So given the previous parts of this series (1, 2, 3), what might an alternative solution to the global namespace for people look like? First, we should have some criteria for how the system operates. Here are the ones that come to mind:
- Secure decentralized operation that’s not controlled by a single entity
- Human readable/memorable names
- Globally unique
Until yesterday I was blissfully unaware that there has been a bunch of work on this starting with an assertion by Zooko (talk about a unique name) that you can’t actually have all three in a naming system, followed by a post from yesterday (!) by Aaron Swartz proposing a solution (thanks to e.p.c. for pointing me to this). I have read Aaron’s post a couple of times but that’s only made me realize how much crypto background I lack to judge its merit. So rather than spend more time on that let me flush out a bit of an alternative model.
We are a bit shy of 7 billion people in the world. Apparently, the U.S. Census Bureau statistics suggest that there are about 150K different last names and about 5K different first names in common use in the United States. So from that alone one could theoretically generate 150 million unique combinations. Throw in a single middle initial and you’d be at 25 times that or 3.75 billion. Obviously people’s names are already distributed but this is just to try to get a handle on size (there are, for instance, also > 150K different words in the English language).
Another way to estimate how many readable/memorable usernames one could generate is by looking at the entropy rate of the English language, which is around 1 to 1.5 bits per letter. Now I think it is safe to assume that by throwing in digits and the generally somewhat higher unpredictability of the next character in a username (based on the previous characters) we could have an entropy rate of 2 bits. With let’s say up to 20 characters per username that would be 40 bits or over a 1 trillion usernames — in reality many user names will be shorter, so the actual number is probably lower (but then again maybe the entropy rate is even higher). In any case I think this is close enough to support the idea that human readable/memorable and globally unique are not at odds with each other (btw, I don’t think that the namespace needs to be restricted to English at all — I am simply using numbers on English to show that it’s not a crazy idea).
So what about passing these usernames out and managing them in a distributed manner? I think a system modeled on domain registrations would make sense. First, you are issued a globally unique numeric UserID by a registrar (more on registrars later). Then you can log in at any point and pick a globally unique human readable username for your UserID. Having both UserIDs and usernames would allow users to change their usernames. The registrars are in charge of assuring global uniqueness of both UserIDs and usernames and also add your record to the GPN (the global people namespace). This mirrors a bit the relationship between domain names and IP addresses.
Each record in the GPN would consist of at least the following (UserID, username, authprovider, authprotocol). The latter two would be how people actually use their usernames when signing up for a service — generally this will initially be the registrar itself but the user should be able to move that to other providers. You simply enter your globally unique username and hit a generic “Register” button, which using your record in the GPN can figure out where to send you to authenticate.
I think one reasonable objection to all of this would be that it is simply too late. The cat’s out of the bag. People already have usernames on tons of services. But I don’t think we should give up, at least not yet (apparently Jeff Atwood thinks so also). If a system such as this came into being in the next couple of years and was launched with some of the currently biggest username providers as initial registrars, then many people could get exactly the username they already have on these (and many other services). That would allow the existing namespaces to be converged with the GPN. What would be needed for all of this is someone like ICANN (ICANN itself?) to figure out a scheme for how UserIDs get partitioned across registrars and what database mechanism to use to for assuring global uniqueness of usernames. The model for the database itself should most likely be DNS (someone with more in depth knowledge of DNS might be able to tell whether DNS itself could be used as it is today).
I would love to hear from folks whether they think this is completely crazy in being undesirable (e.g., because not entirely distributed), not technically feasible, not politically/commercially accomplishable, etc.
P.S. Since people are likely to bring it up: webfinger may be a much more pragmatic way to get to a similar place in the end. It does, however, give up on a single global namespace for people that is separate from the domain name system (and with that the most likely give us up on individuals truly controlling their usernames).