I think signing someone's identity + other attributes is a very interesting idea. One problem that could be with such a system is the "mixing of the worlds" issue: knowing my email address, you could look up my profile and see a lot of personal information about me (any attribute someone has signed for me).
A possible solution to this could be to use "partial disclosure" of attributes associated with an identity. In an authentication scenario, the server learns the attributes I disclose (or a function there of), and nothing else. I think this is called a "zero knowledge proof". If I have to prove to an authority that the I am over 18, I could reveal only the answer to ((me.date_born - time.now()) > 18 yrs) and not my actual birth day.
This idea was invented and developed by Prof. Stefan Brands who was at McGill at some point, but then started a company around the technology. Later Microsoft bought them.
A possible solution to this could be to use "partial disclosure" of attributes associated with an identity. In an authentication scenario, the server learns the attributes I disclose (or a function there of), and nothing else. I think this is called a "zero knowledge proof". If I have to prove to an authority that the I am over 18, I could reveal only the answer to ((me.date_born - time.now()) > 18 yrs) and not my actual birth day.
This idea was invented and developed by Prof. Stefan Brands who was at McGill at some point, but then started a company around the technology. Later Microsoft bought them.
http://arstechnica.com/information-technology/2010/03/micros...
http://en.wikipedia.org/wiki/U-Prove
Now the tech is open sourced under an Apache License:
https://uprovecsharp.codeplex.com/SourceControl/latest#UProv...