August 27, 2007

Federated ID, Missing the Point

Federated Identity is a topic I've not thought about for about 3 years. In that time, we've seen the rise of open standards SAML and OpenID and the decline in corporate solutions such as Microsoft's Passport (now known as Windows Live ID) and the Liberty Alliance. In particular, a faceted ID system which can authenticate and represent me to services with my appropriately matched dataset (I have many 'sets' of data – some are appropriate for friends, but not for work, etc) was only an idea back then and until recently, the topic has been relatively quiet. With the awakening to the Social Web, the inevitable question "Why do I have to manage so many versions of myself?" that has been asked by academics like Danah Boyd and Thomas Vander Wal and addressed – if not completely – by technology solutions, such as Sxipper and Demoxi. Fundamentally, however, the problems being solved primarily concern authentication and online form filling, not the actual management of my data held by various companies and organizations online.

Some others are thinking on mapping my relationships (which isn't a new concept – FOAF has been around for years), but none are telling the story of why this is a good idea. Sure, auto form-filling is cool, it helps me get things done quicker. Mapping my relationships is a neat idea, perhaps it can help me fill my profiles on Facebook or LinkedIn quicker... but something is missing.

Five or so years on from when the Digital Identity field rose to prominence, the industry is still coming up with answers without really knowing what the problem is. What's missing is a story – a clearly defined problem to which tech solutions can be applied.

My digital identity consists of all things me. It's not just my username and password, or the fields I fill in registration forms, or just my friends and associates. It's all these things and more. It's the photos I use to represent myself. It's the things I say in online forums on on my blog and the medicines I am prescribed by my doctor. Every piece of content and metadata about me forms my digital identity.

I believe collectively we're searching for a repository for the many facets of my digital ID, constructed with an open standard. A database and application that lives on my own server with an API that allows organizations and companies to access the sets of information about me that I explicitly allow. This information doesn't get stored by these organizations or companies, because its mine. They can access it whenever they need it, but I manage it and can cut them off whenever I choose. I want my identity under my control and not in the hands of corporations and organizations who may or may not be obliged to do the right thing with it.

My ID server should be as ubiquitous as email - an inalienable right to possess. I can think of nobody else but the open source community to provide this framework, since my personal data is not for a corporation to charge me for the right to use. I wish for that community to use this idea. By putting it out there, I hope it lights a bulb in some clever open source developers head.

Posted by Ant at 09:29 AM | Comments (0)