The Identity Centric Framework

The tremendous work done by organisations such as the Oasis Group, Liberty Alliance and Open ID on specifications and standards for digital identity call for a profound transformation of the Internet, moving from the “Internet of documents” to the “Internet of Subjects.” In an Internet of Subjects, we don’t want our actions to be limited by existing social network services provided by a third party, we want to be able to create social networks on the fly, just like in real life —and undo them without losing any data. We also want to be able to keep in one place (possibly distributed), a place we own, all the publications, contributions and various artefacts and tracks generated during our Internet activities.

Publication mechanisms like trackback demonstrate that it is possible to publish a blog entry or a comment in a personal space to make it visible in another one, so if a specific aggregation of blog entries/comments is not supported anymore (let’s say that this instance of Blogger disappears), then the entries and comments will still be available in my personal space (today I use a Word copy as save). Of course, the use of trackback has been impeded by pirates trying to circumvent anti-spam software, but this general mechanism (or equivalent) could be revived and systematised in a trustworthy environment, using social computing to support reputation mechanism.

In order to give a genral framework for these reflections, I’ve come up with something named the “Identity Centric Framework” (ICF) with the intention to to codify a set of fundamental principles to which any identity architecture should conform to be universal and sustainable. This framework can be seen as a derivation of the Microsoft’s identity metasystemand laws of identity. The principles can be summarised by the acronym “ID TOUCH.”

A universal identity centric system should be:

  • Independent: it should be sovereign and independent from commercial or partisan interests; it should be based on the existence of multiple, competitive, operators and technologies.
  • Dependable: it should have a provision to guarantee that personal data are free from potential loss or theft as well as identity attacks.
  • Transparent: it should provide accurate reports and statistics on how one’s personal data is being used by third parties. It should also provide negotiation and discovery mechanisms for social interaction and data exchange.
  • Opaque: it should provide mechanisms to fine-tune external visibility of personal data, up to the point of total opacity and anonymity —except for legal or regulatory requirements. It should include encryption and other techniques to limit the risks of undesired disclosure.
  • Unifying: it should provide a seamless experience across contexts (e.g. healthcare, education, employment, leisure, mobility) and identities while keeping a clear separation between independent contexts and multiple identities.
  • Communal: Identity systems must recognise and exploit the social nature of identity. Mechanisms such as reputation and trust should be native features of identity systems.
  • Humanist: the underpinning values of an identity centric system is a humanist vision of technology refusing the reification of human beings and promoting an open and free society.

What have we learned from ePortfolio and Personal Health Records?

We have learned from ePortfolios and personal health records that:

  1. Being digital transforms the nature of documents and associated practices.
  2. By making people the managers of their personal data, the fragmentation of personal information is dramatically reduced, leading to an improved quality of communication across people, departments and institutions, as well as a better performance of the system as a whole.
  3. Giving people a sense of ownership of their personal data improves their understanding, self-esteem and ability to achieve their goals, as learner or patient.
  4. The separation of personal data records based on institutional boundaries (e.g. learning records and health records) are not relevant to the individual and is eventually counter-productive for the institutions.
  5. The nature of learners and patients is social, so is the contents of their personal records: patients records are evidence of performance of medical staff as individual ePortfolios evidence of performance of education staff, e.g. for quality assurance purpose. And profile data can be used to create communities of interests, lobbies and communities of practice.
  6. Experience shows that we cannot trust private or public organisations to host securely personal data. Despite all security measures, if one organisation is allowed to have massive amount of personal data, there always the risk that someone will loose a DVD in a train or sell the data on eBay.

The use digital technologies with portfolios or health records, has lead to a much greater transformation than the mere dematerialisation of documents. ePortfolios are not just paperless portfolios, nor are digital personal health records, paperless health records. Both are transforming the practice of their owners as well as that of the professionals working with them. When empowered with the management of their personal data, learners like patients tend to take more responsibility with their own learning or healing. Relationships with and among teachers / doctors are also transformed, as well as that with fellow learners / patients.

Moreover, personal health records can be viewed as some kind of learning records as patients need to learn new facts, procedures and reflect on their behaviour —and before being a patient, proactively maintain one’s own health and contribute to that of others. And for athletes, healthcare data are also evidence of their learning and material for reflecting.

