Thanks to a link over at the Financial Cryptography blog, I've found an intriguing exposition by Marc Stiegler of petnames. It turns out that the contact lists (Jabber rosters, AIM buddy lists, etc.) in your typical IM system provide a pretty good foundation for petname systems. In particular, petname systems differentiate between three things:
In XMPP, my Jabber ID (email@example.com) is globally unique and close to unforgeable (given server dialback, emerging use of TLS for server-to-server connections, address verification at the server level, etc.). My nickname (stpeter) is memorable and global (or would be if I published it explicitly) but it is not globally unique. A person's petname for me (I call it a "handle") is how they have tagged me in their roster via the 'name' attribute (see RFC 3921) -- maybe they call me "Patron Saint of Jabber", "psa", or "Peter SA", "that guy who annoys me so much", or whatever they like. So we have all the elements for a petname system here. There are only a few things we need in order to strengthen the system:
Define some best practices for nicknames and make them more prominent in XMPP. For example, JEP-0077 enables you to specify your nickname when you register an account, but not many implementations use that, nor is it easy to advertise your nickname (e.g., via presence or pubsub).
Encourage Jabber clients to clearly and visually distinguish JIDs, nicknames, and handles. This would make it easier for humans to know if a JID is being spoofed (unlikely) and to differentiate between similar JIDs. (Note: a petname need not be textual -- it could be an avatar, a photographic image, etc.)
The benefits would be a naming system that is simultaneously global, secure, and memorable. We're pretty close to that already, but we need a few more bits to put us over the top.
Peter Saint-Andre > Journal