|
This is a solved problem, but nobody realizes it yet. We already have a decentralized system of unique identities, and we have since the '80s. It's called the domain name system. They're human-readable, they have strong guarantees about being able to own and control them (so long as you pay a nominal fee), and they have a rock-solid infrastructure behind them that backs everything from Google to the US government to your friend's blog. We even have a (somewhat less convincing) way of verifying that the server you're talking to really is the one that your DNS record points to. What still needs work is getting from an identity system, which tells you which server to look at for a given name, to a system of authentication for specific tasks. Given that someone controls a given domain name, how can they use that to log in to a service or post messages that are verifiably theirs? If you're willing to run a server for it, OpenID works. If you only want to send email, DKIM has you covered. The w3c's decentralized identity specs are really cool, and I think did:web [1] has the potential to bring us to a world where you can buy a domain, cname it to some host, and upload your public keys there so that you can sign anything and login anywhere. Making this easy for non-technical users will be important, but I think it can be done. The fact that ICANN policy requires companies to allow you to migrate your domain guarantees that you can sign up with some fancy startup that will manage everything for you and keep your identity if you want to move somewhere else. [1] https://w3c-ccg.github.io/did-method-web/ |
* For identity by way of DNS, such as via domain name, see: https://indieweb.org/personal-domain
* For logging into systems by authentication based on controlled domain name, see: https://indieweb.org/Web_Authentication
There are many other related topics on indieweb.org and other related websites. What we need more of includes systems that make implementing such methods and protocols super easy.