2.2 KiB
Identity
Centralized identities are tied to a single service. Decentralized identity . Identity needs to be communicable across interoperable systems. Ideally, a user's identity would be detached from any particular service, allowing them to authenticate and migrate seamlessly across services.
Purpose of Identity
We will call entities with identities "actors", because non-human entities such as companies, organizations, and bots may have identities on a social network.
Identity allows an actor to:
- control an account and access private data
- communicate with another actor
- establish visible reputation and credibility
Desirable qualities for decentralized identities:
- Interoperable or portable between services
- Unique, global, and memorable
Decentralized Identity
OAuth is currently the most successful identity standard. OAuth was created to securely transfer user credentials from one site to another. OAuth identity providers became centralized because users could not run or choose their own identity providers.
Federated identity:
- XMPP
- Diaspora: User identities in Diaspora are tied to their pod, and cannot be migrated. Diaspora uses the Webfinger protocol to discover users from other pods. User information is returned via hCard, an open microformat standard for identity.
- Webfinger
P2p identity:
P2p systems key management, key verification, key backup. Account recovery.
Blockchain identity
Namecoin Handshake
Decentralized Identifiers (DIDs)
DIDs are a new type of globally unique identifier that do not require a centralized registration authority, and can serve as a decentralized public key infrastructure. DIDs are a W3C standard.
The format of a DID is: a scheme identifier, followed by the DID method, followed by a method-specific identifier. A simple example: did:example:123456789abcdefghi
Reputation, Trust
Social graph proof
- Handshake problem and collusion protection (see IRIS)
Fail cases
Account recovery. Sybils