From the point of view of the individual, there is no clear separation between a learning record and a healthcare record. They both are an aggregation of attributes, some of the attributes are common to both aggregations: for example, work patterns are of interest to doctors and dietary requirements useful to other than doctors —e.g. conference organisers…

In terms of privacy, publicity and security, both share the same constraints. There is a need to manage the level of privacy from totally private data, to data restricted to certain groups of people and professionals, up to publicly available records —e.g. qualifications / blood type. But we cannot allow that organisations, private or public, host massive amount of personal data on a server without being under a strict control of individuals and making the massive export of data impossible to achieve or exploit —e.g. by making each individual record jammed with individual real-time encryption keys provided with the informed consent of individuals (with a ‘break the glass’ policy, if the principal is unconscious, something addressed by TAS3).

Just like patients have to deal with different professionals at different points in time, learners and workers have to deal with a number of different institutions. One can be working as an IT professional in a company, be a member of an IT professional body like the British Computer Society, teach at a university and provide support to local businesses, all this contributing to his/her identity as ‘IT professional’. The way systems are set today, this IT professional will have a number of accounts, at best federated, dealing with the idiosyncrasies of various information systems to keep-up with his/her personal data. His/her identity will be fragmented.

While current implementations of federation of identities and services allow one person to unify a number of fragmented accounts, an Internet architecture “subject centred” should allow one person to have a unified account (a kind of ‘digital safe’) that would be used in a number of different transactions. For example, I would have one ePortfolio repository and each of the different institutions I am interacting with would pull/push data from/to this repository (probably distributed, for security reason) encrypted by one or more public key.

A subject centred Internet should allow us to regain control on how our personal data are being stored, accessed and managed.

From digital identity to socially connected free subjects

While the tools and architectures developed to support digital identity as a means of managing access to data (authorisation, authentication) and ensure that the policies attached to those data are being enforced (privacy, preventing identity theft), the general architecture of the Internet has not fundamentally changed. Federated identities (single sign on) and federated services (sharing identity attributes across domains) mark undoubtedly a progress for end-users as well as service providers. On the Internet, a space where there is no real face to face, it is now possible to establish a level of trust similar to that of the real world —including the possibility of being deceived or stolen… The translation in the cyberspace of real-life documents (identity cards) and practices (authorisation and authentication) could be described as the result of an assimilation process, a first order change.

Although, to a certain extent, we have been able to replicate in the cyberspace the documents and behaviours required for managing access to personal data —and a number of initiatives, like TAS3, are working on technologies that will increase the level of trust in transactions involving personal data— we are still far away from an Internet that could be qualified as Internet of subjects. Digital identity technology is only part of the solution that will fully empower individuals as active subjects of the Internet.

If we want to fully exploit the benefits of an ‘Internet of subjects’ based on the free association of self-conscious and self-controlled connected identities, a second order change is required. While this second order change will most likely build on the technical foundations led by consortia such as the Oasis Group, Liberty Alliance, OpenID and Open Social, the full power of these foundations need to be expressed within a new conceptual framework, a conceptual framework for digital subjects.

The emergence of socially connected digital identities

While we might be decades away from the ‘Internet of objects’ promised by IPV6, the ‘Internet of People’ is already there and strong, demonstrating the power of technology to transform the way we think, learn, work, collaborate, do business, entertain and plan our future. People are now acting subjects of the Internet, transforming the Internet for people and organisations to the Internet of people. We are moving away from an Internet where individuals were treated as mere objects to an Internet where they are acting social subjects. The reification process of the human being by technology was not our fate.

The central role individuals now play in the Internet, calls for a radical rethinking of its organisation, in particular, the way the ever-increasing flow of personal data is being created, stored, connected, accessed, protected, exploited and managed.

The growing use of the Internet leading to the accumulation of personal digital records, their sheer number, scope and diversity leads to the emergence of what is now commonly referred to as ‘digital identity’ or ‘eSelf.’ Generated as the result of individual’s behaviour, the digital identity is becoming a key component for self-awareness and social interaction for the reflective learner, professional and citizen who are contributing to inventing the 21st century civilisation.

The socially connected digital identity will be the pivot of tomorrows Internet architecture. The Internet of free subjects, where we are in full control or our identity, is the promise of a technological revolution of great magnitude.

