While the tools and architectures developed to support digital identity as a means of managing access to data (authorisation, authentication) and ensure that the policies attached to those data are being enforced (privacy, preventing identity theft), the general architecture of the Internet has not fundamentally changed. Federated identities (single sign on) and federated services (sharing identity attributes across domains) mark undoubtedly a progress for end-users as well as service providers. On the Internet, a space where there is no real face to face, it is now possible to establish a level of trust similar to that of the real world —including the possibility of being deceived or stolen… The translation in the cyberspace of real-life documents (identity cards) and practices (authorisation and authentication) could be described as the result of an assimilation process, a first order change.
Although, to a certain extent, we have been able to replicate in the cyberspace the documents and behaviours required for managing access to personal data —and a number of initiatives, like TAS3, are working on technologies that will increase the level of trust in transactions involving personal data— we are still far away from an Internet that could be qualified as Internet of subjects. Digital identity technology is only part of the solution that will fully empower individuals as active subjects of the Internet.
If we want to fully exploit the benefits of an ‘Internet of subjects’ based on the free association of self-conscious and self-controlled connected identities, a second order change is required. While this second order change will most likely build on the technical foundations led by consortia such as the Oasis Group, Liberty Alliance, OpenID and Open Social, the full power of these foundations need to be expressed within a new conceptual framework, a conceptual framework for digital subjects.