DEV Community


Discussion on: A good reason not to use OAuth only accounts in your apps

rhymes profile image
rhymes Author

The OpenConnect part of distributed identity was kinda "lost in translation" :-(

louy2 profile image
Yufan Lou • Edited

I think the OpenConnect part is nicely translated, because OpenID still works as designed, and we do have different ID providers competing, like Google, Twitter, Facebook, Microsoft, GitHub, etc. However, I believe that trust cannot be decentralized to the point of a social Web Of Trust.

Way before the Internet, the trading market is a decentralized network. It started as community markets, then those networks connected through agents, which developed into brands and corporations. From the retail network emerges Walmart et al. From the animal farming network emerges Tyson et al. From the stock market emerges NYSE et al. From the personal homepages emerges Facebook et al. From the datacenter network emerges AWS et al. and Cloudflare et al.

In the end, our brains are limited in memory, our actions are limited in time, and there is a limit to how many connections we each can manage. This limit is called Dunbar's number, and is proposed to be between 100 and 200. Beyond that, we start to need rules as the basic consensus upon which we can interact. We need central authorities to create, update, and enforce those rules. When a network of such authorities forms, a higher authority would emerge so that the authorities have a basis to interact upon.

I think OpenConnect has done a good job. The rest are on the researchers of distributed contract systems, and artificial intelligence systems. Maybe we will make such a very perfect distributed system. We will for sure name it SkyNet.