OIDC User Experience
Full Title or Meme
- Kim Cameron articulated early that "The internet was built without an identity layer", by which he meant an organic life form identity layer.
- Clearly the DNS is a silicon life form identity layer where each silicon life form gets an IP address.
- OIX & OpenID foundation want to address this with Identity first.
- The problem is that (most Western) humans do not want to be objectified. (I admit I never understood Confucius.)
- So, identifiers and attributes (nouns and adjectives) are antithetical to privacy.
- Does privacy impact OpenID foundation? - yes it does! T-Cell designed to destroy the virus created by OIX & OpenID.
- Somehow ecosystems have evolved to accommodate both. So we know that it can be done.
- I was musing about the self-sovereign community and how they chose to accommodate privacy and identity.
- So the DID core spec has evolved to have no concept of the distinction between organic and silicon life forms. In other words, it is amoral.
- What they have created to enable the distinction is the type in the VC and Governance Frameworks to regulate ecosystems.
- Or in other words, they have recreated federations (or governments) using other words to make it sound like something new and different.
- The Governance Frameworks are Ethical frameworks, or morals. (I do understand Aristotle.)
- FAPI exists within a Governance Framework which eventually goes back to a financial framework which is backed by laws which are backed by morals.
- The same can be said to apply to the mobile phone work group in OIDF or any other specific application area.
- The AB/C work group seems to have chosen to avoid consideration of Governance Frameworks. (and that has worked up until now.)
- So the question for OIDF AB/C is whether to address the Governance Framework for OIDC (or its successor spec)?
- For identifiers to work with privacy, IMHO such a common Governance Framework is required.
- Perhaps that is how to deal with the disruption that the browser guys are creating.
- As of right now there is not a common framework between the privacy-first and the identity-first advocates.
- As a result, it is hard for OIDF to formulate a strong case to present to the browser guys.
- At a minimum I propose that we need a framework that deals with both identity and privacy as equals.
- Or we can just let them continue on their path and try to accommodate to their framework.