[OpenID] What does "identity" MEAN?

Dick Hardt dick.hardt at gmail.com
Tue Sep 16 22:07:07 UTC 2008 

Shade

Being able to mark different notes as being mine is one of the  
possible uses of OpenID. My OpenID identifier could also (but does not  
have to) contain a list of all the notes that I have created, so  
someone can see what I have done with that identifier.

This functionality would significantly reduce spam and be a foundation  
for building reputation online.

You talk about other systems that can track who created which note.  
What are they? I'd like to get one of them widely deployed!

-- Dick

On 16-Sep-08, at 2:55 PM, SitG Admin wrote:

> I'm trying to imagine a world without identity, and what my mind
> would do trying to wrap itself around the concept of someone trying
> to sell me the idea of identity. I don't mean lacking the ability to
> distinguish ourselves from other entities as separate individuals, I
> mean the idea of knowing who other people *are*. To relate this to
> OpenID, let's step back a moment from the idea of accounts *at all* -
> think of the internet as just one giant bulletin board, where anyone
> can leave notes anywhere.
>
> I see a note, and it's "signed" "Bob". Of course, the "signature" is
> just part of the note, anyone could forge it; but that doesn't
> matter, until I see *another* note, maybe on the same "section"
> (site) of the board, maybe somewhere else; this, too, is "signed"
> "Bob". Is it the SAME "Bob"? Nobody knows! Certainly, it would be
> very foolish of us to go assuming such things, since everyone has the
> same power to post notes "signed" "Bob". Indeed, the only thing that
> can be assumed from such a "signature" is that it is important
> somehow to the content of the note it was posted with! By trying to
> think that we can infer anything more from this, we only risk
> confusing the issue by misleading ourselves into thinking that "Bob"
> is meaningful outside the context of any one particular note that
> happens to contain it.
>
> When there are no accounts, every note is an entity in its own right,
> just like a person. Each note is also anonymous, since it *cannot* be
> associated with any person, just as persons cannot lay claim to
> notes. We know that *someone* must have posted them, since notes do
> not write themselves or attach themselves to the board, but that is
> all our trust model has. We can appreciate "signatures" as we enjoy a
> particular turn of phrase, for their intrinsic value to a particular
> note, but notes do not share values as such.
>
> For all intents and purposes, a given note *is* its own Identity.
>
> It defines itself, fully. There is no value which can be added,
> nothing meaningful to enhance it with. Looking at that note, we know
> everything about it, everything there is to know. If someone offered
> me such a thing, when I could plainly see that it wasn't possible, I
> would laugh in their face.
>
> But once I understood the idea, once I came to see that it *is*
> possible for a note to exist outside of itself, to be *correlated*
> with the Identity of other notes - THEN a different "identity" would
> come into effect.
>
> We don't need a system for one-use-ONLY claiming of notes ("I wrote
> this.") - we already have that, and it's known as "anonymity". What
> "identity" provides us with is a way of saying "I wrote this, *and* I
> wrote that, too." - it is only in this context, of correlation, that
> concepts like "privacy" become meaningful. It is only when our
> various notes *can* be correlated, that our *control* over this
> process changes anything.
>
> There *are* systems that allow us to exert utter, granular control
> over our privacy. Informing select readers of select notes that the
> author of those notes was also the author of other notes, without any
> of this information being contagious. OpenID can certainly be
> adjusted to do this as well, though with great effort, but why? Can't
> we just leave OpenID *compatible* with those systems, and let OpenID
> focus on its strengths? Human-readable URI's, for one: users may
> *like* having an immutable identifier that is, itself, *meaningful*
> to them in some way. On the level of security DNS offers, this is
> intolerable to many people; but I suggest that such people be
> cautious whenever speaking with friends over the telephone, since it
> is possible to imitate voices as well! My point is that, on the level
> OpenID operates at, there are security considerations which *may
> nonetheless be acceptable* for the benefits it provides, and rather
> than constantly reject each new development as we realize defects,
> trying to transcend the systems it must interoperate with, we accept
> some imperfections and try to make it secure *for this level* so
> users with less security awareness than us will have some incentive
> to keep moving through the ranks. Taking advantage of the web's
> existing architecture to ease transition to future levels (again,
> compatibility with other systems) in the name of Openness would be
> good, ensuring its longevity by leveraging its usefulness as a
> platform for further authentications.
>
> -Shade
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

More information about the general mailing list