Peer to Peer Identity and OpenID

I stumbled upon a blogpost that just should be mentioned. Source: 

OpenID support announcements are everywhere. The Wikipedia is in, Microsoft is in, AOL is in, Digg is in, WordPress is in. OpenID is the best idea in ages but it has a problem. Nobody wants to trust somebody like Microsoft, AOL, Digg or even beloved WordPress to provide their identity. I think that’s why the only people you see promoting their OpenID much are hosting identity providers.

I think it boils down to metaphor. When I first wrote about OpenID I was thinking about identities hosted by a few trusted providers. OpenID grew from a desire to cut down on the number of accounts we each have to remember and that would seem to solve the problem. I mentioned some kind of ICANN like agency to maintain the whole thing and then trailed off. When you think in these terms, that’s the problem with OpenID, who to trust to control it? I haven’t found an acceptable answer.

Now I think the answer is this: Control should be distributed. Identity should be a swarm. Trust should not be a hierarchy. OpenID needs a way to link many identities together in a secure flexible way. The metaphor needs to change to peer to peer. Philosophers figured this out ages ago but lacked the tools to make it happen, however maybe things have changed.

Hierarchy Metaphor (not so good)  

  • A is an identity provider, it alone contains an identity.
  • B and C authenticate off A.
  • A has all the power.
  • No potential for equal power.


    Peer to Peer Metaphor (good)  

  • A, B and C are all identity providers.
  • Any provider can authenticate as much as allowed off any other.
  • Potential for equal power.
  • In the hierarchy model, ‘A’ has all the power/control and there is no way to change the situation. This power is embedded into the system and once established cannot be changed without rebuilding the system. There just isn’t any mechanism to link ‘B’ and ‘C’ without ‘A’.

    In the peer to peer model, ‘A’ might have more power/credibility (for example, if it’s a major university) but the situation is flexible. The power comes from trust not the system itself. If ‘A’ is seen to wither while ‘B’ and ‘C’ grow strong, the system can be adjusted by users to recognize this.

    If I want some anonymity I can always create a new identity someplace and link it to nothing. The question then is who will trust such an identity?

    These identities could be at a university, or an employer, news organization, political party; coffee shop, night club, etc. The metaphor creates so many identities I don’t even bother to know about most of them. That is after all how the humanity works anyway. I have countless identities for famous people that the people themselves know nothing of. The same with dead people.

    The folks at XFN seem to have had this idea for awhile now. Their system works by embedding simple meta data about relationships into HTML to enable links between friends and identity consolation. They have better diagrams than me too.

    XFN seems to be struggling for an implementation in the same way OpenID is struggling to get out from under hierarchy. OpenID is being implemented by big kids who smell power but XFN gets rid of that stench. I think it’s time for the two to dance.

    5 Comments Peer to Peer Identity and OpenID

    1. Avatarjames

      hi bas, could you be a bit clearer over what you mean by ‘big kids who smell power”. Maybe that is a little too strong a way of putting things. I should disclose that robert gaal a friend in NL is helping with openIDEurope and has been thinking up some pretty good stuff regarding OPENID which at first glance does not seem to smell bad at all.

    2. AvatarCrosbie Fitch

      You can have a dynamic hierarchy, one continuously determined through consensus – meritocratically.

      There is a good reason why people create hierarchies. The problem with them is not the fact that they’re hierarchical, but that the structures are prone to ossification (power corrupts – those who no longer merit their positions tend toward Machiavellian contrivance against remedial pressure).

    Leave A Comment

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.