Loading ...
Sorry, an error occurred while loading the content.

7161Re: [decentralization] Decentralized Identity

Expand Messages
  • Lucas Gonze
    May 9, 2014
      Personally I don't think personas are important enough to hold authentication improvements. The security and usability improvements that will flow from getting rid of passwords is the first order of business.

      On Fri, May 9, 2014 at 11:08 AM, Vincent vly3@... [decentralization] <decentralization@yahoogroups.com> wrote:

      Personas can be used in communities where the ability to ostracize is not important.  If you want to have a community where members are vetted to be worthy of a certain level of trust, where being a "member in good standing" has substantial meaning, then the ability to ostracize is essential.  Ostracism has very little power if an ostracized person can just create another persona.

      If you want to have a community where members agree to abide by certain rules, standards or protocols of behavior, then there have to be significant consequences to violation of those rules or standards of behavior, up to and including ostracism.  Some people will refuse to abide by common standards and the society needs a way to ostracize these people.

      Common Law evolved as a decentralized, non-violent method of dispute resolution and ostracism.  If someone were accused of harming somebody else in the community, the harmed person could file a claim, which would be decided by an arbiter.  If the offender refused by abide by a judgement against them, they were considered an outlaw.  An outlaw had decided to be outside the law, therefore would not be protected by the law either.  Anyone could do anything to an outlaw, and the outlaw could not file a claim in the court system.  In practice, outlaws had to leave town.  This system evolved in the absence of a state, with no police to enforce judgement.  It was only after common law had evolved that the British state co-opted common law, and re-issued the already evolved rules of common law as state legislation.

      The state is a centralized system that enforces rules using coercion.  Common law was originally a decentralized system that did not use coercion.

      What I proposed here with this blockchain identity and dispute resolution system is a simple way to recreate Common Law on the Internet.  It does not require any state involvement or coercion. It would enable the creation of communities where any member in good standing can be trusted to abide by the standards of that community.  It is a decentralized trust mechanism that doesn't require examining a bunch of trust links to decide whether the person can be trusted.  If a person has a deposit on the block chain with no outstanding claims against it, then that's enough to trust them.  That makes the trust mechanism user friendly.  Most people don't want to think about multiple complex trust factors, they just want a binary yes/no answer as to whether a person can be trusted.

      That's what you need for an App Store.  If an App Store developer has an identity on the block chain and a deposit with no claims against it, then you could trust his app not to be malware.  This also has far more important applications than just App Stores.

      - Vincent Youngs

      On May 9, 2014, at 9:37 AM, "Johannes Ernst jernst@... [decentralization]" <decentralization@yahoogroups.com> wrote:


      I've spent (too) many years in the last 10 around this set of problems (first LID, then OpenID, then Yadis and a bunch of other stuff), and with this background, let me just say that your set of requirements is not unusual, but also only one point of view. For example, you essentially prohibit personas, which many people -- myself included -- consider extremely important.

      On May 9, 2014, at 9:18, Vincent vly3@... [decentralization] <decentralization@yahoogroups.com> wrote:

      That is absolutely correct that we do need a decentralized identity system that is a lot more user friendly and robust than the PGP web of trust.  It should use identities based on biometrics, not on state issued ID.  It should store each person's biometrics in a decentralized database that enables automated searching for duplicates, so that people with similar biometrics will get flagged for closer manual inspection.  It should require a monetary deposit to establish an ID, which would then be paid as a reward to anyone who catches a person with 2 IDs in the database.  The reward would serve as the incentive for people to do manual inspection of the flagged close matches.

      The deposit could be put into a blockchain, like Bitcoin, but we need a new type of blockchain with a lot more capabilities than Bitcoin.  The blockchain would also be the means of dispute resolution.  Bitcoin has the ability to do escrow using multi-signature transactions, but that type of escrow requires specifying in advance who will be the arbiter of the dispute.  We need an ability to put a deposit in the block chain without specifying who will be the arbiter.  Then, a dispute claim could be filed into the block chain which would freeze that deposit, and require that the disputing parties agree on an arbiter.  It would require a protocol of dispute resolution, where the steps of the protocol get filed into the blockchain.

      In order to be a member of the community of that block chain, a person would have a deposit certifying that they only have one identity.  If somebody finds a duplicate identity, they would file a dispute.  The person accused of having two identities would have to agree on an arbiter to decide whether the other identity was his or not.  An investigation would proceed, maybe requiring the two people with similar biometrics to prove their location at the same time.  If they can demonstrate themselves to be in two different locations at the same time, then they are two different people.  If the two people cannot or will not provide such a demonstration, the arbiter can decide against them, give the reward to the claim filer, and the block chain would ostracize the offender with two identities.

      - Vincent Youngs

      On May 8, 2014, at 8:30 PM, Johannes Ernst <jernst@...> wrote:


      On May 8, 2014, at 19:12, Vincent <vly3@...> wrote:

      We need a way to decentralize trust and accountability, which includes dispute resolution and the ability to file claims for monetary damages caused by malware, and the ability for authors to file claims against pirates who copy their apps in violation of the license.  We need a dispute resolution system that works outside of the courts, a low cost system that is decentralized and works on the Internet.
      Hear, hear! Absolutely.

      And to make this possible, we first need a robust decentralized identity system. I'll help create one, by bringing all the arrows in my back :-)



    • Show all 26 messages in this topic