Decentralized Identity
-
@Dashrender said in Decentralized Identity:
the idea of decentralized identity is just a myth? Can you think of any way to do this?
It's not a myth, but it can't be anonymous. For example, Meta and Google can trust each other and decentralize identity by getting identity from each other. No problem.
The thing that makes identity work is that an known identity is trusted and verifies other identities. My Google ID is useful, because everyone knows Google and trusts them (mostly) and so when Google says that I am me, people believe it. They verify me.
You can trust multiple providers. Facebook, Google, Apple, Microsoft are four key examples that people tend to trust. Also Twitter and others. If they create a system to work together, you get trusted and decentralized.
So decentralization is no problem. But also, is it useful?
-
@Dashrender said in Decentralized Identity:
First possible solution would be - web of trust.
i.e. you publish your ID to the ledger - and other people claim that that is in fact you.
once you have a few (insert some number) people who confirm you as you - then others could see you have that given number of verifiers, and choose to accept that as proof of you being you.But why would people trust that system? That's not a security system, it's just a popularity system.
-
@Dashrender said in Decentralized Identity:
Since you make your own identity and publish it to the ledger - why should I believe that?
And why do you trust the ledger? I can go make a ledger AND publish my ID to it. I can also make an ID for you and publish it to it. You can't trust the ID OR the ledger, is the problem.
-
@travisdh1 said in Decentralized Identity:
@Dashrender said in Decentralized Identity:
The first thing that comes to my mind is - why would anyone trust the ledger (as it's called in the OKTA video)? Not to mention there are 80+ ledgers today according to the OKTA video.
Since you make your own identity and publish it to the ledger - why should I believe that?
Public ledgers are the tech behind cryptocurrencies. As to how secure it is, it can be very secure if they're using standard public/private key authentication
They are, but that misses the key point. It's not an anonymous ledger, it's an owner, controlled centralized ledger. The data on it might be decentralized. but the ledger itself is not.
-
@scottalanmiller said in Decentralized Identity:
@Dashrender said in Decentralized Identity:
the idea of decentralized identity is just a myth? Can you think of any way to do this?
It's not a myth, but it can't be anonymous. For example, Meta and Google can trust each other and decentralize identity by getting identity from each other. No problem.
The thing that makes identity work is that an known identity is trusted and verifies other identities. My Google ID is useful, because everyone knows Google and trusts them (mostly) and so when Google says that I am me, people believe it. They verify me.
You can trust multiple providers. Facebook, Google, Apple, Microsoft are four key examples that people tend to trust. Also Twitter and others. If they create a system to work together, you get trusted and decentralized.
So decentralization is no problem. But also, is it useful?
Well if you watch the videos that I posted at the top - I think a key tenant is that you control who sees what.
The problem with Google/Facebook/Apple/MS, etc - is when you use any of their platforms to authenticate - at bare minimum, those entities know you are using that platform - at worse, they know everything you do on that platform.
As put forth by the videos - the generic decentralization relies on 'the ledger' something that doesn't track anything you do - as it only holds your public key and presumably some type of ID - say a name or could just be a unique ID from that ledger.
Most things you do on the internet don't need confirmation from another source somewhere - i.e. they don't really care who you are. for example this website - mangolassi doesn't care who these people are posting here - not really. They do want the same person to be the one posting through a given set of credentials under the auspices of knowledge from that source. obvious exception - vendors posting where less less a single person and more just a company presence.
BUT - in the case of interactions with the police - or the TSA when traveling - you're identity through a ledger or FB/Google/Apple/MS are all useless as the police and TSA don't recognize those entities as valid for proof if ID - but they do through state issued ID.
-
@scottalanmiller said in Decentralized Identity:
@Dashrender said in Decentralized Identity:
Since you make your own identity and publish it to the ledger - why should I believe that?
And why do you trust the ledger? I can go make a ledger AND publish my ID to it. I can also make an ID for you and publish it to it. You can't trust the ID OR the ledger, is the problem.
This was exactly my point from the first post.
-
@scottalanmiller said in Decentralized Identity:
@travisdh1 said in Decentralized Identity:
@Dashrender said in Decentralized Identity:
The first thing that comes to my mind is - why would anyone trust the ledger (as it's called in the OKTA video)? Not to mention there are 80+ ledgers today according to the OKTA video.
Since you make your own identity and publish it to the ledger - why should I believe that?
Public ledgers are the tech behind cryptocurrencies. As to how secure it is, it can be very secure if they're using standard public/private key authentication
They are, but that misses the key point. It's not an anonymous ledger, it's an owner, controlled centralized ledger. The data on it might be decentralized. but the ledger itself is not.
Right - again the videos point out that there are over 80+ companies currently making ledgers... that is anything but decentralized.
-
@scottalanmiller said in Decentralized Identity:
@Dashrender said in Decentralized Identity:
the idea of decentralized identity is just a myth? Can you think of any way to do this?
It's not a myth, but it can't be anonymous. For example, Meta and Google can trust each other and decentralize identity by getting identity from each other. No problem.
