Identity is a “Graph of Claims”.

Tim Bouma thanks for writing Digital Identity: A Chain of Claims. I’d like to bring a bit more comprehensive view on identity.

We should look at identity not just as a chain of claims, but as a graph of claims. This view on identity is important, because it provides better, clearer perspective on the design of Identity Standards and how to implement them.

To understand the idea that “identity is a graph of claims” let’s try to answer the question “What is Yahoo?” in 2015 and 2018 .

Before we begin exploring Yahoo in 2015 and 2018, we need to understand difference between “defining something” vs “identifying something”.

Define. When we define something — we describe attributes of the entity, that are the most important in this entity in some context. Such as — “This thing is defined by: …”

Identify. When we identify something — we describe/provide unique attribute of this entity. Such as — “I can identify, this thing by: …”

In 2015 if you wanted to identify Yahoo you could use exchange ticker
“NASDAQ:YHOO” as unique identifier.
In the context of investments you would define Yahoo as a legal entity that
owns the following assets: 100% yahoo.com (~5B USD), 35% in yahoo.jp (~7BUSD) and 16% stake in Alibaba Inc (~100B USD).
In the context of the brand you would define Yahoo as a legal entity that
owns brand ‘Yahoo’, yahoo.com and yahoo.jp.
In the context of history you would define Yahoo as a legal entity founded by
Jerry Yang and David Filo in 1994 and that owns yahoo.com.

In 2015 all the the common ways by which you define Yahoo and the ways to
uniquely identify Yahoo, would result in the same legal entity.

In 2018 defining and identifying Yahoo is not that simple.

In 2016 legal entity uniquely identified by ticker “NASDAQ:YHOO” sold yahoo.com and ‘Yahoo’ brand to company called “Oath” solely owned by Verizon and renamed itseld to “Altaba”. If you were investor in “NASDAQ:YHOO” shares in 2015, you would now own shares of “NASDAQ:AABA” and have no stake in brand ‘Yahoo’ and in domain yahoo.com.

Now if you want to define Yahoo using brand context “as a legal entity that controls brand “Yahoo” and domain yahoo.com” you would get legal entity “Oath” owned by Verizon. If you want to define Yahoo using historical context, “as a legal entity founded by Jerry Yang and David Filo in 1994” you would get legal entity “Altaba”. Funny, right?

Defining something is more important then just identifying something. Identity standards and their implementations should allow us to do both.

The key point that I want to convey here is — identity is not just a legal construct based on some identifier/s and a simple chain of claims about it that enables identitifcation— it is a graph of statements that enables identification of identity and defining what that identity represents/means in different contexts (in the context of corporate identity mainly what assets that identity represents).

When we see identity as a graph of claims we can have a better understanding of the true goal of Identity standards.

Goal of Identity Standards becomes — to allow us (people, society, government) to create, manage and audit graphs of claims that represent our identities in a transparent and reliable way.