The New Internet of Subjects Manifesto

After the Internet of Subjects Forum London (5 July 2010) Graham Sadd wrote in his blog: Violent Agreement Breaks Out at IoS Forum.

This was echoed in the final session of the 8th ePortfolio conference (www.epforum.eu) when Derrin Kent offered to invite the Mahara open source ePortfolio community to integrate the idea of separation between data, metadata and ePortfolio services. We hope that more ePortfolio providers will support this model, which should lead to greater interoperability across systems and organisations, whilst increasing control by individuals of the exploitation of their personal data. It is a path to creating true personal lifelong learning environments.

One of the next documents to be produced is a New Internet of Subjects Manifesto, based on the '7 IoS principles'. It will be a response to the National Strategy for Trusted Identities in Cyberspace (USA).

A simple analysis of the NSTIC document reveals that:

1. there is not a single reference to (personal) data storage
2. there is one single reference to publish[ing] private information
3. there is no reference to 'discoverability'
4. the word 'relationship' is only used 3 times

The main weakness of the NSTIC is the focus on "trusted identities" (that are no more than glorified 'trusted identifiers') rather than "trusted relationships." The whole exercise looks like the effort to represent a 3 dimensional space on a single straight line: It doesn't use any of the topographic properties of a network! In order to trust a claim by an individual that she is a British citizen, it would be sufficient to check that the server of the passport office points to the subject's PIMS (personal information management system) while sending a message to the PIMS (the mobile phone being part of it!) to check that it is the owner of the PDS that makes the claim —and the PIMS could provide a proxy service to manage this kind of transaction, making one's life easier.

An identity can be defined by a series of (more or less) trusted relationships evolving over time and space. It is a combination of identification of (by a third party) and identification to (a group of people sharing certain attributes).

The main limitation of the NSTIC document is that it only focuses on the identification of, and does not address a single element of the identification to. It also assumes that one needs to be identified in order to enter a transaction, while most transactions in real life do not require any kind of formal identification.

The concept of "trusted identity" in NSTIC is mono-dimensional, while the IoS concept of 'trusted relationships' is multi-dimensional. An identity is a (series of) relationship(s), evolving over time and space, not a static attribute. NSTIC aims at a "user-centric Identity Ecosystem", while we aim at a "subject centric Trust Relationship Ecosystem", where the subject can be a person, an organisation or a network. Placing too much emphasis on 'user centricity' contains the risk of reinforcing the asymmetry of the current system —patronising is not far.

The focus on "trusted identity" rather than "trusted relationship" is also revealing of the non-existence of Internet Subjects in the current architecture. In an Internet of Subjects, that is a space where self-asserted subjects exist autonomously, the need for the old fashion approach to identity and access management vanishes.

The IoS objective is to create a totally symmetrical system where individuals can act as identity, attribute and service 'providers', not just as 'trusted users'. Of course, if we want to know that a person is a EU citizen, we will look for a proper trusted party for such an attribute, but the mechanism will be the same if we want to know whether a person is a member of a cricket club, a university alumni or a friend —or if a business client list is genuine, etc.

If you want to contribute to the Ios and the writing of the New Internet of Subjects Manifesto, you can do so by joining the IoS working group.

10 ePortfolio challenges

For the 7th ePortfolio conference, and in order to give directions to our work towards our 2010 goal (ePortfolio for all), EIfEL decided to address a number of challenges to the ePortfolio community and beyond —many of the problems the ePortfolio community faces today will not be resolved if they are not addressed beyond the ePortfolio silo. The goal of these challenges is to move beyond the current state of ePortfolio development, in particular in the field of interoperability as interoperability is not just a technical issue, but a means to enable new practices and the emergence of truly lifelong and life wide ePortfolios.

