How we went wrong on identity

The basic flaw is that people think identity comes on a card, or with DNA. Neither is true. Identity is, and always will be, based on a "circle of trust". It's not the card that proves who I am, it's the trust you put in the issuing authority. It's not the DNA match, it's the trust in the labs that tested it and the databases that matched it.

That's the basic disconnect - trust is being associated with the in the wrong artifacts. Until people understand that, you can't start fixing anything. Real identity management is hard, and most people are simplly not capable or willing to deal with the complexity.

I'd rather not to hurry with definitions of identity based on trust - while I agree with commenter above, I do not think we possess already the most correct and accurate definition yet: trust is still being studied and topic is very far from mature level of knowledge...

I've spent about 2 years developing software which has most relation to trust than anything else in software world (OpenSSL integration with real applications using it) only to learn that neither ordinary people nor software developers in area do understand trust even "on surface". Yet, everyone and his dog tend to declare trust being intuitive category, and hence (sic!) being used as cornerstone for other things. No wonder then that phishing became prevailing cyber crime.