Identity Domains

This article was originally published at https://github.com/asankah/identity-domains.

An Identity domain is a scope within which we consider it a given that the user has a shared or trivially joinable identity.

This is a privacy boundary, not a security boundary. Hence it assumes that where possible all sites share information.

Diagram of example identity domains described below

Above is a diagram showing relationships between clusters of documents and identity domains.

The Identity domain has the following properties:

Note that in the existing web privacy model third-parties can trivially associate identities across top-level contexts. Thus the entire internet essentially amalgamates into a single identity domain.

The boundaries discussed herein require moving to a different model of identity on the web. The privacy threat model guiding this model is discussed in PING’s Target Privacy Threat Model document which is a work in progress as of this writing.

Additional Notes and Observations