The ten challenges are:

1. Universal ePortfolio Repository —a unified view of all my assets
2. Universal Competency Identifiers —share competency definitions across systems
3. ePortfolio social —share assets, knowledge and processes across communities
4. ePortfolio semantic editors —make sense of what I write, connect, etc.
5. ePortfolio Readers —read any ePortfolio through consistent and multiple views
6. Open & Trusted Service Architecture
7. ePortfolio based performance support system —make the ePortfolio part of my work
8. ePortfolio discovery mechanism —find people, competencies, resources
9. URIs as tags —make tags meaningful
10. Universal Metadata —create a world brain

Our main objective is to create the conditions for the emergence of MultiPortfolio organisations (one organisation can interact with many different ePortfolio platforms) and MultiOrganisation ePortfolios (have one ePortfolio to interact with many different institutions with their own platform).

Challenges' link

Other documents related to the challenges are:

• Internet of Subjects manifesto
• What is the problem?

EIfEL becomes a MultiplePortfolio (MeP) organisation

Until now, the issue of ePortfolio interoperability was mainly considered within the framework of documents export/import, hence the focus on data structures and the lack of appetite, except for EIfEL and very few others, to fully embrace identity and access management (IAM) as the central locus for ePortfolio interoperability.

In order to contribute actively to the design of state of the art interoperability solutions, EIfEL has decided to become a MultiplePortfolio (MeP) organisation, i.e. an organisation where each of our member will be able to choose their own ePortfolio platform while still being able to fully interact with the organisation and their peers to support their continuing professional development and recognition as professional members of the learning community. In doing so, EIfEL aims at being a life testbed, a benchmark for interoperability.

As an organisation wishing to represent all the actors of the ePortfolio community, unlike other organisations, it was not possible for EIfEL, even if we have our personal likes and dislikes, to select a particular platform to support the continuing professional development of our members. Moreover, many of our members already have their own ePortfolio system that they use within their organisation or institution and several already have to deal with multiple ePortfolio systems — e.g. a member of the Institute for Learning (IfL) who uses REFLECT, based on PebblePad, for his/her CPD might work at a college using eXact Portfolio to support teaching and Multi-Port to support the delivery of NVQs (just to name the 3 Gold sponsors of the 2009 Learning Forum London conference!).

Committed to become a fully functional MultiplePortfolio organisation, EIfEL will work with all the ePortfolio and learning technology publishers and providers to demonstrate the feasibility and benefits of an interoperability framework where individuals are free to choose the components of their own ePortfolio system while being capable of interacting with a number of different institutions across time (diachronic interoperability) and space (synchronic interoperability). A MultiplePortfolio approach is a necessity to territorial approaches, i.e. to the implementation of systems working across multiple institutions within a city, a district, a region or a state.

EIfEL’s MultiplePortfolio environment will be dedicated to supporting the continuing professional development (CPD) of our members validated through peer review of their CPD ePortfolio. Reviewing other members CPD portfolio is part of members’ own professional development to demonstrate assessment skills and gain an opportunity to explore a range of different professional practices.

EIfEL will provide its members with an environment to publish their ePortfolio(s), select the reviewers for their CPD portfolio and publish the outcomes of the review process —a choice of ePortfolio platforms will be offered to those needing one. EIfEL staff will mainly support the quality improvement of the review process, and interoperability.

As MultiplePortfolio organisation EIfEL will go through the following stages:

