Neither the Internet nor the Web have an Identity model. This means they also don’t have a Trust model. And from this fact flows nearly all the insecurity issues that are inherent to the Internet or the Web (as opposed to those coming from defective software).
“What is identity?” is one of those bottomless questions that philosophers build careers around, but a working definition can be easily found in a dictionary:
"sameness in all that constitutes the objective reality of a thing"
That is informative, but not particularly useful. To create trust, we need to know the identity of something, but also the context in which we evaluate if the “who”, “whats”, and for that we have to classify things appropriate to potential “whats”. So, if I have a router, it is going to move packets from sending hosts to receiving hosts, and that gives us three contexts – the packet itself, hosts, and the action of a host (sender or receiver). With that I can build an Identity model for packets, for hosts, and for actions, and with those models, I can build a trust model for communications between hosts. But it all begins with identity, with the objective reality of a thing, and in a world that is either sub-atomic or digital or virtual, objective reality may be pretty hard to come by.