Total newb question: if a user controls their identity information and keeps that local, what’s to stop them from modifying that local information to elevate privileges on these “permissionless” remote site? Am I totally misunderstanding the concept?
I assume that is up to the website. If the website wanted to store these permissions in this ID they could add a signature to the ID that can not be recreated by the user.
Total newb question: if a user controls their identity information and keeps that local, what’s to stop them from modifying that local information to elevate privileges on these “permissionless” remote site? Am I totally misunderstanding the concept?
I assume that is up to the website. If the website wanted to store these permissions in this ID they could add a signature to the ID that can not be recreated by the user.