1. At the initial stage, each ePortfolio platform will be independent from each other, so the reviewers of peers’ ePortfolios will have to register on different systems. The focus on interoperability will be on the ability to publish ePortfolios using RSS/Atom/RDF feeds, based on multiple formats (LEAP2A, HR-XML, Europass, microformats, FOAF, etc.) and packaging ePortfolios (ZIP, IMeP, etc.) for archive and verification —quality assurance. We will also be working on the systematic exploitation of unique resource identifiers (URI) to competency definitions hosted in shared repositories of occupational standards, so definitions will be independent from ePortfolio platforms and could be used for many other purposes, e.g. to post a job, set a 360° assessment, etc.
2. The second stage will be the implementation of single sign on mechanisms (SSO), so a member already identified by EIfEL platform will be able to use the same identifier to review a colleague’s CPD ePortfolio. This will require ePortfolio providers to support IAM standard frameworks.
3. The third stage will be the implementation of circle of trusts and attribute sharing. At stage 2, the granularity of access is the whole ePortfolio, while at stage 3, elements of ePortfolios can be shared with other members of the EIfEL community —and others. This is very convenient when members work together on a project and want to share evidence from their respective ePortfolios. Sharing evidence is one of the means to increase the trustworthiness of individual ePortfolios.
4. The fourth stage of interoperability will be the provision of ePortfolio readers independent from the idiosyncrasies of the different platforms, so a reviewer will be able to browse multiple ePortfolios created on multiple systems, while having the same navigational and informational interface. This will be particularly relevant in specific processes such as the accreditation of prior learning (APL) when an assessor needs to review evidence against a number of occupational standards of competence.
5. The fifth stage of interoperability will be the ability to create a seamless space between the different components of one’s digital identity in an Internet where individuals exist as autonomous and empowered entities, lifelong and lifewide.

Of course, EIfEL will be working on these different stages in parallel, in cooperation with ePortfolio publishers, clients and users, exploiting the outcomes of existing and future projects (like TAS3). We will be looking at establishing a quality mark for the ePortfolio and ePortfolio-related solutions that have demonstrated their interoperability within EIfEL’s MultiplePortfolio environment.

The MultiplePortfolio initiative will be launched during Learning Forum London, the international ePortfolio conference, 22-24 June 2009. Demonstrations will be made during ePortfolio plugfest and participants will be invited to contribute their reflections to this ambitious and challenging project.

Tagging with URI

Cross-referencing is one of the key activities when building a portfolio used for accreditation of prior learning or to gain a competency-based qualification. How does it work: 

• On the one hand, candidates have a list of competencies and performance criteria
• On the other hand, candidates collect a number of evidence demonstrating their competencies
  

Then

•  for every piece of evidence the candidate indicates which competencies / units / elements / performance criteria it covers
  
• for each unit / element / performance criteria the candidate indicates which pieces of evidence support the claim

With a computer, there is a very simple way of doing this: using competency definitions as tags. Once all the pieces of evidences are tagged with the various competency definitions it is easy to retrieve all those linked to a particular competency and the all the competencies linked to a single piece of evidence. The simple process of tagging creates all the cross references needed to have the portfolio reviewed by an assessor who can then (in)validate the links.

There are two ways of creating this kind of tag with existing systems:

1. strings: the title of the competency/performance criteria —pros: relatively user friendly (probably not if the user has to key in long definitions); cons: ambiguity as the same string of characters can refer to different definitions; and risks of typos (that can be reduced by providing drop-down boxes)
2. URL/URI: the address of the competency definition —pro: uniqueness; cons: not user friendly

There is a third way, that would require very little effort from ePortfolio publishers: using URL/URIs as tags while making it user-friendly: users would select a definition from a competency repository, drag it in the 'tag' section of the piece of evidence. The tag would appear as a string to the user, but the URI would point to the competency definition. The level of granularity of a URI could be down to a single performance criterion.

Ta make it backward compatible and allow users to create tags without URIs, the URI field could be set to null. This could also encourage groups of people and communities to create and share their own meaningful URIs/definitions.

Of course, this method of URI tagging is not restricted to ePortfolios and could be generalised to any kind of tagging, like linking a blog entry to Learning Forum London or ePortfolio 2009 could use the same URI http://www.epforum.eu —today it is ep2009, hoping that nobody else with use it or won't use ePortfolio2009 or ePortfolio 09...

And of course, to make this work seamlessly, instead of having each ePortfolio system create its own internal representation of competency frameworks, these frameworks could be made public through a series of distributed repositories providing the desired URIs that could be shared within a community of professionals an organisation or a sector.

The solution to unique resource identifiers for competency definition has already been discussed by Simon Grant (Representing frameworks of skill and competence for interoperability and more recently in Representing defining and using ability competency and similar concepts). It is clear that we have all the technology required and the solutions are not exactly rocket science. What is missing is the political impetus and committment.

