Or, for developers out there, another good way to think about it is as a protocol for secure communications that flips the Certificate Authority (HTTPS) model on its head. Rather than CA signing certificates providing all channel security, identities provide their own security on any channel by signing every message.