Chapter 16. Digital Identity Architectures

John Locke was an English philosopher who thought a lot about power: who had it, how it was used, and how it impacted the structure of society. Locke’s theory of mind forms the foundation for our modern ideas about identity and independence. He argued that “sovereign and independent” was humanity’s natural state and that we gave up freedom, our sovereignty, in exchange for something else: protection, sociality, and commerce, among others. This grand bargain forms the basis for any society.

This question of power and authority is vital in identity systems. You might ask, “What do I give up, and to whom, in a given identity system?” More succinctly: who controls what? Chapter 2 introduced the ideas of locus of control and self-sovereign identity. An SSI system, you may recall, defines the things over which an entity (person or organization) has complete control, along with the rules of engagement for its relations with other entities. This chapter explores the details of three abstract identity architectures to better understand the locus of control in each.

In addition, we’ll consider the legitimacy of each architecture for online interactions. Wikipedia defines legitimacy as “the right and acceptance of an authority, usually a governing law or a regime.” While the idea of legitimacy is most often applied to governments, I think we can rightly pose legitimacy questions about technical systems, especially those that function in an authoritative ...