The thing that makes identity work is that an known identity is trusted and verifies other identities. My Google ID is useful, because everyone knows Google and trusts them (mostly) and so when Google says that I am me, people believe it. They verify me.
You can trust multiple providers. Facebook, Google, Apple, Microsoft are four key examples that people tend to trust. Also Twitter and others. If they create a system to work together, you get trusted and decentralized.
So decentralization is no problem. But also, is it useful?
I'm not sure how listing these four vendors is an example of decentralization (frankly I don't agree with the videos calling their examples decentralized either).
And is decentralized useful - no, it's really not. because the main thing that everyone is trying to get to is an easy use authentication solution that provides privacy.
But as you mention - this can't be done anonymously if you want it to have real value.There is value in an anonymous system for general things like: mangolassi, fishing website, netflix...
but useless for:
Medical, gov't interactions, banking... -
@Dashrender said in Decentralized Identity:
I'm not sure how listing these four vendors is an example of decentralization (frankly I don't agree with the videos calling their examples decentralized either).
If there is more than one vendor, it is decentralized. That's what decentralized means. That's all it means.
-
@scottalanmiller said in Decentralized Identity:
@Dashrender said in Decentralized Identity:
I'm not sure how listing these four vendors is an example of decentralization (frankly I don't agree with the videos calling their examples decentralized either).
If there is more than one vendor, it is decentralized. That's what decentralized means. That's all it means.
Well then - we already have decentralized identity - and everyone hates what we have today...
It's why so many people jumped on the - log in with Google - log in with Facebook - options.
And those situations exist why? because Google and Facebook make a mint knowing more about YOU - the product.
-
@Dashrender said in Decentralized Identity:
Well then - we already have decentralized identity - and everyone hates what we have today...
That's basically what "customers designing systems" typically looks like. Remember Spiceworks? Everyone always made crazy demands that normally they already had because they didn't understand what they were asking. And they didn't like the results that they demanded.
Decentralized identity is a pretty awful idea. Someone needs to explain to me why they see this as beneficial.
The US is actually mocked worldwide for attempting (and failing obviously and dramatically) at decentralized ID for citizens when all other countries have it centralized and working easily.
-
@Dashrender said in Decentralized Identity:
And those situations exist why? because Google and Facebook make a mint knowing more about YOU - the product.
But twitter, GitHub, Discord, Apple and others don't and exist too. It's an easy thing to provide.
-
@scottalanmiller said in Decentralized Identity:
@Dashrender said in Decentralized Identity:
Well then - we already have decentralized identity - and everyone hates what we have today...
That's basically what "customers designing systems" typically looks like. Remember Spiceworks? Everyone always made crazy demands that normally they already had because they didn't understand what they were asking. And they didn't like the results that they demanded.
Decentralized identity is a pretty awful idea. Someone needs to explain to me why they see this as beneficial.
The US is actually mocked worldwide for attempting (and failing obviously and dramatically) at decentralized ID for citizens when all other countries have it centralized and working easily.
Well - the US in general doesn't trust it's gov't - that's why they don't want a gov't controlled centralized ID.
Of course the gov't could make an ID that doesn't include any type of tracking (but come on - this is post Snowden - we know they'll never go for that) but the gov't won't do that.
China already has this (or mostly does) and they track the hell out of people.
-
@scottalanmiller said in Decentralized Identity:
@Dashrender said in Decentralized Identity:
And those situations exist why? because Google and Facebook make a mint knowing more about YOU - the product.
But twitter, GitHub, Discord, Apple and others don't and exist too. It's an easy thing to provide.
Do those platforms offer centralized authentication? And - is it open to anyone to use? i.e. could ML choose to use Apple's APIs to do authentication?
-
@Dashrender said in Decentralized Identity:
@scottalanmiller said in Decentralized Identity:
@Dashrender said in Decentralized Identity:
And those situations exist why? because Google and Facebook make a mint knowing more about YOU - the product.
But twitter, GitHub, Discord, Apple and others don't and exist too. It's an easy thing to provide.
Do those platforms offer centralized authentication? And - is it open to anyone to use? i.e. could ML choose to use Apple's APIs to do authentication?
Yes, very common. We have hooks for many (not apple I don't think) available but it's a pain to maintain as they are third party and is it really valuable?
Some sites that I use offer Apple for sure. I see it all the time.
-
@scottalanmiller said in Decentralized Identity:
@Dashrender said in Decentralized Identity:
@scottalanmiller said in Decentralized Identity:
@Dashrender said in Decentralized Identity:
And those situations exist why? because Google and Facebook make a mint knowing more about YOU - the product.
But twitter, GitHub, Discord, Apple and others don't and exist too. It's an easy thing to provide.
Do those platforms offer centralized authentication? And - is it open to anyone to use? i.e. could ML choose to use Apple's APIs to do authentication?
Yes, very common. We have hooks for many (not apple I don't think) available but it's a pain to maintain as they are third party and is it really valuable?
Some sites that I use offer Apple for sure. I see it all the time.
Is it valuable? I'd love the ability to use everything off my MS account - so yes, I think so.
But a websites need to support dozens or more "centralized" or as the stupid video puts it - decentralized - authentication providers would definitely be a PITA for them.