One could imagine that each URI is translated into a URL where the competency map could be represented by a hierarchy of directories:

• language / sector / domain / area / unit / element / performance criteria
  
• language / sector / domain / area / unit ? data = "knowledge", "evidence examples", etc.
  

This is one possible representation, and there are alternative equivalents.

One of the goals of EIfEL for the Learning Forum London conference is to create a consensus within the ePortfolio community, and possibly beyond, on:

• "URI tagging" as a general mechanism for tagging
• Establish a number of initial competency repositories providing URIs using existing occupational competency standards and a simple mechanism for growing internally and externally those repositories
• Draw a roadmap for future developments

“The Internet of Subjects” Manifesto

EIfEL is currently working on the publication of “The Internet of Subjects” Manifesto. The objective is to bring together all the current efforts to make the Internet more 'subject centric', taking into account the human factor.

“The Internet of Subjects” Manifesto

The central role individuals now play in the Internet, calls for a radical rethinking of its organisation, in particular, the way the ever-increasing flow of personal data is being created, stored, connected, accessed, protected, tracked, exploited and managed. There is a need to create the foundations of an Internet where the architecture creates the conditions for the free association of self-conscious individuals, beyond the pre-defined boundaries of current information systems and social networks.

The foresight of an Internet of Subjects, rests on a vision of self-conscious subjects who are in full control of the whole of their personal data, from personal healthcare, education and employment records, to bank, sales and various tracking records generated in the cyberspace.

The Internet of Subjects aims at being a people enabler, creating the conditions developing one’s social and professional identity and contribute to the growth of social capital.

The Internet of Subjects aims also at being a business enabler, creating the conditions for for-profit as well as not-for-profit organisations, public and private agencies, to provide personalised services while using personal data ethically, as defined by the individuals.

To achieve this, a second order change is required. Thanks to research, innovation, improved quality of online services and the ever-decreasing costs of online storage, bandwidth and computing power, we have reached the tipping point where this second order change is now made possible

[...]

If you want to join the conversation and contribute to the Manifesto, please contact serge.ravet@eife-l.org.

The Identity Centric Framework

The tremendous work done by organisations such as the Oasis Group, Liberty Alliance and Open ID on specifications and standards for digital identity call for a profound transformation of the Internet, moving from the "Internet of documents" to the "Internet of Subjects." In an Internet of Subjects, we don't want our actions to be limited by existing social network services provided by a third party, we want to be able to create social networks on the fly, just like in real life —and undo them without losing any data. We also want to be able to keep in one place (possibly distributed), a place we own, all the publications, contributions and various artefacts and tracks generated during our Internet activities.

Publication mechanisms like trackback demonstrate that it is possible to publish a blog entry or a comment in a personal space to make it visible in another one, so if a specific aggregation of blog entries/comments is not supported anymore (let's say that this instance of Blogger disappears), then the entries and comments will still be available in my personal space (today I use a Word copy as save). Of course, the use of trackback has been impeded by pirates trying to circumvent anti-spam software, but this general mechanism (or equivalent) could be revived and systematised in a trustworthy environment, using social computing to support reputation mechanism.

In order to give a genral framework for these reflections, I've come up with something named the "Identity Centric Framework" (ICF) with the intention to to codify a set of fundamental principles to which any identity architecture should conform to be universal and sustainable. This framework can be seen as a derivation of the Microsoft's identity metasystem and laws of identity. The principles can be summarised by the acronym “ID TOUCH.”

