|
|
|
|
|
|
by lolc
2222 days ago
|
|
|
If governments are singletons, what are individuals? Maybe individuals are other objects? And now the individuals don't need to hold a reference to a government service object if they want to authenticate a message they get from another object. They just ask an identity provider object. But which one? Do individuals have a list of identity provider objects? But what if the sender is using another identity provider object they don't have? Ah! The message could contain a reference to an identity provider. But why should the receiving object trust it? Wouldn't it have to ask a government service whether the identity provider is to be trusted? No silly, we don't want a government reference! It could ask other individual objects whether they trust that identity provider object! Then cache the response? Help me out here, how does reputation work? Seriously though, you're just moving the problem around. Adding complexity. I mean, does an identity provider object still respond to messages when it's entered bankruptcy proceedings? If you're going to use an analogy, find one that informs. |
|
|
The alternative- a single monolithic identity system? No, thanks.
Note- large governmental IT systems underlying programs like Medicare and Medicaid are not operated by government employees, they are operated on a contractual basis by large IT shops. You just don't know who the operator is. That's arguably suboptimal- but a different conversation.
To the specific question- what happens in this model when an identity provider goes into bankruptcy- the same thing that happens when any entity providing critical services goes into bankruptcy.
When a consumer-facing bank fails (for instance), the bank's customers
a) don't lose their money b) don't lose access to banking services
Their accounts are taken over by a comparable entity operating in the same geographical area.
When a critical insurance provider fails, the other entities providing comparable insurance in the operating areas have to take those contracts (even if they are terrible contracts, which they likely are, because they caused the provider to fail).
It doesn't always seem like it, but this kind of market partitioning and supervision is something that in the US both federal and most states do quite well. We should have more of it.
Cheers.