The Internet of Subjects is the outcome of several years work with partners on a number of initiatives and projects in the field of personal data and digital identity. The most recent is TAS3, a project dedicated to developing the technologies for a trustworthy Internet.
The rationale for the Internet of Subjects is described in two working documents:
Internet of Subjects and the power of personal ID stores
A briefing with Serge Ravet, CEO of Eifel and Internet of Subjects Forum (IoSF) evangelist, by Kevin White.
Imagine a network made up of personal data stores, where identity data and personal information systems representing individuals are at the very centre of the architecture. Imagine a situation where online connections to people, services, and to documents are seamless, rather than being fragmented over a number of services. Imagine a scenario where personal identities are securely held in one logical space and shared dynamically across a number of communities. “What we’re describing here is an Internet of Subjects,” explains Serge Ravet, CEO of European Institute for E-Learning.
Announcing the setting up of the Internet of Subjects Forum, Ravet describes the IoSF as a way of providing loosely coupled but meaningful connections to subjects, persons or identities - much in the way as today, the Internet provides meaningful connections to location-independent content, idocuments and files.
“IoSF is all about giving people full control over their personal data, using available and proven technology built around existing data standards and formats. It’s not about IT, but about how IT is used.” Personal data is scattered and has become too fragmented, Ravet continues. “We see a need for the development of the Personal Data Store or PDS that will make our personal data easier to manage, and where the exploitation of personal data can be fully controlled by the individual. This is one of the driving forces behind the Internet of Subjects.”
At the moment, the exploitation of our personal data relies on the good-will and compliance competencies of our service providers. Each has its own idiosyncrasies in the way it chooses to manage identity and privacy. In some cases, poor security is applied to personal data and in other scenarios data may be shared between service providers without our say so or without any specific agreement. “Adoption of the PDS and user access dashboards will offer us all total transparency over how our data is exploited. Through establishing the use of the PDS to hold secure and user-defined key attributes and other personal data about an individual, the concept of identity being espoused by the Internet of Subjects starts to emerge.”
The IoSF maintains that identity is not just about the provisioning of attributes, authentication and authorisation rights. Identity could also be described by the online relationships that are brokered between individuals, and the circle of trust which develops through their interaction.
Ravet argues, “We only have to look at the success of Facebook or LinkedIn to see the power of these models. But they would be even more powerful if it were based on a schema that embraced the PDS.”
A PDS is not just a place where attributes, identifiers and personal files are stored, but is where the full history of our online activity can be captured, so that relevant information about us can be easily and securely shared with the services and the organisations we trust. A single version of the truth held in a single logical PDS.
“From a commercial standpoint if everyone had a PDS, businesses could start to communicate more directly and with greater relevance with consumers, according to the profile of preferences they set up within their PDS. We are all tired of the level of fragmentation that exists with our personal data and the lack of control we have over its use. IoSF will help resolve that by creating context around all of the data that is held securely in PDSs, producing identifiers similar to web tags to facilitate allowable and truly relevant data exploitation of personal data.”
He says the IoSF exists to steer and nuture projects and programmes that will embrace the PDS model. The technology is there. Standards are plentiful and proven. And some big name organisations are already backing the development: early supporters include Cisco Systems and Oracle, Edulog and Mahara, The Sorbonne and Reading University.
Starting with a vision that all information produced by, or related to, an individual is published / stored in his/her own personal space, it is possible to envision organisational information systems built dynamically from the aggregation of a number of pieces of information stored in personal spaces. “Our vision is to establish a network made up of single personal data spaces, where connections are seamless, and where personal identities are held in one logical space and shared across a number of communities.” The mechanisms for managing the different levels/circles of trust should make it possible for individuals to tailor with extreme accuracy the visibility of their personal data, from single individuals, to communities sharing the same interests, Ravet notes:
• Identities — a person can have multiple identities, and this can be reflected through different identifiers, like URLs, URIs or others
• Communities — a person can share a number of attributes within a number of circles of trust, where intimacy is protected. This can be an organisation, a social network or an ad-hoc group, or the general public.
This is achieved by defining how attributes are segmented or layered to reflect individual preferences, i.e. which parts are:
• Private — what is concealed from all communities
• Restricted — defines which attributes are shared with identified communities and people
• Public — defines the attributes that are publicly accessible
There is a strong case to be made, Ravet concludes. A subject or person-centric architecture is better for the individual as well as for businesses. It is better for individuals as they have one space (multiple identities, virtual, distributed, encrypted) from which they can update and manage their personal data. It is better for business in general, as it is a powerful opportunity equaliser, as VRM (Vendor Relationship Management) systems have already demonstrated. Such a person-centric architecture will also naturally expand into a generalised entity-centric architecture, where networks, organisations, businesses will be able to exploit the full benefits of their own digital identities. If we take the competencies of an individual as being a component of his/her identity, then the aggregation of all the competencies of an organisation is an element of its own identity and be exploited to respond to bids, find partners, explore new markets, recruit new staff.
“Make no mistake: the Internet of Subjects equally is aimed at people and business. It creates the conditions for developing one’s social and professional identity and contribute to the growth of social capital. As a business enabler, it creates the conditions for organisations, public and private, to provide a more personalised services market, using personal information ethically, as defined by the individuals’ policies.
The sweet spots for early-adoption of the Internet of Subjects Forum (IoSF) currently identified are in education and in HR, but also in healthcare and in e-commerce business generally. Overall, the main driver for making IoSF a reality is the increased need for trust. “We have now reached the tipping point where technologies are ready to reunite our digital identities, to create a more workable Internet of Subjects,” Ravet insists.