I have been thinking a lot about verifiable strong identity online and how it could fix things like: fake news, phishing, fraud on freelancer platforms or faking results of online polls . Let me know what you think about this approach:
The trust graph consists of
2 types of nodes - natural persons which have a name and control one or more email accounts
- organizations which control a domain name and an email server
1 type of edge - stating that a person node and an organization node have had some kind of affiliation in the past.
Natural persons register with a trust repository providing just their name, the email on domains of organizations which they are currently affiliated with and reference emails of people in organizations which they have been affiliated with in the past.
The sever then sends a magic link to your referenced email addresses. The verification emails simply ask the recipient to agree that a person ( as defined by their name and current email accounts) had been affiliated with their organization in the past but not any detail about their role or skills.
Some Organization nodes are labeled as seeds of trust, for example any publicly traded company which has a value >1e6$
Other nodes ( organizations and natural persons) are trusted only if there is a path between them and at least n organizations in the seed of trust
Key differences to the Web of Trust coined in by Phil Zimmermann in 1992 :
1) IDs must be public information 2) We agree on a external seed of trust
With these differences we can clean up the graph of trust in the event that a fake account is found by re-verifying the paths from the fake account to any seed of trust. And lets remember this does not need to be 100% secure, it just needs to be difficult to the point that it is no longer worth the payout a fake account can bring.
Submitted February 05, 2019 at 02:58AM by mortiffer http://bit.ly/2DSV8rK
No comments:
Post a Comment