[OpenID] What does "identity" MEAN?

Tue Sep 16 22:24:53 UTC 2008

Flopped to date.

Centralization was an issue.

Non-trivial for normal people to use was another.

-- Dick

On 16-Sep-08, at 3:21 PM, Peter Williams wrote:

> Wasn't claimid supposed to have solved this?
>
> Did it ipo or flop, or what?
>
> -----Original Message-----
> From: Dick Hardt <dick.hardt at gmail.com>
> Sent: Tuesday, September 16, 2008 3:07 PM
> To: SitG Admin <sysadmin at shadowsinthegarden.com>
> Cc: general at openid.net <general at openid.net>
> Subject: Re: [OpenID] What does "identity" MEAN?
>
>
> Shade
>
> Being able to mark different notes as being mine is one of the
> possible uses of OpenID. My OpenID identifier could also (but does not
> have to) contain a list of all the notes that I have created, so
> someone can see what I have done with that identifier.
>
> This functionality would significantly reduce spam and be a foundation
> for building reputation online.
>
> You talk about other systems that can track who created which note.
> What are they? I'd like to get one of them widely deployed!
>
> -- Dick
>
> On 16-Sep-08, at 2:55 PM, SitG Admin wrote:
>
>> I'm trying to imagine a world without identity, and what my mind
>> would do trying to wrap itself around the concept of someone trying
>> to sell me the idea of identity. I don't mean lacking the ability to
>> distinguish ourselves from other entities as separate individuals, I
>> mean the idea of knowing who other people *are*. To relate this to
>> OpenID, let's step back a moment from the idea of accounts *at all* -
>> think of the internet as just one giant bulletin board, where anyone
>> can leave notes anywhere.
>>
>> I see a note, and it's "signed" "Bob". Of course, the "signature" is
>> just part of the note, anyone could forge it; but that doesn't
>> matter, until I see *another* note, maybe on the same "section"
>> (site) of the board, maybe somewhere else; this, too, is "signed"
>> "Bob". Is it the SAME "Bob"? Nobody knows! Certainly, it would be
>> very foolish of us to go assuming such things, since everyone has the
>> same power to post notes "signed" "Bob". Indeed, the only thing that
>> can be assumed from such a "signature" is that it is important
>> somehow to the content of the note it was posted with! By trying to
>> think that we can infer anything more from this, we only risk
>> confusing the issue by misleading ourselves into thinking that "Bob"
>> is meaningful outside the context of any one particular note that
>> happens to contain it.
>>
>> When there are no accounts, every note is an entity in its own right,
>> just like a person. Each note is also anonymous, since it *cannot* be
>> associated with any person, just as persons cannot lay claim to
>> notes. We know that *someone* must have posted them, since notes do
>> not write themselves or attach themselves to the board, but that is
>> all our trust model has. We can appreciate "signatures" as we enjoy a
>> particular turn of phrase, for their intrinsic value to a particular
>> note, but notes do not share values as such.
>>
>> For all intents and purposes, a given note *is* its own Identity.
>>
>> It defines itself, fully. There is no value which can be added,
>> nothing meaningful to enhance it with. Looking at that note, we know
>> everything about it, everything there is to know. If someone offered
>> me such a thing, when I could plainly see that it wasn't possible, I
>> would laugh in their face.
>>
>> But once I understood the idea, once I came to see that it *is*
>> possible for a note to exist outside of itself, to be *correlated*
>> with the Identity of other notes - THEN a different "identity" would
>> come into effect.
>>
>> We don't need a system for one-use-ONLY claiming of notes ("I wrote
>> this.") - we already have that, and it's known as "anonymity". What
>> "identity" provides us with is a way of saying "I wrote this, *and* I
>> wrote that, too." - it is only in this context, of correlation, that
>> concepts like "privacy" become meaningful. It is only when our
>> various notes *can* be correlated, that our *control* over this
>> process changes anything.
>>
>> There *are* systems that allow us to exert utter, granular control
>> over our privacy. Informing select readers of select notes that the
>> author of those notes was also the author of other notes, without any
>> of this information being contagious. OpenID can certainly be
>> adjusted to do this as well, though with great effort, but why? Can't
>> we just leave OpenID *compatible* with those systems, and let OpenID
>> focus on its strengths? Human-readable URI's, for one: users may
>> *like* having an immutable identifier that is, itself, *meaningful*
>> to them in some way. On the level of security DNS offers, this is
>> intolerable to many people; but I suggest that such people be
>> cautious whenever speaking with friends over the telephone, since it
>> is possible to imitate voices as well! My point is that, on the level
>> OpenID operates at, there are security considerations which *may
>> nonetheless be acceptable* for the benefits it provides, and rather
>> than constantly reject each new development as we realize defects,
>> trying to transcend the systems it must interoperate with, we accept
>> some imperfections and try to make it secure *for this level* so
>> users with less security awareness than us will have some incentive
>> to keep moving through the ranks. Taking advantage of the web's
>> existing architecture to ease transition to future levels (again,
>> compatibility with other systems) in the name of Openness would be
>> good, ensuring its longevity by leveraging its usefulness as a
>> platform for further authentications.
>>
>> -Shade
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general