About ePortfolio definitions

It is true that there are many different ePortfolio definitions and that their range can be disturbing, not only to the newcomer. It is also true that many ePortfolio practitioners feel the urge to create their own version, and I’m not an exception to that. In fact I like to use different definitions, depending on the context and my goal. For example, I like the definition of the ePortfolio as a personal and community knowledge management tool… as well as digital identity construction tool…

So, why so many definitions? What does this diversity say about the ePortfolio and the practitioners who are using/describing it? Is it a problem and should we all agree on one and only definition?

Why so many definitions?

While the ePortfolio is an emerging technology, many of the practices and concepts used to describe it were born in the era of the paper-based portfolio. It is natural that new practices and concepts emerge from a new technology, and that conversely technology is being transformed by emerging practices! One of the most radical changes is probably the use of social computing, making the ePortfolio, not only a ‘paperless portfolio’ but a social object. Another change is the emergence of user generated contents and contexts, the learner being the producer of learning resources and environment used by other learners. With such practices, the ePortfolio is not the mere repository of good students work and reflection, but the repository of knowledge used by others. The ePortfolio is not just a demonstration of one’s learning but the resource used by others to learn, the use by others being the evidence of learning. The ‘learning to learn’ mantra should probably be replaced by ‘learning to share’ or ‘learning to teach’.
What do a paperless portfolio and socially connected portfolio have in common, beyond being both digital and containing some reflections? Probably very little. So, why should definitions be identical?

Should we all agree on one and only definition?

Epistemology tells us that when concepts become fuzzy or contradictory, when the reality can’t be properly described by a concept anymore, then this concept should be abandoned and replaced by a better one. Trying to twist the definition of a portfolio to that of an ePortfolio has probably become counter-productive at this stage.
Using the same name to refer to many different realities is certainly not helpful, and it would be nice to agree on one definition. And this definition should be precise enough to avoid the kind of comments I’ve heard so many times: “so, everything is an ePortfolio.” And the solution might be to say that an ePortfolio is a “portfolio constructed with the help of digital technology”, keeping the current definition of a portfolio. This would suppress the contradictory definitions that were mentioned before. But then, to what concept should we attach those definitions?

I suggest that the range of contradictory/complementary definitions, from paperless portfolios to personal knowledge management tools, should be sublated into another concept. For the lack of better term, I suggest “digital identity” or “eSelf”, i.e. the use of technology as the support of one’s identity construction.

Learning is not about creating portfolios, it is about constructing one’s social identity. The ePortfolio should be a mean, not an end. And just like paper-based portfolios could be an obstacle to the recognition of learning (building a portfolio involve a set of skills that are different from those of “Speaking French”, so obliging a person to construct a portfolio to have their linguistic competencies recognised could be counter-productive), ePortfolios can become an obstacle to learning — ePortfolio of learning are still more common that portfolio for learning…

Why should the ePortfolio be subsumed by eSelf?

The ePortfolio has not escaped from a representation of reality where people are compartmentalised in silos. The fact that to properly describe an ePortfolio, you need to add a modifier such as ‘marketing’, ‘learning’, ‘assessment’ or ‘employment’ means that the concept of ePortfolio on its own is simply a compilation of files with a dash of reflection adapted to a number of pre-defined purposes.

If the objective of the ePortfolio is the demonstration of reflective learning and practice, then does one absolutely need an ePortfolio to perform or even demonstrate reflective learning and practice? Is our objective to perform or demonstrate? Do we need to demonstrate in order to perform effectively, and is the ePortfolio the best way to perform reflective learning and practice? Are their other ways? Shouldn’t we look at naturally occurring opportunities for demonstrating evidence of reflective learning and practice, without the need to spend time in the compilation of a document, that might be useful from the point of view of an institution that delivers a qualification or hire for a job, but not for everyday’s practice? Can discrete compilation of documents be sufficient, or do we need something continuous, more organically linked to our everyday’s life?

The eSelf is a means to break the barriers across silos and information systems, the compartments and roles in which institutions tend to lock us in. I want to exist on the web without the filter of some pre-defined template or procedure, where I communicate with others through my left and right brains — most of ePortfolio are left-brain based, even in the field of media studies…

Should we continue to use the concept of ePortfolio?

It is certain that if we tell those who are starting to support the idea that everyone should have an ePortfolio, that what they should really be supporting is that everyone should have a digital identity, then we might lose some of them. This is not to say that the ePortfolio is a necessary step towards the eSelf but that we need to be advanced, yet acceptable if we want to have our message being heard. This is why I don’t mind about the variety of ePortfolio definitions, so I can continue to use the word while meaning my “digital identity.”