I think that there are two issues w/ spamming
1) spamming via DID creation
2) spamming from a DID via spurious claims
Anonymity, i think, is an issue for (1) above - the creation of DIDs, but not for (2). For (2) the identity that matters is the DID, and, as you point out, misbehaving DIDs can be cordoned off.... and such sanctions should be spelled out in the TF legal documents. If I'm not mistaken, for 'claims related spamming', the technical solution would rely upon the enforcement of the write-permissions for a given DID. Is a DID constrained to writing 'through' a specific trust anchor? How would this be implemented?
But the relationship between (1) and (2) definitely raises some legal concerns (lawyer-folk want to chime in?) - i expect that there is an expectation that a trust-anchor 'speak for' the behaviour of the DIDs minted on their behalf? If that is the case, then creating a special legal condition for 'anonymous dids' is paramount.
This also raises the question of 'anonymous DIDs' - would someone who wishes to generate anonymous DIDs at a protocol level be required to sign legal documents establishing their role as 'trust anchor' - and thus given the right to write new IDs? Is there a KYC-like process around that - if so, then anonymity is completely broken unless a trust-anchor can mint DIDs to which it has no legal obligation?
If the latter is the case, then taxing "trust-anchor vetted DIDs" at a rate of <= 1 anonymous DID per vetted DID, would be a sort of solution - but it does spell out a "special category" for DIDs - namely those who are policed entirely at the protocol level.
Unfortunately, policing edge cases at the protocol level leads to a sub-optimal design for nominal operations - my concern is that the technical developments will favor obtuse edge cases on the grounds of esoteric arguments of principle. The principle should not be compromised, but "expected edge cases" - like anonymous trust anchors generating anonymous identities that refuse to share in the global identity exchange should be such a case.
Also - from our customer inquiries - the need to "clean up an identity space" before publishing to a global environment is quite evident. This leads to the need for "temporary DIDs" - DIDs that get created, then terminated as they are merged into a more sensible identity graph.
Blocks of DIDs that have this sort of "temporary, unclaimed, status" fit well with "anonymous IDs" - i would not want to see a high PoW or PoS cost associated with a DID I expect to be "subsumed by another DID" once the owner is engaged.
Perhaps a DDO component indicating "class of DID" is worth exploring - where class of DID would be something like "permanent", "transient, ending on:", "pending trust-anchor claim, valid for:" - where the latter would support completely anonymous DIDs, which could be produced free of T.A. legal framework but which would be poised to either "be claimed by someone participating in the trust framework" or "be abandonded" (subject to cache disclusion)
i'd love to hear more thoughts on this - and thank you srottem for your input!