Human above all, with pathos, weaknesses and grumpy at times. Speak for myself; think out loud. Direct, seemingly hard faced. Urged to fix things. Am fortunate.

A Post About User Identity That Is Thought Provoking On User Authorisation And Security, Or Just Utter Bullshit.

User identity

Disclaimer: I am no security expert.

Use case

Provide a way for a user to identify himself before remotely accessing a multi-user software that requires to associate the user with her data.


There are two forms of user identification.

  1. Non authorised by the user
  2. Authorised by the user


Non authorised identification is a user saying who he is.
Authorised identification is a user saying who he is and trusting her.

For brevity, non authorised identification will be known simply as identification.

In essence, an authorised identification is a two stage identification. In the first stage the user provides an alias that is known of, usually in the form of a username. In the second stage the user provides proof to his claim, usually in the form of a password.

Imagine sitting behind a large door. A user comes and knocks.

  • “Who is this?”
  • “This is John” <- Identification
  • “Prove it!”
  • “Here is my passport” <- Authorised


The identity of the user is her email. An email is required both for identifying it to its owner and for verifying a new residence. An identity can have many residences.


Each identity is paired with a residence. A residence vouches for the user identity. Should the residence be removed, the identity can no longer be vouched for.

Characteristics of a residence

A residence has an identifier which needs to adhere to the following principles.

  1. Private.
    The identifier of a residence is private even to its owner.

  2. Unique.
    A residence identifier needs to be unique from a pool of residences.

  3. Secure.
    The identifier needs to be securely stored.

Creating a new residence.

Assuming the owner of the identity wants to create a new residence from which she can access the software.

The user requests for the new residence to be added. Subsequently, verifies the new residence via email. The new residence can now vouch for the user’s identity.

Delete a residence

The owner should be able to remove a residence. If a residence is deleted, the identity is also permanently removed as a residence.


Some mockups as to how it looks in practice.

Inspired by

  1. “Yahoo! & Sprint Displayed Passwords at Scale. What Happened?”
  2. “Sign On”
  3. “Persona”