willemsst/gist:063aaea023495f0ed17af02f5cd58559

## gistfile1.txt
As I just saw someone got verified on Twitter (i.e. the little blue v mark on the avatar), I wondered what the process would be to become
verified.
My guess it's quite random and highly influenced by knowing the right people.

But if Twitter would be doing this for all its users by default, it could and probably would make Twitter a nice place again. No more
anonymous cowards harassing other people. There's been plenty of that the last few years and Twitter should act upon it if it wants to
survive and grow its user base again.

But what if we think bigger? What if the internet itself had some concept of identity. Currently, online we can claim whoever we want to
be. Think of the sily gifs around the internet about a dog chatting to a fridge.
I know, there are already some services incorparating identity. Certificates are proving you're really accessing your banks homebanking
server. PGP guarrantees you the email you just got is really sent by Mr. E. Snowden.
Services like keybase.io try to go a step further by introducing a API layer on top of an id database. It's a central place where
identities live and can be used on multiple internet 'platforms'. But I think this is only a small first step. OpenID connect is an
interesting protocol providing a universal authentication protocol, but I haven't looked it anymore since its inception. I just saw it has changed quite a bit over time, so I can't tell if it's any good. But these are the kind of initiatives we need.

We should get an internet standard identity database/protocol. Distributed not centralized. And it should be as secure as Fort Knox.

How could this look like? (what follows is the result of just a 2-minute brainstorm, but good enough to get the discussion started)
Like in the real world, everything starts with people. Real people. People could form groups, organisations, etc. Those are all identities.
Those are the things that need to get verified. Those are the data objects that can't be compromised. Ever. So these objects form the
Achilles-heel as well. I know some basic stuff about cryptography, but for this we really need the experts. This won't be easy. And it's
essential. I guess we could learn a lot from existing protocols.
But given we can create such a secure distributed datastore of identities, we could start linking accounts to services to it by means of
an API. Services could or could not require that the identity linked to the account is public. Of course, nothing prohibits (except maybe
some newly introduced law) to ignore the identity system for your service and still allow anonymous accounts.

But this would allow people to start to trust each other online. Trust that is much needed.

But there is a big caveat: security. If security can not be guarranteed at all time, and I mean really 100%, not even 99.999999%, this
could become a very dangerous tool for online criminal behaviour.
That's why I think it should be distributed. Perhaps with limited lifetimes of keys associated to identities (just thinking out loud here, as I said, I'm really no expert).

If we could build this trust level into the internet, that would make a big big difference. But so far, while reading this, you've
probably just thought about people and organisations. But what if you add 'things' to it. This is a really hot topic in the IoT debate.
Things could and probably should have their own id (now this most of the times is nothing more than a mac address). Making these id's
hierarchical by giving a property 'owned by id(s)', we could allways trace back the responsible owners.
And then it really gets interesting. We could even build checks in at the lower levels of the network stack preventing
'things'/people/organisations to prevent access to networks.

That all being said, these are just some random thoughts I had this morning. And I thought they could be valuable to share and be
discussed. I wonder, are there already initiatives trying to build such a system?
If you leave a comment (and I hope you do), be gentle and polite and respect each others opinion. Because as for now, we can't trust who
you say you are. Yet. ;)
	As I just saw someone got verified on Twitter (i.e. the little blue v mark on the avatar), I wondered what the process would be to become
	verified.
	My guess it's quite random and highly influenced by knowing the right people.

	But if Twitter would be doing this for all its users by default, it could and probably would make Twitter a nice place again. No more
	anonymous cowards harassing other people. There's been plenty of that the last few years and Twitter should act upon it if it wants to
	survive and grow its user base again.

	But what if we think bigger? What if the internet itself had some concept of identity. Currently, online we can claim whoever we want to
	be. Think of the sily gifs around the internet about a dog chatting to a fridge.
	I know, there are already some services incorparating identity. Certificates are proving you're really accessing your banks homebanking
	server. PGP guarrantees you the email you just got is really sent by Mr. E. Snowden.
	Services like keybase.io try to go a step further by introducing a API layer on top of an id database. It's a central place where
	identities live and can be used on multiple internet 'platforms'. But I think this is only a small first step. OpenID connect is an
	interesting protocol providing a universal authentication protocol, but I haven't looked it anymore since its inception. I just saw it has changed quite a bit over time, so I can't tell if it's any good. But these are the kind of initiatives we need.

	We should get an internet standard identity database/protocol. Distributed not centralized. And it should be as secure as Fort Knox.

	How could this look like? (what follows is the result of just a 2-minute brainstorm, but good enough to get the discussion started)
	Like in the real world, everything starts with people. Real people. People could form groups, organisations, etc. Those are all identities.
	Those are the things that need to get verified. Those are the data objects that can't be compromised. Ever. So these objects form the
	Achilles-heel as well. I know some basic stuff about cryptography, but for this we really need the experts. This won't be easy. And it's
	essential. I guess we could learn a lot from existing protocols.
	But given we can create such a secure distributed datastore of identities, we could start linking accounts to services to it by means of
	an API. Services could or could not require that the identity linked to the account is public. Of course, nothing prohibits (except maybe
	some newly introduced law) to ignore the identity system for your service and still allow anonymous accounts.

	But this would allow people to start to trust each other online. Trust that is much needed.

	But there is a big caveat: security. If security can not be guarranteed at all time, and I mean really 100%, not even 99.999999%, this
	could become a very dangerous tool for online criminal behaviour.
	That's why I think it should be distributed. Perhaps with limited lifetimes of keys associated to identities (just thinking out loud here, as I said, I'm really no expert).

	If we could build this trust level into the internet, that would make a big big difference. But so far, while reading this, you've
	probably just thought about people and organisations. But what if you add 'things' to it. This is a really hot topic in the IoT debate.
	Things could and probably should have their own id (now this most of the times is nothing more than a mac address). Making these id's
	hierarchical by giving a property 'owned by id(s)', we could allways trace back the responsible owners.
	And then it really gets interesting. We could even build checks in at the lower levels of the network stack preventing
	'things'/people/organisations to prevent access to networks.

	That all being said, these are just some random thoughts I had this morning. And I thought they could be valuable to share and be
	discussed. I wonder, are there already initiatives trying to build such a system?
	If you leave a comment (and I hope you do), be gentle and polite and respect each others opinion. Because as for now, we can't trust who
	you say you are. Yet. ;)