Solving coordination problems, in this case the internet identity problem, always involves leveraging some existing coordination framework. For example the PGP signing scheme leverages the acquaintance network and the signers are encouraged to leverage the government issued identity cards. For example my local library asks to see a utility bill, and thus leverages the account relationship I have with the utility.
When your designing one of these internet identity schemes you thrash around looking for something you might tie your raft to. The IP address, the browser cookie, the confirmed email address, etc. There are lots of clever schemes. For example Paypal does, or at least used to, do a cute trick where they would confirm that you had access to a bank account by making some tiny random deposits and then asking you to confirm their amounts. These days it’s common to see SMS messaging used to confirm you have control, at least for a moment or two, of a particular mobile phone number. I haven’t personally experianced, but I presume somebody has built, the phone equivalent of confirming an email address.
As usual these examples have three parties: entity to be identified, entity that desires that, and some third party: i.e. the user, the service, and the identity provider. When you confirm an email address the identity provider is the email infrastructure; and the reason the service finds that useful is it trusts that infrastructure; at a least somewhat. When a service confirm a mobile phone number using a SMS the SMS infrastructure is filling the role of identity provider. When a bar-keep checks a driver’s license he’s trusting that infrastructure; and his ability detect fraud.
The driver’s license is what in the digital world we might call a capability; it’s a token that grant’s it’s holder the right to perform various activities. Including, surprisingly and ironically, the ability to order a beer. We can make quite robust capability tokens in the digital world; but we need to have somebody sign them.
In the off-line world we have institutional infrastructure to support such signing. Quite a few actually. Financial industry, for example, has something they call a bank signature and if you take a random piece of paper down to a bank where you have an account the branch bank officer will be happy to watch you sign it, then they they will first press a large 3 dimensional stamp into the paper and then over that they will sign the paper too. Notary publics perform analogous services.
So. Let’s say I want to organize a large group of volunteers to provide some service for the general public. Let’s imagine that as part of this service the volunteers will be sending email to members of the general public with whom they have zero existing relationship; so the volunteers are concerned that they will be accused of spamming; or worse might get used due to a security flaw to actually spam.
I think the volunteers’ concerns could be addressed if I could give them a signed note from the user that grants them permission to pass on the email associated with the service. I.e. a capability token. But who would sign it?
I don’t think I’ve previously seen the idea of mimicking the notary public architecture before. It is just what’s needed. The service community selects some number of their members and anoints them as notable. Any notable person may gin up capablity tokens for a user. Any user wishing to use the service must seek out a notable person, acquire a signed capability token. The user can then distribute that token as they see fit.
The volunteers in a service community would want the notables governed well. That means at least: they are easy to find, cheap to use, courteous and professional in their manner, etc. Much that’s wrong with the existing key signing schemes arises from breakdowns (aka rent seeking) at this level.
But today I’m thinking that the real breakdown in those schemes was the choice to follow commercial models for the governance of the notables; rather than professional or fraternal models. I.e. non-profit. Or possible we should leverage state licensed models. Aside: there are millions of notary publics in the US.
I’m particularly enjoying the idea of a fraternal orders of signers in the tradition of Friendly Societies like the Odd Fellows, or Service Clubs like the International Order of Twelve Knights and Daughters of Tabor. Who wouldn’t want to be IKK, BJ, GS; aka an Imperial Knight of the Key, Boston Jurisdiction, GPG Affiliate. It would certainly come with a funny hat and a lapel pin.