Domain

From MgmtWiki
Jump to: navigation, search

Full Title or Meme

For Identity Management a domain is a walled off collection of resources that can be preferentially accessed by members of the domain.

Context

  • The Domain Name System was the first attempt in the digital age to create a set of Identifiers that could be associated within a trusted domain. It was a binding between an alphabetic name and an IP address.
  • The next step was to address individuals at one computer system using the mailto: scheme that is now universal for email address. The address that once identified a user at a computer, now identifies a user at a "domain" of computers.
  • The next step for Identity Management was to create domains that were dedicated to identifying users like tom@hotmail.com. Those users felt like they "owned" the name, but that was not strictly true.
  • First Card-space, and now the DID-core spec were created to give the users complete control of their own identifiers. Now we are engaged on a great struggle testing whether those sell-issued identifiers, so conceived and so dedicated, can long endure. We are met on a great battle-field of that struggle to show the world that such a scheme can succeed.
  • The Domain Name is assigned to some legal entity by naming service that is registered by ICANN as a member of the Domain Name System. It is considered personal property that that legal entity and can be bought and sold in the marketplace.

Problems

  • The domain served a purpose: to bind together a set of users and computers in a domain of trust. There was a need for that then. And so there is a need for that today.
  • Domainless, or Zero Trust Architecture solutions focus on removing the domain boundaries and pushing the Authorization out to the edges. They have not been good at addressing what we need to do to restore the trust boundaries.

Solutions

Trust Registries

References