Saturday, 21 Feb 2009Thought this was interesting: "Ownership means that I have something to lose. If you're a banker, it means that you've got collateral. It also means that I'm credible, so you can give me credit. When you think about it, whether it's ownership, whether it's credit, whether it's capital, whether it's identification, none of the things that make a modern economy are possible without property." [emphasis added] Online property might be considered as owning accounts in various online systems. "Having something to lose" means having control over an account that's valuable to you and other people you know (that is, not a throwaway account). Could an identity system be based on this? Someone with control over an account should be able to prove that they are the same person who owns other accounts as well. Once we have that, there are likely to be some systems that tie online identity to offline identity, which can be used to associate other online accounts to an offline identity when that's what you want. The fundamental transaction of proving that two accounts are owned by the same person could be done with OAuth. Note that this isn't a permanent relationship; if one of your accounts is hacked, you should be able to log into all your other accounts and attest that you no longer wish to be associated with the hacked account. When an identity splits in two like this, your friends might not know which identity to trust, but they would know something is up and to be careful. This is distinct from single sign-on; in fact, an identity created this way is more robust if you use an independent method of authentication for each account. In practice, some groups of accounts will probably share an authentication system for ease of use, but using a single auth system for everything is probably a bad idea even if it were possible. Even if you managed to tie most of your accounts to a single OpenID provider, keeping a few accounts separate (like your bank) would be a very good idea. |