Why is it so hard to create an identity layer for the Internet? Mainly because there is little agreement on what it should be and how it should be run. This lack of agreement arises because digital identity is related to context, and the Internet, while being a single technical framework, is experienced through a thousand kinds of content in at least as many different contexts – all of which flourish on top of that underlying framework. The players involved in any one of these contexts want to control digital identity as it impacts them, in many cases wanting to prevent spillover from their context to any other.
We need a unifying identity metasystem that can protect applications from the internal complexities of specific implementations and allow digital identity to become loosely coupled. This metasystem is in effect a system of systems that exposes a unified interface much like a device driver or network socket does. That allows one-offs to evolve towards standardized technologies that work within a metasystem framework without requiring the whole world to agree a priori.
- browsing: a self-asserted identity for exploring the web (giving away no real data)
- personal: a self-asserted identity for sites with which I want an ongoing but private relationship (including my name and a long-term email address)
- community: a public identity for collaborating with others
- professional: a public identity for collaborating issued by my employer
- credit card: an identity issued by my financial institution
- citizen: an identity issued by my government
The next evolution of the Internet will be the creation of a common identity layer that allows people, organisations and things to have their own self-sovereign identity—a digital identity they own and control, and which cannot be taken away from them. Self-sovereign identity is the natural evolution of an ecosystem which has moved faster than its supporting capabilities.