That's the problem with groups like this. Are we really going to get back to the point where we can just type in our own identity providers? Stackexchange was the last big site that I used which still had OpenID support and it had less than 1% usage:
Seems like the biggest problem with OpenID is they had a marketing push, multiple sites (like google, yahoo, and facebook) bragged about it. The problem is large companies could grab about providing OpenID, while not allowing logins from any other OpenID provider. So you needed an OpenID account/login per provider... which is useless.
That's a really interesting mix of partner companies: blockchain, healthcare, banking, IT consultants, payments, Microsoft, telecoms, enterprise identity providers. Basically everyone except Google and Facebook, who are competing for web identity supremacy and far ahead of everyone else (and Amazon, who could do the same with their number of users).
I worked with some of the people involved in this back when I was on the OASIS XDI TC, before my then employer 'suggested' I leave working on standards and focus on BD. The DID people I know are smart and passionate, with a lot of domain experience. I hope that this gains wide adoption.
Key problem for them to solve is not data, it's legitimacy.
The use cases for digital identity were things like getting speeding tickets, fines, taxation, collections, and other social management uses. Basically the stuff that nobody wants unless they want other people to be subject to it.
It meant that digital identity must be imposed, and so the customers for it needed to be in the position to do so. There are lots of systems, markets and communities that work just fine without registered identities, and arguably the only thing that doesn't work with collateralized social identities is subjugation.
The goal seems to be to create something with enough value that it will be worth federating to, but the legal and political factors in governing that federation will be on the order of complexity of creating another agency the size of something like the ITU.
Hernando De Soto wrote a book called "The Mystery of Capital" and in it he points out that the ability to enforce laws and contracts depends on the ability to apply consequences to the people correctly identified who break them. For example, an electric utility can't provide power to a community if it can't identify and shut off power to the people who can't or won't pay their bills. De Soto points out that e.g. having a recognized official title to your own home not only enables the landowners economically, it also gives them something to lose so that the government has leverage to enforce laws and contracts.
I heard him speak once, and he spoke about titles for land in shanty towns as a potential solution to some poverty as well.
Identity tech marketing people go on about it extends franchise to people for public services, and solves the problem of the "unbanked," which should return results in greater social equity. There is a large social justice aspect to it, where people engaged in distributing benefits need to know who to give them to.
Of course, the criticism of this is that is what borders are for, where citizens are presumably equal within them, and detailed identity attributes for benefits and equity is a recipe for facilitating totalitarian urges. This gets very political very quickly.
Identity is an ancient problem. Like old testament ancient problem where even back then numbering people allegedly gets you plagues. (presumably because when you get lots of people together and living longer, that's what happens)
Digital identity tech is a fascinating, difficult problem that is a proxy for governance in general. Vendors would prefer not to freight their products with that, but it's really the ur-problem.
I agree with you. Look at China's social credit system. (Does it solve anything or does it just push the equilibrium to a more intense "energy level", when a black market crops up for fake social identities, etc.?)
I think that advancing technological capabilities will eventually make it impossible to participate in "the system" (National, Global, whatever) without being subject to a pervasive surveillance (which is already happening.) So we will be forced into some sort of totalitarian system whether we like it or not by our own technology. So to me it seems like the real question is what kind of totalist system should be build?
To be sure we are confronting these questions already (cf. the Ashley Madison data breach and how it stirred up, uh, conversation around extramarital affairs.)
I think this is a great problem statement. The dynamic at play is that wallets/identities should be free to make, and expensive to lose. That is, the activity your identity participates in, is what gives it weight. So there will be incentive to sign public objects as well as to collaborate via encryption. An identity that has a history of interactions with other identities is harder to forge. One branch of fraud prevention will be based on detecting compromised identities.
I think a web-of-trust like model, if the friction is low enough, can build an informal identity system that doesn't need to be imposed from above. Some old thoughts on the idea: https://www.wired.com/2014/07/document-coin/
The identity discussed elsewhere in the thread seems to be personal identity (the kind you use for deeds and titles.) I'm mostly referring to digital identity (the kind where you manage more than one social media persona and switch between identities contextually.) Where personal identity and digital identity meet, maybe it's helpful to disambiguate which kind of identity we are talking about. Otherwise discussions can be complicated by overlapping use of the word "identity".
Speaking form european perspective - and expanding on carapace's excellent post, this is a small concern. Speeding tickets are a particularly good example.
My country's and neighboring country's driver and car registration & insurance systems aren't harmonized, and the police and judiciary are separate. Technically if I were to drive at excessive speed in the foreign country and get caught by automated speed trap, I would be able to return to my home country without any problems as the ticket is issued only after some processing. Since the foreign police doesn't have jurisdiction abroad, I could possibly live happily ever after, having committed this one misdemeanor. This of course would be unjust, but the damage is limited to one case.
However there would still be the outstanding ticket in the foreign country, so upon a subsequent visit there they would insist and enforce me paying the ticket, or otherwise undergoing relevant legal proceedings. Which is to say, being able to create new identities is not a problem, as long as there's traceable property or rights - or even just my own physical presence (my body) - connected to the old identity, that police and judiciary can act upon.
To wrap it up - no single digital identity needs to be imposed; merely certain connections between my digital identities and my assets, my ownership & similar rights (and perhaps corporeal presence) would need to be registered with the state.
