Welcome to the Internet of Subjects Forum

Internet of Subjects Forum

“Free our data now!"

Who are we?

The Internet of Subjects Forum (IoSF) is an independent not-for-profit organisation dedicated to making the Internet a more secure and trustworthy place. Our goal is to create the conditions for the emergence and sustainability of an Identity Centric Internet, an Internet of Subjects, where individuals in full control over the storage, transport and exploitation of their personal data, can monitor their use by other individuals, networks, communities, businesses and authorities.

Our aim is to enforce privacy and trust while enabling business and innovation.

What is the problem?

While emerging technologies and practices are leading towards a more person-centric Internet (social networks, user generated contents, ePortfolio, personal health records, vendor relationships management systems, Web 2.0, etc.) the current Internet architecture, which is still organisation-centric, leads to increased fragmentation of personal data across an ever growing number of services and places. This fragmentation ultimately leads to a loss of privacy and the loss of trust in personal and business relationships.

Moreover, while legislation states that we have the right to rectify personal records hosted by service providers, this is rarely enforced, simply because it is impossible to keep track of all the places where we leave and abandon personal data. Furthermore, legislation does not state our right to personal data sharing, e.g. the right to share our personal health records or our bank credit records with the service of our choice: our personal data remains under the control of organisations, not us.

Personal data is not ours, yet!

How can the Internet of Subjects Forum contribute to the solution?

The goal of the Internet of Subjects Forum (IoSF) is to exploit the power of current social and technological trends to move towards a fully person-centric Internet, i.e. an Internet where:

  • Individuals are empowered with full control over the protection and exploitation of their personal data and can create their personal circles of trust with the parties they choose
  • Organisations and businesses can provide better and innovative services to empowered individuals who have the means to assess and recognise their trustworthiness

The IoSF is the means for individuals to be able to say: Personal data is ours!

How shall the Internet of Subjects Forum achieve its mission?

The IoSF mission will be achieved by creating an open and trustworthy architecture based on the strict separation beween hosting of personal data and their exploitation by web services. This will require system architects, decision makers and business leaders to change their vision of the Internet to move towards a person-centric architecture.

The components of the IoSF architecture are:

  • Public Anonymous Data Stores (PODS) and Personal Data Stores (PDS) to securely store and share personal data —PODS and PDS can be distributed over a number of different services, while owners can have a unified view of all their data.

  • Personal Circles of Trust (PCT) to securely share personal data within communities

  • Citizen Dashboard to control and monitor how personal data is secured and exploited by service providers

  • Service Providers to provide services based on data collected from and written to personal data stores, with respect for the policies defined by their owners

  • IoSF to provide the architecture's framework and the means to control the contractual relationships between the different stake-holders

To accomplish our mission, IoSF Partners are invited to:

  • make public their privacy and trust policy and commitment  —under the format relevant to / chosen by each Partner.

  • make their best efforts to contribute to and/or study the IoSF recommendations —there is no binding obligation to implement them.

The 7 rules of engagement with the Internet of Subjects

The Internet of Subjects framework is defined by a limited set of principles that are precise enough to have an impact when being implemented, but large enough to leave the space for multiple technical solutions.


  1. Self control (user control, self determination, user-defined policies): I manage my self-identity. You can access my data under my conditions, my policies.
  2. Searchability (findability, identification to): I am, therefore you can find me and I can find you. And I can hide.
  3. Instant Social Networking (Massive, meaningful, anonymous & mutual interaction): We can engage in collective actions even if we don't know each other
  4. Ubiquity (unification of distributed data): I can move my data seamlessly over the Internet
  5. Symmetry (equality, peerness): we are equal, individuals and organisations: I am also an identity provider, a credentials provider, a service provider
  6. Uniqueness (minimal replication of raw data): Do not copy my data when a simple pointer to it can do the job
  7. Accountability (reputation, responsibility for one's own actions, even anonymous): I act responsibly as I know that what I do to others will impact my reputation


These rules do not make any explicit reference to interoperability, as it is the inherent property of a user-centric architecture to be interoperable: it is the individual that acts as the interoperability agent for the whole system. Individuals define the policies regarding their personal data and the trust infrastructure insures that those policies are being enforced