More than a couple of times a year, I meet teams working on identity. I always make myself immediately unpopular by asking them “what is identity?” and, of course, everybody acts as if it is completely obvious from our mutual shared context, and I should already know. Usually when people use the word “identity” their implicit definition falls into one of following buckets.



- Identity is your physical body, as recorded in a database using a biometric record or a biometric hash.



- Identity is a government record which gives you a unique identifier like a taxpayer ID number or a social security number.



- Identity is a set of attributes attested to by a community, attached to a self-chosen name. This is often used interchangeably with the word “reputation” and may assume that a single individual has many identities, frequently called personas or nyms.



- Identity is a username/password combination, where your ability to remember some fact records that you are the same person now as you were when you opened the account — essentially this is proof of memory.



- Identity is a cryptographic key pair, where one is identified by the public key, and this identity is proven using the private key (usually by signing things.) SSH keys are a good example of this in its rawest form: you log in once and add a key, and all the system cares about is that you use the same key to get back in — not who you are!



- Identity is a persistent sense of self or selfhood, or a semi-continuous narrative identity we call “I.”



- Identity is some kind of metaphysical construct, a “true self” or soul, which shines out through the personality and into all of our actions.



