Great article, helped me get more of a shape on some ideas I'm thinking about too. In fact I was just talking to someone yesterday about the ID and reputation aspect of trust services you mentioned, but I was missing some of the terminology.
This is something I'd love to see. In particular I'm interested in the idea of being able to revoke access to information at will. So for example, say you open a bank account. They need to know who you are (it is actually a common legal requirement) in order to operate your account. You agree with your trust service to allow them access to certain parts of your identity data, on request. At no point do they store your data. In that case, you could have more control over your personal data, in particular making sure that it is not sold, used unethically or to track you with third party identity building companies.
Then when you business arrangement is concluded, access is revoked and they no longer have it. Obviously this wouldn't stop someone from copying your data, and so it would need to be supported by a law forbidding unauthorized data storage. Sounds far fetched probably, but it's not without precedent for a type of service to become indispensable.
So if a trust service was used to establish identity, for the purpose of authentication, there'd be no need for a business to hold on to personal data. What do you think?
Great points - I absolutely agree. There is a potential use case for tokens/signatures that expire after a certain period of time or after a particular transaction is complete. This could be a potential way of using smart contracts (although they would actually not need to be very smart). Thank you:)