[deathanatos]

I feel like I'm missing some background. Yes, there's been much clamor for forcing use of government IDs recently, but I would hardly call any such system "decentralized", given its reliance on government ID — that seems like an inherently centralized system.

Is someone calling these "decentralized"? To me, decentralized ID is OIDC, which is "being developed" it's mostly not catching on at all, in favor of sadly centralized system like "login with [Google|Facebook]".

Is there some weird crypto-blockchain-something-something that I'm not aware of?

[bdd8f1df777b]

In my working context, a "decentralized" government issued (digital) ID refers to an identity whose verification does not require a connection to the government server (e.g. verification is done by public key cryptography). So the government always has to participate in the issuance of that digital ID, but it doesn't know when and where you have used your identity. ISO/IEC 18013-5 is an example of this type.

By contrast, a "centralized" digital ID phones home every time it presents and verifies. I don't know any standards, but most digital identities in China are of this form.

[hedora]

Identification based on a Certificate Authority is fundamentally centralized.

The CA is a single point of failure that can arbitrarily issue or fail to issue an identity certificate.

If you use lots of interchangeable CAs, then it “fails open”, in that any one CA can issue certificates for everyone. That’s still a single point of failure.

If you tie the ID to the Certificate Authority (e.g. gmail offers certs for gmail addresses), each person still is impacted by some single point of failure.

I’d say all these schemes are centralized.

I’d call the things you describe “offline identity verification”, though there is an additional nuance: the scheme could work offline, but still send a log of what happens when it reconnects. With that, the privacy properties are as bad as online schemes.

[rendaw]

"Offline" seems like a better descriptor than "decentralized" in that case.

[bawolff]

I think OIDC is more "federated" than "decentralized"

I have no idea what the bitcoin people mean by decentralized. It sounds like PKI with extra steps. shrug

[Muromec]

Government IDs in general are decentralized in a sense that there is more than one issuing authority. People really love to overbuild capabilities when designing this stuff -- digital signing chain of trust, blockchain, contact-less verification through nfc or qr codes in a phone. Nobody uses that except government itself and most of the time they have the data in their demographic database, then still make a paper copy if ID and make you sign it so pinning you for fraud is an option later.

Everybody else just looks at poorly-photographed jpeg and is like "yes, this dude is named like this". Even banks this days open accounts without ever touching sacred piece of plastic with human hands, let alone scanning it with crypto-mumbo-jumbo.

[mdavidn]

OIDC has very much “caught on” in business contexts. Large organizations end up with hundreds or thousands of independent internal tools, many hosted externally. OIDC and SAML are common protocols for centralizing employee authentication and governance.

[fiddlerwoaroof]

It’s not really “OIDC”, though, because there’s so many options possible that the standard itself is basically useless: you have to implement Google, Microsoft, Okta, etc. separately anyways

[jebby]

OIDC has for sure caught on. I've worked in multiple roles where very smart identity-centric people consider it the best option.