|
|
|
|
|
|
by bdd8f1df777b
783 days ago
|
|
|
In my working context, a "decentralized" government issued (digital) ID refers to an identity whose verification does not require a connection to the government server (e.g. verification is done by public key cryptography). So the government always has to participate in the issuance of that digital ID, but it doesn't know when and where you have used your identity. ISO/IEC 18013-5 is an example of this type. By contrast, a "centralized" digital ID phones home every time it presents and verifies. I don't know any standards, but most digital identities in China are of this form. |
|
|
The CA is a single point of failure that can arbitrarily issue or fail to issue an identity certificate.
If you use lots of interchangeable CAs, then it “fails open”, in that any one CA can issue certificates for everyone. That’s still a single point of failure.
If you tie the ID to the Certificate Authority (e.g. gmail offers certs for gmail addresses), each person still is impacted by some single point of failure.
I’d say all these schemes are centralized.
I’d call the things you describe “offline identity verification”, though there is an additional nuance: the scheme could work offline, but still send a log of what happens when it reconnects. With that, the privacy properties are as bad as online schemes.