The way identity providers are supposed to work is to not necessarily divulge yo... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		layer8 8 months ago \| parent \| context \| favorite \| on: Why are banks still getting authentication so wron... The way identity providers are supposed to work is to not necessarily divulge your identity, but properties necessary for the respective service. For example, they can attest that you are an adult and a citizen of $country, but don’t need to disclose any further information. When using an identity provider with a third-party service, the attested attributes are displayed to the user to approve their disclosure. This is a bit like app permissions, where you can specify which app should be able to have which permission.

kortilla 8 months ago [–]

But most sites will just require you to attest your full name. Additionally, they will require a unique ID that the govt might not bother changing between websites.

Real name and central ID requirements are anti privacy and have the tracking problems OP highlighted.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact