Digital identity is a big opportunity to confuse users — and to lure them into friendly services who ‘take care of’ all this impenetrable stuff. In particular, the term refers to two very different meanings.
1. Etymology offers a good inspiration for thinking about one of them: the same (Latin idem). If I am a user who has never logged in into some server, its ‘cookie’ just tells the server that I am the same one who visited the site before. Nobody knows my name at this time (and not even that I am a dog, as Peter Steiner’s cartoon of July 5th, 1993, said). And this is sufficient for many useful things.
2. Only when it comes to binding this digital handle to some real-world attributes — such as my name that my father registered in the registrar’s office of my birth village — it becomes complicated. A password ties a hash value on a server to some content stored only in my brain. And a ‘public key’ is tied to the ‘private key’ (a very long password) stored on a device that only I own.
The handling of all this is still so confusing that friendly platforms and browsers invented many methods to ease and accelerate it for the users — and patronize us ever more.
So when we want to get rid of the central abusive platforms we must make sure to also get rid of the danger of confusion and new friendly patronizers, to not ‘jump from the frying pan into the fire’.
The technical W3C draft tells me that we are not there yet:
‘Zooko’s Triangle: “human-meaningful, decentralized, secure —- pick any two”.’
Of course, they picked long incomprehensible strings, but
‘mapping human-friendly identifiers to DIDs (…) is out-of-scope for this specification.’
This potential source of new confusion seems yet unsettled.