A universal identity centric system should be:

• Independent: it should be sovereign and independent from commercial or partisan interests; it should be based on the existence of multiple, competitive, operators and technologies.
• Dependable: it should have a provision to guarantee that personal data are free from potential loss or theft as well as identity attacks.
• Transparent: it should provide accurate reports and statistics on how one’s personal data is being used by third parties. It should also provide negotiation and discovery mechanisms for social interaction and data exchange.
• Opaque: it should provide mechanisms to fine-tune external visibility of personal data, up to the point of total opacity and anonymity —except for legal or regulatory requirements. It should include encryption and other techniques to limit the risks of undesired disclosure.
• Unifying: it should provide a seamless experience across contexts (e.g. healthcare, education, employment, leisure, mobility) and identities while keeping a clear separation between independent contexts and multiple identities.
• Communal: Identity systems must recognise and exploit the social nature of identity. Mechanisms such as reputation and trust should be native features of identity systems.
• Humanist: the underpinning values of an identity centric system is a humanist vision of technology refusing the reification of human beings and promoting an open and free society.

What have we learned from ePortfolio and Personal Health Records?

We have learned from ePortfolios and personal health records that:

1. Being digital transforms the nature of documents and associated practices.
2. By making people the managers of their personal data, the fragmentation of personal information is dramatically reduced, leading to an improved quality of communication across people, departments and institutions, as well as a better performance of the system as a whole.
3. Giving people a sense of ownership of their personal data improves their understanding, self-esteem and ability to achieve their goals, as learner or patient.
4. The separation of personal data records based on institutional boundaries (e.g. learning records and health records) are not relevant to the individual and is eventually counter-productive for the institutions.
5. The nature of learners and patients is social, so is the contents of their personal records: patients records are evidence of performance of medical staff as individual ePortfolios evidence of performance of education staff, e.g. for quality assurance purpose. And profile data can be used to create communities of interests, lobbies and communities of practice.
6. Experience shows that we cannot trust private or public organisations to host securely personal data. Despite all security measures, if one organisation is allowed to have massive amount of personal data, there always the risk that someone will loose a DVD in a train or sell the data on eBay.

The use digital technologies with portfolios or health records, has lead to a much greater transformation than the mere dematerialisation of documents. ePortfolios are not just paperless portfolios, nor are digital personal health records, paperless health records. Both are transforming the practice of their owners as well as that of the professionals working with them. When empowered with the management of their personal data, learners like patients tend to take more responsibility with their own learning or healing. Relationships with and among teachers / doctors are also transformed, as well as that with fellow learners / patients.

Moreover, personal health records can be viewed as some kind of learning records as patients need to learn new facts, procedures and reflect on their behaviour —and before being a patient, proactively maintain one’s own health and contribute to that of others. And for athletes, healthcare data are also evidence of their learning and material for reflecting.

From the point of view of the individual, there is no clear separation between a learning record and a healthcare record. They both are an aggregation of attributes, some of the attributes are common to both aggregations: for example, work patterns are of interest to doctors and dietary requirements useful to other than doctors —e.g. conference organisers…

In terms of privacy, publicity and security, both share the same constraints. There is a need to manage the level of privacy from totally private data, to data restricted to certain groups of people and professionals, up to publicly available records —e.g. qualifications / blood type. But we cannot allow that organisations, private or public, host massive amount of personal data on a server without being under a strict control of individuals and making the massive export of data impossible to achieve or exploit —e.g. by making each individual record jammed with individual real-time encryption keys provided with the informed consent of individuals (with a ‘break the glass’ policy, if the principal is unconscious, something addressed by TAS3).

Just like patients have to deal with different professionals at different points in time, learners and workers have to deal with a number of different institutions. One can be working as an IT professional in a company, be a member of an IT professional body like the British Computer Society, teach at a university and provide support to local businesses, all this contributing to his/her identity as ‘IT professional’. The way systems are set today, this IT professional will have a number of accounts, at best federated, dealing with the idiosyncrasies of various information systems to keep-up with his/her personal data. His/her identity will be fragmented.

While current implementations of federation of identities and services allow one person to unify a number of fragmented accounts, an Internet architecture “subject centred” should allow one person to have a unified account (a kind of ‘digital safe’) that would be used in a number of different transactions. For example, I would have one ePortfolio repository and each of the different institutions I am interacting with would pull/push data from/to this repository (probably distributed, for security reason) encrypted by one or more public key.

A subject centred Internet should allow us to regain control on how our personal data are being stored, accessed and managed.