I'm working on this problem right now at blockauth.com. Launch is still months away but its an interesting mix of Blockchain publishing, ICANN style franchising, and paranoid levels of verification. The end result will be a federation of OpenID providers that all vouch for a user to confirm that they are a real unique person all while not giving any personal details about them unless they approve.

Basically its what Facebook is proposing but we do background checks on the accounts to ensure they aren't bots. Our privacy policy will be a lot more serious too. No marketing or targeted advertising.

Why do you need all that? Just curious.

I am the author of http://platform.qbix.com, and it includes decentralized identity. Each app can run on its own machine/cluster, and communicate with other apps. Each app is itself a user in Q.

When a person using a user-agent authenticates with an app, they can either do it natively (providing, say, their email address) or they can select an external app that they already logged into. The user-agent stores the domain of that app, and it's a simple matter of doing oAuth with that app. Except, of course, the user id isn't given out by the user's "home server" but instead a different "xid" (stands of external id) is given to each consumer app.

In short, an app can start life as a consumer of identity and eventually offer to provide identity. The identity provider doesn't just support oAuth, but ideally would allow the user to publish streams that others can subscribe to and view, import contacts and manage access control (privacy) based on those contacts and labels. Finally, they should be able to connect endpoints (such as their mobile phone, email, facebook account etc.) to receive notifications sent to their account by some apps they've authenticated with.

Whenever an app would need to display personal information back to a user, they could do it without ever knowing their personal info: http://www.faqs.org/patents/app/20120110469#b

What do you think?

In the future we might also encrypt this stuff so governments and others can't get it by simply breaking into the database. I don't have any expertise in this last part, so if anyone does I'd be curious to learn.

Because every attempt to make decentralized standards has gradually failed in favour of private services. Reddit et al have replaced Newsgroups, Whatsapp has replaced Jabber, etc. This one will be no different, and the current approach where every users manages dozens of accounts and passwords is untenable and represents an even-bigger-security threat than trusting FB with Auth.