The Identity Centric Framework

The tremendous work done by organisations such as the Oasis Group, Liberty Alliance and Open ID on specifications and standards for digital identity call for a profound transformation of the Internet, moving from the “Internet of documents” to the “Internet of Subjects.” In an Internet of Subjects, we don’t want our actions to be limited by existing social network services provided by a third party, we want to be able to create social networks on the fly, just like in real life —and undo them without losing any data. We also want to be able to keep in one place (possibly distributed), a place we own, all the publications, contributions and various artefacts and tracks generated during our Internet activities.

Publication mechanisms like trackback demonstrate that it is possible to publish a blog entry or a comment in a personal space to make it visible in another one, so if a specific aggregation of blog entries/comments is not supported anymore (let’s say that this instance of Blogger disappears), then the entries and comments will still be available in my personal space (today I use a Word copy as save). Of course, the use of trackback has been impeded by pirates trying to circumvent anti-spam software, but this general mechanism (or equivalent) could be revived and systematised in a trustworthy environment, using social computing to support reputation mechanism.

In order to give a genral framework for these reflections, I’ve come up with something named the “Identity Centric Framework” (ICF) with the intention to to codify a set of fundamental principles to which any identity architecture should conform to be universal and sustainable. This framework can be seen as a derivation of the Microsoft’s identity metasystemand laws of identity. The principles can be summarised by the acronym “ID TOUCH.”

A universal identity centric system should be:

  • Independent: it should be sovereign and independent from commercial or partisan interests; it should be based on the existence of multiple, competitive, operators and technologies.
  • Dependable: it should have a provision to guarantee that personal data are free from potential loss or theft as well as identity attacks.
  • Transparent: it should provide accurate reports and statistics on how one’s personal data is being used by third parties. It should also provide negotiation and discovery mechanisms for social interaction and data exchange.
  • Opaque: it should provide mechanisms to fine-tune external visibility of personal data, up to the point of total opacity and anonymity —except for legal or regulatory requirements. It should include encryption and other techniques to limit the risks of undesired disclosure.
  • Unifying: it should provide a seamless experience across contexts (e.g. healthcare, education, employment, leisure, mobility) and identities while keeping a clear separation between independent contexts and multiple identities.
  • Communal: Identity systems must recognise and exploit the social nature of identity. Mechanisms such as reputation and trust should be native features of identity systems.
  • Humanist: the underpinning values of an identity centric system is a humanist vision of technology refusing the reification of human beings and promoting an open and free society.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.