Tl;dr: we should see if Solid or some other service in Web3 has implemented a minimal, "claims-based" identity metasystem, and evaluate whether it's possible to import that metasystem into Metagov along with some basic support for building plugins and policies using the units of that metasystem.
Parts of this post are
Problem
Linked identity is a clear prerequisite to a range of possible governance policies that communities may wish to adopt. Linked identity is also necessary for certain Metagov services to function. For example:
- A policy that bans a user from linked Discord, Discourse, and GitHub communities upon detecting a banning offense on any single platform.
- (copied from @mashton's docs) The community has a SourceCred instance which is connected to Discourse, tracking users contributions on the Discourse platform only. The community also uses OpenCollective to submit invoices. Not all members have accounts on both platforms–– some may be members in Open Collective only, others are members in Discourse only. In order to support a governance policy that says “Invoices submitted by users with sufficient Cred are automatically approved,” the system needs to know that the OpenCollective user ‘joshua-tan’ is the same person as the user ‘joshua’ on Discourse.
- SourceCred itself requires and maintains an "internal" concept of linked identity in order to aggregate contributions by single users within multiple platforms (e.g. GitHub contributes and Discord messages).
This is clear value in having linked or shared digital identities for users as well as for other entities such as organizations, roles, and resources.
Direct solutions (copied from @mashton's docs)
Linked identity can be accomplished directly through various forms of account linking; account linking is when user accounts from various identity providers are associated with the same user profile. In the above example, the record for OpenCollective user “joshua-tan” would be linked to the record for Discourse user “joshua.” There would be some core user profile record that lists all the accounts that belong to this user. That profile record could be curated
- manually, by an admin who links accounts (without user consent) e.g. through something like Auth0 Management API (paid service) using the server-side account linking flow.
- manually, the user links accounts themselves by providing credentials for each separate account
- manually, as above but users are incentivized to link their accounts (e.g. see SourceCred's approach)
- automatically, the system naively links accounts that have the same email address (without user consent)
- automatically, the system prompts users to link accounts when the user logs in with the same email (with user consent)
- automatically, the system infers linked accounts using data and machine learning (without user consent)
We got as far as the above before deciding that identity was out-of-scope for phase 1 of the Metagov prototype.
Proposal: an identity metasystem
I hypothesize that Metagov should not be in the business of providing a shared identity layer for its plugins, nor should it be in the business of determining the identity policies of particular platforms and communities.
Therefore, instead of an explicit identity layer, I propose that we implement (or import) a minimum viable identity metasystem (MVIM) for Metagov. Such a metasystem should expose a unified interface that allows services to "loosely couple" to a set of 3rd-party identity management systems. By implementing an identity metasystem as opposed to an identity system, we maintain Metagov's status as a backend service for governance authors.
Background and Definitions
This is clear value in having linked or shared digital identities for users as well as for other entities such as organizations, roles, and resources. Indeed, corporations spend billions on a generalization of this problem every year, called "[entity resolution[(https://www.sciencedirect.com/topics/computer-science/entity-resolution)". But the problem of providing a linked, much less unified, identity layer is extremely difficult. Kim Cameron has an excellent summary of why:
Why is it so hard to create an identity layer for the Internet? Mainly because there is little agreement on what it should be and how it should be run. This lack of agreement arises because digital identity is related to context, and the Internet, while being a single technical framework, is experienced through a thousand kinds of content in at least as many different contexts, all of which flourish on top of that underlying framework. The players involved in any one of these contexts want to control digital identity as it impacts them, in many cases wanting to prevent spillover from their context to any other.
Instead of an identity layer, Cameron argues that we need a identity metasystem:
The technology of “device drivers” enabled interchangeable hardware to be plugged in as required. [...] Digital identity requires a similar approach. We need a unifying identity metasystem that can protect applications from the internal complexities of specific implementations and allow digital identity to become loosely coupled. This metasystem is in effect a system of systems that exposes a unified interface much like a device driver or network socket does. That allows one-offs to evolve towards standardized technologies that work within a metasystem framework without requiring the whole world to agree a priori. [...]
She further argues that the concept of a "claim" is central to such an identity metasystem and "encompasses all the known digital identity systems and therefore allows us to begin to unify the rational elements of our patchwork conceptually. It allows us to define digital identity for a metasystem embracing multiple implementations and ways of doing things." To Cameron,
A claim is: “An assertion of the truth of something, typically one which is disputed or in doubt.” Some examples of claims in the digital realm will likely help:
- A claim could just convey an identifier: for example, that the subject's student number is 490-525, or that the subject's Windows name is REDMOND\kcameron. This is the way many existing identity systems work.
- Another claim might assert that a subject knows a given key; and should be able to demonstrate this fact.
- A set of claims might convey personally identifying information; name, address, date of birth and citizenship, for example.
- A claim might simply propose that a subject is part of a certain group; for example, that she has an age less than 16.
- And a claim might state that a subject has a certain capability; for example, to place orders up to a certain limit, or modify a given file.
Note that, contrary to the problem setting above described by Cameron, Metagov does not need an identity layer for the whole Internet. It just needs an "identity open set" that covers the services needed for a single community. (Indeed the problem seems intractable at the scale of the Internet: Cameron posed her idea of an identity metasystem in 2006.)
Next steps
It's my belief that some kind of claims-based identity metasystem has almost certainly been implemented somewhere, i.e. the claims-based approach sounds vaguely familiar to docs I've read for things like Solid, DID, and self-sovereign identity. So the next step is to do some research / ask a knowledgeable expert who can point us in the right direction. I'll update this issue as we collect more information.