email proof is now shared by my company

14:07.400 --> 14:15.240
and when you have a contract with a certain surface with your company then that email address

14:15.240 --> 14:23.640
proof is shared by all your colleagues who are in that group at what so let me show you a little bit

14:23.640 --> 14:31.640
and then we come to the DNS story about proof so they're the whole way of organizing your

14:31.640 --> 14:38.040
relations from the user perspective to things what's happened on internet it starts with

14:38.040 --> 14:45.800
having an account and this this guy has a website which is called OLED it's in the the open

14:45.800 --> 14:52.760
map search index and then he wants to have a login button which is login for your open console

14:53.320 --> 14:59.240
just like login for your Google but then a little bit extra he started groups as always colleagues

14:59.240 --> 15:06.920
were together maintaining that website and then he can define a surface he describes what kind of

15:06.920 --> 15:14.280
surface he's offering and looks like that is so what how this is the visibility and what's

15:14.280 --> 15:21.240
the endpoint various my surface contact the email and I guarantee that these are all proof and you

15:21.240 --> 15:26.760
can only configure things which you have proof from this group I own this website and then you can

15:26.760 --> 15:43.560
make a link to that website yeah okay and then you may recognize oh out to validation so you

15:43.560 --> 15:51.960
have a secret surface identify and a secret you set yourself then in the in the surface you define

15:51.960 --> 15:58.760
you say what kind of information you want to have from the user to be able to use it and you can

15:58.760 --> 16:06.440
explain why you want to have but you and then what kind of extra data you want to have what kind of

16:06.440 --> 16:13.160
proof you want to have submitted as well on the hand other hand if you are a user if you want to

16:13.160 --> 16:19.000
use the surface then yeah you create account again yeah identity and with one of the identity

16:19.000 --> 16:26.280
you make a contract the contract is and I want to use that surface and the first time that you

16:26.280 --> 16:35.400
going to use it is you get to see exactly what the provider is of the surface what he wants to

16:35.400 --> 16:41.400
do what kind of information he wants to have from you it's still a list that so he wants to really

16:41.480 --> 16:49.960
have your full name and maybe your nickname and a time zone if you have it so then you have the

16:49.960 --> 16:57.640
contract but there's no data exchange yet and here you get the typical or out process or a

16:57.640 --> 17:05.960
two process on the moment that someone is pushing the I want to log in button you get to back to the

17:05.960 --> 17:13.080
open console that is the trusted to our party like Google but then open source do you have a

17:13.080 --> 17:19.240
valid contract so do we once had a contact already with the surfaces if not then you you have to go

17:19.240 --> 17:25.240
through the process for the first time that you want to use it and see what is required and then you

17:25.240 --> 17:31.080
have to fill in the data and also the first time you have to really look what kind of data it is

17:31.720 --> 17:38.600
and then later the second time you go to the same surface you can stop the process but it's mainly

17:38.600 --> 17:44.360
automatic so it looks more complex but actually for the use experience it will be one or two clicks

17:45.000 --> 17:50.680
but it is very open so in the contract of in the comply in the last phase when you start to use it

17:50.680 --> 17:56.520
you can select from all the information you have added what you want to pass on which name

17:56.520 --> 18:02.760
which time zone which email address and so on yeah and that should make it much easier to

18:02.760 --> 18:10.200
administer all the contacts you have on internet and all the proofs so it's not only the the

18:10.200 --> 18:15.800
name but it's passed on but it's also the proof that you own websites and the port and so on

18:17.160 --> 18:24.040
so that's actually the process and this is not Neo this is about to what the dynamics so

18:24.520 --> 18:30.760
administration around to this Neo so instead of the open ID passing on information the information is

18:30.760 --> 18:39.960
far more detailed and can contain far more features okay the proof proof is looks very simple but

18:39.960 --> 18:49.320
proof is not really simple because yeah proofing is special therefore time I will skip this

18:50.920 --> 18:57.400
so even yeah for to have a correct website answered by a normal person it's already difficult

18:57.400 --> 19:02.440
right at least 60 different ways that the answering of a website address can be wrong

19:03.320 --> 19:12.200
if you have an end that's validated then you can prove that you own a website

19:13.720 --> 19:21.640
and I implemented different ways but for the different ways about how you can prove it

19:23.800 --> 19:28.520
let me see how this is about the website you're working and we'll skip this

19:29.480 --> 19:36.840
there are so many complications with websites that's seen more interesting things you may have

19:36.840 --> 19:43.560
encountered them yourself for proofing that you own a website friends and so you want to have it you

19:43.560 --> 19:51.960
can prove via DNS so add a record to it to your DNS and then if you start the proof then

19:52.680 --> 19:57.080
you can collect it that way so that means that you have contact to the owner of the domain

19:57.080 --> 20:01.960
and the owner of the domain wants to to work with you but not everyone can do this this

20:01.960 --> 20:09.800
procedure so there's an alternative procedure you can add this to HTML you add a block of text and

20:09.800 --> 20:18.920
here again is this challenge what you what you need to add yeah or you can add a file to the

20:18.920 --> 20:26.200
well known directory and then that way you can prove what you want to so they are offered multiple ways

20:26.200 --> 20:31.880
to create a proof but they are not all the same that's one of the things which I

20:31.880 --> 20:37.480
worries me the most about all kinds of identification systems people say oh this is in 100

20:37.480 --> 20:43.400
percent sure proof but that's often not case you know only if you the government is telling

20:44.120 --> 20:49.160
validating your identity then it might be 100 percent proof but there's always something wrong

20:49.160 --> 20:55.240
DNS seconds not used and so on so you can have multiple proofs and the proofs have so far score

20:55.240 --> 21:02.760
the better proofs and worse proofs and now it gets a bit tricky what is a better proof out of these

21:03.480 --> 21:11.960
free it's an HTML at an HTML a better proof for it's adding a line to DNS now actually if

21:14.200 --> 21:26.520
so yeah this whole idea of this this RFC that you want to have this that you are able to prove

21:26.520 --> 21:33.960
that you own a DNS that you own a DNS record or access to DNS it only tells you the technical

21:33.960 --> 21:40.280
stuff but it does not show you the organizational stuff it does not say what's better what can we

21:40.280 --> 21:49.400
do how how twist-worthy is it how twist so I need to help in this case there are so many ways to prove

21:50.280 --> 21:57.080
things to prove that you own a domain name or to prove that you own a website but what's better how

21:57.080 --> 22:05.800
can we get a good bias out of it and what kind of techniques do you have so this for domains which

22:05.800 --> 22:11.720
is still to be implemented but it seems very simple I have at least one example how to do it

22:12.600 --> 22:23.000
but the the more horrible thing is how do I do it for networks network owner proof I heard a

22:23.000 --> 22:29.960
nice story about PGR so one of the previous talks but how can you add some somewhere something

22:29.960 --> 22:37.800
in DNS or so that you can can prove that that you own a network and maybe you are a subowner

22:37.800 --> 22:46.760
of something so how to do it well we have but you say ripe database but you usually do not get

22:46.760 --> 22:51.560
access to those kinds of data it must become from the other way around people must voluntarily

22:51.560 --> 23:00.120
be able to add it in so if you have ideas if you want to know more about it then please email me

23:00.120 --> 23:08.280
and then I will try to I really open for suggestions