I see your point, you are right. Having said that, some facebook statuses
are enough to end a marriage! :)
As you become more decentralized the attack surface inevitably goes up.
I'm thinking along the lines of zooko's triangle ... we could have synonyms
something like
Secure -> Secure
Global -> Decentralized
Memorable -> Convenient
Webfist is highly decentralized, it is moving into the area of mirrored
claims, so while persona, for example, is heavily reliant on federated
servers, webfist is moving into the real of mirrored claims that are signed
for data portability. The advantage here is that you dont have one central
point of trust, which becomes a central point of failure. You can
distribute trust over many nodes.
This is robust, but it comes at a cost. Namely the attack surface
increases, notably from spamming.
So what's the long term solution? You essentially create an arms race
between attack and defence. One way to do this is to have a trust and
global reputation system, perhaps including something like openbadges, but
at web scale. But what often happens is white listing, which
disproportionately favours the big players, at the expense of the long
tail. Better approaches may be along the lines of proof of work (one cpu
one vote) or consensus models.
What we really need is a global meta system that pulls all these identity
system together in a reusable way, so your trust and reputation become
global and transferable. This way you can mitigate many of the common
attack surfaces, while increasing the number of use cases you can handle.
Just my 2 cents ...
>
> -Ben
>