Full Title or Meme
For Identity Management a domain is a walled off collection of resources that can be preferentially accessed by members of the domain.
- The Domain Name System was the first attempt in the digital age to create a set of Identifiers that could be associated within a trusted domain. It was a binding between an alphabetic name and an IP address.
- The next step was to address individuals at one computer system using the mailto: scheme that is now universal for email address. The address that once identified a user at a computer, now identifies a user at a "domain" of computers.
- The next step for Identity Management was to create domains that were dedicated to identifying users like email@example.com. Those users felt like they "owned" the name, but that was not strictly true.
- First Card-space, and now the DID-core spec were created to give the users complete control of their own identifiers. Now we are engaged on a great struggle testing whether those sell-issued identifiers, so conceived and so dedicated, can long endure. We are met on a great battle-field of that struggle to show the world that such a scheme can succeed.
- The domain served a purpose: to bind together a set of users and computers in a domain of trust. There was a need for that then. And so there is a need for that today.
- Domainless, or Zero Trust Architecture solutions focus on removing the domain boundaries. They have not been good at addressing what we need to do to restore the trust boundaries.