Arizona State journalism professor and Knight chair holder Dan Gillmor is calling for an effort to “federate” identity management on the web:
“What I’d like to see, and would support with my money, is a collection of open-source, community-driven, federated services that achieved the same goals without putting our data and content into the hands of a few large and increasingly powerful companies. I suspect I’m not alone in wanting this. Are there enough of us to matter? And if so, are developers listening?”
He wrote that as the last paragraph to a blog post at The Guardian (U.K.) entitled: “Google+ forces us to question who owns our digital identity: Are enthusiastic users of social networking sites giving up too much control?”
In the post, Gillmor warns that putting too much of your “persona” — data about your friends, your “likes,” your interests and demographics — in a large social-networking service may be handing over too much control over your privacy without much in return.
He’s correct, and it’s a key ongoing topic of the Information Valet Project. It’s also a key challenge addressed by our call for the formation of a global Information Trust Association, which would help establish protocols and opt-in business rules for trust, privacy, identity and information commerce on the web.
I replied to Dan’s post:
Responding to your last paragraph: In a more detailed post I’m sure you would have mentioned Doc Searls’ ProjectVRM work at the Berkman Center at Harvard University.
Broadly, what we need is an infrastructure that supports multiple places where you can lodge your “persona” (demographic and personal data), and which vouch for you as you use resources on the web. Today Facebook Connect is the default commercial identity provider for the web. Clearly G+ is making a play to be No. 2, and the fact that Facebook blocked it is at one level a welcome sign of competition.
What we need is for there to be dozens, hundreds, thousands of identity service providers — so that users can choose the one they are most comfortable with. These could be banks, telcoms, ISPs, publishers, affinity groups or even new enterprises (such as Azigo.com or Personal.com) formed for this purpose. The key issue is that they be willing — and able — to cross-authenticate their users so that they are silos, but silos which are unwalled from the user perspect.
We’re in the early stages of a four-party approach to trust, privacy, identity and information commerce — users, the user agent who helps with identity, the outfits that rely on the trust provided by the user agent (retail and content websites, eventually health-care providers perhaps) and a fourth party — the service which authenticates all of this activity.
The fourth party — the authenticator — best not be a for-profit or government entity. I’ve sketched out an idea for a global Information Trust Association (http://www.infotrust.org) which starts to get at a possible solution. And the white paper http://www.papertopersona.org details the idea.
Yesterday, in Washington, D.C., a group of about 15 people met to work on a response to the Obama administration’s call for a private-sector let approach to Internet federated identity. They were responding to the National Strategy for Trusted identities in Cyberspace. The government effort may be a catalyst for the work you are asking about.