[OpenID] What does "identity" MEAN?

[SitG Admin]

I'm trying to imagine a world without identity, and what my mind 
would do trying to wrap itself around the concept of someone trying 
to sell me the idea of identity. I don't mean lacking the ability to 
distinguish ourselves from other entities as separate individuals, I 
mean the idea of knowing who other people *are*. To relate this to 
OpenID, let's step back a moment from the idea of accounts *at all* - 
think of the internet as just one giant bulletin board, where anyone 
can leave notes anywhere.

I see a note, and it's "signed" "Bob". Of course, the "signature" is 
just part of the note, anyone could forge it; but that doesn't 
matter, until I see *another* note, maybe on the same "section" 
(site) of the board, maybe somewhere else; this, too, is "signed" 
"Bob". Is it the SAME "Bob"? Nobody knows! Certainly, it would be 
very foolish of us to go assuming such things, since everyone has the 
same power to post notes "signed" "Bob". Indeed, the only thing that 
can be assumed from such a "signature" is that it is important 
somehow to the content of the note it was posted with! By trying to 
think that we can infer anything more from this, we only risk 
confusing the issue by misleading ourselves into thinking that "Bob" 
is meaningful outside the context of any one particular note that 
happens to contain it.

When there are no accounts, every note is an entity in its own right, 
just like a person. Each note is also anonymous, since it *cannot* be 
associated with any person, just as persons cannot lay claim to 
notes. We know that *someone* must have posted them, since notes do 
not write themselves or attach themselves to the board, but that is 
all our trust model has. We can appreciate "signatures" as we enjoy a 
particular turn of phrase, for their intrinsic value to a particular 
note, but notes do not share values as such.

For all intents and purposes, a given note *is* its own Identity.

It defines itself, fully. There is no value which can be added, 
nothing meaningful to enhance it with. Looking at that note, we know 
everything about it, everything there is to know. If someone offered 
me such a thing, when I could plainly see that it wasn't possible, I 
would laugh in their face.

But once I understood the idea, once I came to see that it *is* 
possible for a note to exist outside of itself, to be *correlated* 
with the Identity of other notes - THEN a different "identity" would 
come into effect.

We don't need a system for one-use-ONLY claiming of notes ("I wrote 
this.") - we already have that, and it's known as "anonymity". What 
"identity" provides us with is a way of saying "I wrote this, *and* I 
wrote that, too." - it is only in this context, of correlation, that 
concepts like "privacy" become meaningful. It is only when our 
various notes *can* be correlated, that our *control* over this 
process changes anything.

There *are* systems that allow us to exert utter, granular control 
over our privacy. Informing select readers of select notes that the 
author of those notes was also the author of other notes, without any 
of this information being contagious. OpenID can certainly be 
adjusted to do this as well, though with great effort, but why? Can't 
we just leave OpenID *compatible* with those systems, and let OpenID 
focus on its strengths? Human-readable URI's, for one: users may 
*like* having an immutable identifier that is, itself, *meaningful* 
to them in some way. On the level of security DNS offers, this is 
intolerable to many people; but I suggest that such people be 
cautious whenever speaking with friends over the telephone, since it 
is possible to imitate voices as well! My point is that, on the level 
OpenID operates at, there are security considerations which *may 
nonetheless be acceptable* for the benefits it provides, and rather 
than constantly reject each new development as we realize defects, 
trying to transcend the systems it must interoperate with, we accept 
some imperfections and try to make it secure *for this level* so 
users with less security awareness than us will have some incentive 
to keep moving through the ranks. Taking advantage of the web's 
existing architecture to ease transition to future levels (again, 
compatibility with other systems) in the name of Openness would be 
good, ensuring its longevity by leveraging its usefulness as a 
platform for further authentications.

-Shade