Doc's Old School Blog: A question for today's @IDworkshop: Does #login = #identity? #IIW

In scripting.com/2021/10/13/140500.html?title=whyWeUseTwitterIdentity, @DaveWiner explains how little logging into #Drummer with Twitter reveals about one's self or life. I think that's because #OAuth (the standard used) is just "access delegation." IOW, easy login.#

Seems to me, at the practical level, it's about all 7 of @Kim_Cameron's Laws of Identity: user control & consent, justifiable parties, minimum disclosure for a constrained use, etc. But is a credential minimally disclosed to a justifiable party *identity*?#

Identity, seems to me, is about *who you are*. Login is about *something you do*. If the other party only wants to know if you have a ticket to get in, that's not identity. It's a verifiable credential. It's just about the minimum stuff another party else needs to know.#

Minimized *need to know* (#MNTK) is an essential feature of #SSI: self-sovereign identity. There is uncomplicated efficiency to it. It's why the coffee shop's MNTK is that the name you give them with the order is the one they call out when the drink is ready. #

So I think a lot of what we call "identity" is a subset that's nothing more than #MNTK, requiring only a single verifiable credential (which the identity folk confusingly but understandably call a "VC"). I'll call an #IIW (where OAuth was partly baked) session on that today.#