Which, curiously enough, is exactly what our current system requires an yway: we register with the state, or hold state-issued titles to, our major possessions like real estate or car or intellectual property rights or other such.
Side note, we as a civilization have found out that anonymous, fungible titles unconnected to identity (i.e., "currency" and other anonymous financial assets) are a good idea in the longer run, in spite of various shady acts that are enabled by the anonymity.
Just to reply about the speeding ticket (so that no one will try it :-)) - these tickets are now exchanged between EU countries based on mutual agreements. So I can definitely get a ticket by mail for driving in Austria, even though I am registered in Slovakia.
I like decentralized identity though I feel like it either needs a killer app that uses it or a better value proposition. As it stands, I don’t see non-technical people jumping to it unless they have a technical friend telling them too. I hope someone can tell me I’m missing something.
I think this will be part of a much larger social movement--the distribution of trust across networks as an incremental improvement over the gateway/database/single-point-of-failure model we've organized ourselves around right now.
If all of these decentralized identity companies truly want an open and self-sovereign system, the big question is: are they willing to shutdown their operations once that is achieved?
Or are they all attempting to monetize identity with various business models that are against the stated goal?
Identity should be owned by the individual, and the universal decentralized/distributed identity protocol should be owned by the commons. Any for-profit business model for identity (90% of the member companies) will inevitably seek to silo and exploit data to achieve monopoly and extract economic rents.
20 comments
[ 3.3 ms ] story [ 58.6 ms ] threadhttps://penguindreams.org/blog/the-decline-of-openid/
Is that even an option at github?
1: https://github.com/decentralized-identity/decentralized-iden...
The use cases for digital identity were things like getting speeding tickets, fines, taxation, collections, and other social management uses. Basically the stuff that nobody wants unless they want other people to be subject to it.
It meant that digital identity must be imposed, and so the customers for it needed to be in the position to do so. There are lots of systems, markets and communities that work just fine without registered identities, and arguably the only thing that doesn't work with collateralized social identities is subjugation.
The goal seems to be to create something with enough value that it will be worth federating to, but the legal and political factors in governing that federation will be on the order of complexity of creating another agency the size of something like the ITU.
Identity tech marketing people go on about it extends franchise to people for public services, and solves the problem of the "unbanked," which should return results in greater social equity. There is a large social justice aspect to it, where people engaged in distributing benefits need to know who to give them to.
Of course, the criticism of this is that is what borders are for, where citizens are presumably equal within them, and detailed identity attributes for benefits and equity is a recipe for facilitating totalitarian urges. This gets very political very quickly.
Identity is an ancient problem. Like old testament ancient problem where even back then numbering people allegedly gets you plagues. (presumably because when you get lots of people together and living longer, that's what happens)
Digital identity tech is a fascinating, difficult problem that is a proxy for governance in general. Vendors would prefer not to freight their products with that, but it's really the ur-problem.
I think that advancing technological capabilities will eventually make it impossible to participate in "the system" (National, Global, whatever) without being subject to a pervasive surveillance (which is already happening.) So we will be forced into some sort of totalitarian system whether we like it or not by our own technology. So to me it seems like the real question is what kind of totalist system should be build?
To be sure we are confronting these questions already (cf. the Ashley Madison data breach and how it stirred up, uh, conversation around extramarital affairs.)
I think a web-of-trust like model, if the friction is low enough, can build an informal identity system that doesn't need to be imposed from above. Some old thoughts on the idea: https://www.wired.com/2014/07/document-coin/
My country's and neighboring country's driver and car registration & insurance systems aren't harmonized, and the police and judiciary are separate. Technically if I were to drive at excessive speed in the foreign country and get caught by automated speed trap, I would be able to return to my home country without any problems as the ticket is issued only after some processing. Since the foreign police doesn't have jurisdiction abroad, I could possibly live happily ever after, having committed this one misdemeanor. This of course would be unjust, but the damage is limited to one case.
However there would still be the outstanding ticket in the foreign country, so upon a subsequent visit there they would insist and enforce me paying the ticket, or otherwise undergoing relevant legal proceedings. Which is to say, being able to create new identities is not a problem, as long as there's traceable property or rights - or even just my own physical presence (my body) - connected to the old identity, that police and judiciary can act upon.
To wrap it up - no single digital identity needs to be imposed; merely certain connections between my digital identities and my assets, my ownership & similar rights (and perhaps corporeal presence) would need to be registered with the state.
Which, curiously enough, is exactly what our current system requires an yway: we register with the state, or hold state-issued titles to, our major possessions like real estate or car or intellectual property rights or other such.
Side note, we as a civilization have found out that anonymous, fungible titles unconnected to identity (i.e., "currency" and other anonymous financial assets) are a good idea in the longer run, in spite of various shady acts that are enabled by the anonymity.
I presented a little bit about this (how decentralized identity & decentralized apps intersect) here: https://decentralizedsummit.com/agenda/duane-johnson/
Or are they all attempting to monetize identity with various business models that are against the stated goal?
Identity should be owned by the individual, and the universal decentralized/distributed identity protocol should be owned by the commons. Any for-profit business model for identity (90% of the member companies) will inevitably seek to silo and exploit data to achieve monopoly and extract economic rents.