Bluesky Satellite IndieWeb entry

IndieWeb community entry for the Bluesky Satellite contest.

rel-me links

The IndieWeb is a community that interacts via individual personal web sites, both directly and indirectly through other linked online accounts.

An IndieWeb community member’s primary online identity is their web site, specifically their domain. Ownership of their domain, and serving HTTP on it over TLS with a valid certificate, is considered proof that any content or assertions published on the site come from that person.

An IndieWeb community member connects their web site to their other online accounts with rel-me HTML links (from XFN) that point to them. For example, my home page has rel-me links like these (some real, some examples) to other accounts of mine:

<a rel="me" href="">Twitter</a>
<a rel="me" href="">Mastodon</a>
<a rel="me" href="">Email</a>
<a rel="me pgpkey" href="/pubkey.txt">PGP public key</a>
<a rel="me payment" href="bitcoin:1234567890abcdefghijklmnopqrstuvwx">Bitcoin</a>

A rel-me link asserts that the linked identity or account is owned by the same person. They can prove this assertion by linking back to their web site from the linked account’s profile, ideally also with rel-me. See identity consolidation, distributed verification. As an alternative, they can authenticate as the linked account, described below.


rel-me links allow a form of distributed authentication. When we fetch someone’s home page and read their rel-me links, we get a set of accounts that they’re asserting they own. If someone authenticates with one of those linked accounts via OAuth, or provides a signature that matches a linked public key, or provides a confirmation code sent to a linked email address, they’ve effectively authenticated as the site’s owner.

IndieAuth is one widely used authentication scheme that works this way, along with its predecessor RelMeAuth.


The IndieWeb community has gone far beyond rel-me links to implement a wide variety of social networking features between independent personal web sites, including replies, reposts, likes, emoji reactions, events, RSVPs, and more. These are based on simple, proven building blocks like DNS domains, HTTP and TLS, HTML with microformats 2, and the Webmention protocol. The community has also built bridges that translate these rich interactions to and from proprietary sites like Twitter.


Here are our proposed scores for the contest rubric.


3: Works for many types of accounts, and is implemented.

There are tens of thousands of IndieWeb community participants using these techniques, hundreds of independent, interoperating implementations of the core standards and protocols, dozens of tools and services that add functionality, and dozens more IndieWeb-friendly hosting providers that make it easy for new people to join.

Any URI-addressable resource may be supported as a linked account. There are hundreds of official IANA URI schemes, and many more unofficial ones.


3: Tolerates different errors or input methods. Considers fallbacks, failcases.

IndieAuth is a W3C Working Group Note and is maintained by the community as a Living Standard. It has dozens of active implementations and multiple well-tested fallback and error handling paths.


1: Uses existing work with no further elaboration.

This describes the existing IndieWeb community’s work, which has been developed in the public over the last decade, and builds on many more decades’ worth of evolution of the open web and related building blocks. We believe this is a strength, not a weakness.


2.5: Design supports user agency, resilience. Design has one or two points of centralization that make sense.

The vast majority of this design is decentralized. Interactions happen between individual personal web sites, which enjoy a large, robust ecosystem of hosting providers.

One key exception is DNS. DNS domains are hierarchical, so there is a wide selection of registrars, TLDs, and CAs to choose from, with a range of policies and terms of service. However, identities are determined by pay-level domains, so each TLD operator is a partial point of centralization. Verisign, as the DNS root operator, is another.

In practice, DNS has scaled beyond any newer decentralized system such as ActivityPub, IPFS, or blockchains. True, a single domain is at the mercy of its TLD operator, but documented domain clawbacks are very rare, and the breadth of the remaining ecosystem – registrars, CAs, hosts, protocol implementations – provides fertile ground to keep it decentralized and healthy.

13 thoughts on “Bluesky Satellite IndieWeb entry

  1. To clarify, I don’t hate DNS; the winning solutions were more decentralized than the indieweb ones because their implementations did not require platform level support from sites like twitter.

  2. Oh, fascinating! And apologies for putting words in your mouth. That’s a really interesting point, and obviously not one we guessed. Thank you for the clarification.

  3. No worries — I updated the language on the website to clarify what was meant, in case others were thinking the same thing.

  4. If your identifier is 1) costly to maintain, 2) can lapse due to inability to pay, 3) or can be unilaterally rug-pulled by a corp/gov, it’s not really decentralized. Why should we encourage use of centralized identifiers when we now have uninterdictable decentralized identifiers?

  5. DNS domains are expensive (too expensive for most ppl), if you fail to pay a bill they get yanked, and if you use a provider’s subdomain/path it exposes you to loss of your ID from being ‘canceled’ or the provider going out of biz, That’s not a good foundation for identity, imo.

Leave a Reply

Your email address will not be published. Required fields are marked *