The issue breaks into three parts: Identity, Authentication and Authorization.
Generally speaking, people tend to confuse or conflate Identity and Authentication, but that is not necessary. Consider LJ - you might grant some people certain rights to read your blog because of what they write, say or do - but never know their real name and identity. You Authorize them via a Friends list.
Meanwhile, when they log in, they Authenticate their credential to LJ (or, since LJ accepts other ID servers and their authentication, maybe to someone else).
I cannot recall where I first read about these issues, I can do a little digging. For interesting browsing, you might look at some of the articles in Wired (and other places) by Bruce Schneier, CTO of Countepane. You might also ask patsmor or look at the links in her blog. I have not done so, but since she is an expert in Internet Security and Privacy, I am sure she can give you references on the topic. (She is also a close friend of cvirtue as well as myself - and an SCA person of excellent repute and good cooking skills. Amongst many other terrific features.)
no subject
Generally speaking, people tend to confuse or conflate Identity and Authentication, but that is not necessary. Consider LJ - you might grant some people certain rights to read your blog because of what they write, say or do - but never know their real name and identity. You Authorize them via a Friends list.
Meanwhile, when they log in, they Authenticate their credential to LJ (or, since LJ accepts other ID servers and their authentication, maybe to someone else).
I cannot recall where I first read about these issues, I can do a little digging. For interesting browsing, you might look at some of the articles in Wired (and other places) by Bruce Schneier, CTO of Countepane. You might also ask