idea for creating user identities

dominictarr commented 11 years ago

All users have identities on many popular, centralized online platforms. With many of these services, it's possible to log into other services with a primary service.

PGP has a totally different approach, you have to actually meet, and then verify someone's identity and then you can sign their key. Did I mention that not many people use PGP.

However, really, in the online world it's these centralized services that are the arbiters of identity.

so: here is how you could bootstrap decentralized identity of these centralized services:

Sign a claim that you are a given identity, and then upload it to a place where only that centralized identity can access. like https://github.com/USERNAME/pubkey if you do not have control over the URL (like on twitter, you don't know the id for a tweet until twitter decides) then you'll have to create another object that points to url for the claim and sign it too.

Then other users can automatically check your identity via the URL and sign it if they verified it.

alexindigo commented 11 years ago

I'll try to start from the beginning :)

I was thinking about decentralized user identities for quite some time and yet to come up with something that would satisfy me. I'm not sure that such thing even exists. :)

Basically, I'm stuck between privacy and security being on collision course.

On one hand I'd like to have decentralized system, pretty much word by word the way you described it. On other hand, my level of understanding doesn't give me answer on how to implement secure handshake between parties over public network, since flying over to other side of the planet to give piece of paper with you pubic key to the other party is not much fun. And with assumption that any connection goes thru hostile environment, ssh-style fingerprint approval is not very "scaleable" solution.

So I'd like to hear you elaborating on this topic since looks like you were thinking about it for some time.

Like in your example if github goes down or complies to some weird regulation all our identities would be screwed.

PS. And I have parallel thought-train for this as well, I didn't give it much attention yet – it's feels to radical. But it sounds pretty much like following: Maybe "certified" identities are obsolete idea and there is no need trying to make it work with open/distributed systems. Like if I found good node module I don't really care who is it's author, but rather what's inside and that it passes all the tests. :) Sounds nice until my girlfriend receives weird message that claims being from me that I didn't write. :)

dominictarr commented 11 years ago

Aha, yes. You are asking the right questions.

Right, so I think it's necessary to discuss "what is identity anyway?" this is a philosophical problem. I am I the same person I was 2 years ago? or 10 years ago? If all the cells in my body are replaced? (http://www.nytimes.com/2005/08/02/science/02cell.html?pagewanted=all)

There is no hard answers to these questions, so we just have a pick a "soft" answer that we like.

Identity is just a mental model have, we give people names, and build mental models of their personalities, and build up relationships where we have dealt with them before, so we have certain expectations on how they will react, etc.

In this model, you are your friends friend. You only have a name so that other people can communicate with you. I have friends and family who have known me for more than 10 years, and are still calling me "Dominic".

So this might be the softest possible model of identity, but I think we can implement something on top of pub keys that maps to this fairly well.

The question is what is the right key for the right personality?

Note, that if you took a pubkey as identity at facevalue, it would be a model of identity that was basically "I am the possessor of my cell phone". Or, if you take someone's google, github, twitter, facebook profile to represent their identity, then it's "I am the person who know's github.com/dominictarr's password"

But, anyone could sign up to other services as dominictarr if they wanted. But, my friends can look at what I say on twitter and what I push to github and see that there are certain themes running through it. In other words, the content that I create is an expression of my personality.

So, you could associate this identity-as-creator with a pub key, by uploading a message signed by that key (a certificate) to a place only that content-creator can access.

But then, there needs to be a judgement call by people who are familiar with my work (my friends) that it's really "me". So, their computer would check that the certificate is valid, but then the user would check that the content is really the work of that person. That user would then vouch for me by signing the public key too, which would be like saying "I believe that twitter.com/dominictarr and github.com/dominictarr and PUBKEY" are all representing the same person.

Now, after a few people have done this, the vouches are more important than the certificates, so you can rely on that when twitter is down.

Also, even if you don't know a person directly, if you know someone who knows some one who knows some one, then you can traverse those relations, and you have covered a very large number of people. Also, although it would be possible to generate many fake users, and have them vouch for each other, it would be detectable, because no real people would have vouched for them.

This is very similar to how PGP works, except it's not tied to government issued ids or physical meetings.

I recommend this paper:

http://folk.uio.no/josang/papers/Jos1999-NDSS.pdf

EDIT: fixed url