Thoughts on identity
I was just thinking a little about my concept of Distributed Virtual Personal Data Storage (DVPDS) and the issue of personal identity. Currently, online "digital" identity is typically accomplished with a valid email address, an "id", a password, and a display name. Sure, that works for many applications, but it has limitations. In particular, there is no way to determine whether the display name is "correct" and there is no way to determine if the display name matches the real person it names. For DVPDS to be truly robust, identity must be robust. Granted, there may be valid reasons for hiding the true identity of an online user, but ultimately there is a need to prevent identity theft as well as valid law enforcement and court access.
I see personal identity as having several components:
- Natural identity. Who you really are. At a philosophical level "how God knows you", or how other people know you.
- Legal identity. How government knows you.
- Your full legal name. Your literal name, but even that may not be unique.
- Your common name. What you might typially use as your display name. May use a nickname, leave out middle name and suffixes, etc.
- Other real identification. Including social security number, drivers license, address.
- Online identification. Including user name or id, password, email address, etc.
It is perfectly reasonable to have aliases or multiple online identities, but some applications may require access to a robust personal identity as well, or maybe a link to a robust personal identity even if the user chooses to deny the application access to the details.
In addition to personal identity, organizations, including businesses, can have their own identity, an organization identity.
And, individuals can have roles within organizations. Multiple people can have the same role within a single organization. An individual can have multiple roles within a single organization. An individual can have roles in multiple organizations.
We need methods for role identity which link individuals, organizations, and their roles. Role identity must be robust. There need to be validation processes for role identity.
The point of all of this is that a Distributed Virtual Personal Data Storage solution needs to identify who controls and has access to data and it needs to be very robust and resistent to identity theft.